A Subscriber Identity Module, more commonly known as a SIM card, is an integrated circuit that stores information used to authenticate subscribers on mobile devices, such as smart phones. The SIM card is able to be transferred between different devices, and often is, when people update into a newer smartphone. Recently scammers have developed ways to trick people into giving them personal information that enables the scammer to contact the victim’s wireless carrier and pretending to be the victim, get the wireless carrier to switch the SIM card to a new smartphone controlled by the scammer. One of the more common uses by scammers is to use their phone to make international calls that will be charged to the account of the victim. However, as more and more financial transactions, such as online banking, are now done over smartphones, identity thieves with access to their victims’ SIM cards are also increasingly becoming able to intercept security codes sent by text messages for online banking thereby providing the identity thief with the opportunity to empty their victims’ bank accounts and cause other financial havoc. Although this kind of a scam is still in its infancy, it has already accounted for 3.6 billion dollars in losses this year which is almost three times what the losses were for this type of scam just two years ago.
There are things that you can do and there are things that the wireless carrier industry can do to reduce this type of scam. The key to the identity thief being able to transfer your SIM card is having personal information such that when they call your carrier, they can impersonate you. Identity thieves are quite adept at contacting people by email or telephone and getting people to supply such personal information as their Social Security number by posing as a legitimate company or agency. The easiest way to avoid this type of fraud, called phishing is by never providing personal information in response to an email, phone call or text. You can never be sure who is really contacting you when you are contacted by phone, email or text message. The smartest thing to do is to not respond directly to such communications, but rather, if you think the communication might be legitimate, contact such company or agency directly by phone or email at a phone number or address that you know is accurate in order to confirm whether or not the original contact was legitimate. As for the wireless carrier industry here in America, they should follow the lead of South Africa, where they will not switch a SIM card to another device until they have confirmed by text message that the request to switch is legitimate.