For Thanksgiving, Patricia was expecting to spend a nice, relaxing long weekend with her children. Unfortunately, her weekend started with a WhatsApp call from her daughter who asked why Patricia drained her bank account. She tried to call her bank from her cell phone, but it wouldn’t connect. She restarted her phone and she was able to dial out again.
Her daughter’s phone call saved her money. Fraudsters had just sent an e-transfer with all of Patricia’s money, so her bank was able to reverse the transfer before the fraudster could accept it. Her bank suggested that she was a victim of a SIM swap; but Patricia had no idea how someone could have switched her SIM and accessed her bank account.
She contacted her service provider and they said they had an online messaging chat with someone who claimed to be Patricia. The person had originally tried using her middle name – not publicly listed - as a personal identifier. She contacted an office president with the service provider who said that the fraudster provided Patricia’s full name, address, date of birth, and her unique phone ID in order to request a new SIM card.
Detective Linda Herczeg with EPS’ Economic Crimes Section believes Patricia became a victim through the use of malware or potentially a key logger and information provided through social media in order for the fraudster to have so many personal details. “Typically, SIM swapping scams occur through a form of social engineering – the victim unknowingly provides account details to a fraudster or the victim makes the mobile device vulnerable to malware,” Detective Herczeg explained, “This can be through a phone call, text message, or email; in some cases, the message received can be spoofed so it looks like it’s from one of your personal contacts or a trusted organization.”
Patricia is lucky that her finances were recovered. However, for two weeks she had to live without access to money, and endure the long and stressful ordeal of changing her contact and personal information and electronic logins – all without knowing how or why. She always assumed she took enough precautions by not using her full name on social media, locking down her phone, and using card protectors, “I thought I was taking the measures with the basics, but it wasn’t enough. You hear these things happening, but you don’t think, ‘it can happen to me’.”
Tips on how to help prevent phone takeovers:
-
Mobile phone carriers are aware of this crime and are taking steps to ensure that their customers are taken care of. Most mobile phone carriers now request customers to create a PIN. Whenever a customer contacts the service provider, the PIN is requested. If you think you do not have a PIN, call your cell phone provider and make sure you didn’t opt to disable it when you signed up.
-
Do not publish your phone number on your public profile on social media.
-
Review your credit card bills, bank statements and phone bills. If something doesn’t add up, report it immediately.
-
Do not use the same usernames and passwords across several websites. Make your passwords long, complicated, and difficult to guess.
-
Clear your web browser history on a regular basis.
-
Google yourself to see how much information is out to the general public.
-
To prevent the fraudster from gaining access to your financial apps, consider refraining from using the ‘remember card/username’ option on your apps. Avoid uploading your debit and credit cards to the 'pay with Touch ID’ apps on your phone.
-
If you receive a text message or an email from a service provider, utility company, financial institution or anyone asking you for personal or account information delete the text message and the email. Do not click on the attachments or hyperlinks.
-
If you receive a call from a service provider, utility company, financial institution or anyone asking you for personal or account information:
- Tell them you will call back at a later time, hang up and look for the contact number yourself.
- If they pressure you to answer and make threats of any kind, hang up on them.
Remember: Service providers, utility companies, and financial institutions will never ask for personal or account information in an email, a text message, or over the phone. They utilize their secure online messaging systems so you can log in and safely make the changes to your account information yourself.
You can find more technology safety tips on our website.
The EPS reminds citizens that fraud prevention is continuous – we need to recognize it through continual education, report it, and stop it. We ask that you share this information with anyone who could use a security check up.
If you are a victim of any fraud, please contact the EPS at 780-423-4567 or #377 from a mobile device.
from Media Releases https://ift.tt/2FBjTJL
No comments:
Post a Comment