We leave for the holidays. The double-locked door is closed to prevent thieves from entering the house.
Yet, very often, the key criminals use to get to our money is right in our pockets. It is the smartphone , an indispensable tool even when we are on vacation.
It can happen while we try to upload the last selfie taken on the beach or to call relatives left in the city.
The mobile phone suddenly disconnects from the internet and does not allow us to make calls.
We immediately imagine that the problem is due to the telephone operator, but the situation could be much more serious.
They are called “Sim Swap Fraud” and if the name may seem difficult, the situation is much clearer if we think of an entrepreneur who, in Alassio, on the Ligurian Sea, last October, had 20 thousand euros subtracted from his current account evening in the morning, precisely because of this type of scam.
«The“ sim swap fraud ” phenomenon began in the United States and as early as 2015 there has been news of the first cases in Italy – explains Alessandro Rossetti, of Soft Strategy’s Digital Trust Business Unit -. A type of crime that is occurring more and more often also in our country. I remember in particular a computer fraud against an online bank whose customers, residing in various parts of Italy, had been stolen 300 thousand euros “.
But how does this scam work?
Once the victim has been identified, the hacker proceeds to acquire his data and login credentials to the home banking service by cloning the phone card. In a short time the user finds the blackout of his line following the cancellation of the functionality. On the other hand, the hacker, once the victim’s sim card has been replaced, is able to access the account and use it for all permitted functions. And this is also because “the telephone number is almost always used as a second factor in the two-step authentication process – adds Francesco Faenzi, director of the Business Unit of the Soft Strategy Digital Trust – especially now that banks are abandoning the old system of device keys “.
«The illicit collection of personal data and passwords can be done in many ways – continues Rossetti – starting with the so-called“ web scraping ”of social networks. A huge amount of public personal data is collected through the dissemination of malicious software in the stores of the various phone manufacturers or through free WiFi networks prepared ad hoc ». Rossetti recommends to always pay particular attention to what we decide to spread online and to install on our smartphones, carefully examining the conditions of use, the data to which you consent to access and the relative licenses of use. If telephone operators also try to protect themselves against these scams, sometimes these efforts are not enough. «The telephone operator must certainly have a rigorous protocol on the delivery of copies of the cards already issued to its customers – warns Rossetti -. The request for an identity document, however, is not enough. Especially if you can have a telephone dealer who is an accomplice of the scammers ». As has happened regularly in the case of the businessman from Alassio.
To concretely intervene on the risk Francesco Faenzi believes that the confirmation of identity should go through more incisive systems such as the use of biometric data or physical tokens. It also recommends that you take particular care of the security of your passwords by keeping them through the use of special password managers or two-factor security devices such as hardware security keys. And in case the phone fails to connect for more than a few minutes … contact your bank immediately.