Fraudsters are stealing large sums of money from victim’s bank accounts by taking control of their mobile phones and intercepting calls/texts messages sent by banks.
Fraudsters are once again gathering as much information as possible on victims and using a method we have warned the public about in the past called SIM splitting, to gain access to people’s bank accounts.
A recent This is Money investigation found that one victim from London lost £22,300 when fraudsters raided their Santander accounts using this method. Another two victims had £19,500 drained from their Santander accounts after criminals intercepted the bank's text messages.
How this fraud works?
Step 1: Fraudsters initially harvest as much as they can about an individual. This includes; intercepting their post, searching public information on social media/search engines, tricking them into installing malware, or buying information from Organised Crime Groups.
Step 2: Armed with this information, the fraudsters will call the victim’s mobile phone provider and tell them that the handset has been lost, stolen or damaged. Provided they can answer basic security questions, the old SIM is cancelled and a new one is activated. The fraudster may also ask for all calls/texts to be diverted to a new phone.
Step 3: The first the victim will know of a problem is when their mobile stops working. This can seem innocent at first and some people may just think it is a signal problem.
Step 4: Fraudsters then hack into victim’s online banking and open a parallel business account. Since the new business account is already in an existing customer’s name, there are fewer security checks.
Step 5: The fraudsters then start to transfer money to accounts in their control. The banks will either call or text to confirm that payments being sent are genuine. The fraudsters will pretend to be the victim and insist that payments are pushed through.
How to protect yourself against this type of fraud
- Always make sure you have suitable anti-virus software installed and keep it up to date.
- Always consider what you are downloading – do not open files or click on links from unknown sources.
- If you discover a virus on your computer, disconnect from the internet immediately and ask a specialist for advice.
- When creating a password, try not to use the same password for more than one account. This will prevent further accounts being taken over if one has been compromised.
- Create a strong password by choosing three random words. Numbers and symbols can still be used if needed.
- Try not to post information on social media such as your birth date, your first pet, or school as these are normally included in security questions to reset your password.
Report fraud and cyber crime to Action Fraud and receive a police crime reference number.