SIM swap scams have emerged as a growing threat to financial security, with criminals exploiting vulnerabilities in mobile carrier systems to gain unauthorized control of victims’ phone numbers and access their accounts. The scheme has resulted in significant financial losses, with reported damages increasing from $12 million during 2018-2020 to $68 million in 2021 alone, reflecting a broader trend in identity-based fraud that has prompted recent FCC regulatory action to strengthen telecom security measures.
“People have this vision in their head that it’s much more sophisticated than it actually is. Well, in reality, all it is is convincing someone in a call center,” explains Brandon Amacher from the UVU Center for National Security Studies.
In a typical SIM swap attack, scammers persuade mobile carriers to transfer a victim’s phone number to a new device under their control. The transfer enables them to intercept calls and text messages, including two-factor authentication codes used to access financial accounts. Recent victims include Justin Chan from California, who lost $38,000 after scammers accessed his Bank of America account, and an Alabama business owner who lost $172,000. The incidents mirror similar attacks in other regions, including India, where SIM card-based fraud has resulted in substantial losses.
“The question is, do the carriers actually follow those procedures? Do they adequately discipline their staff when those procedures aren’t followed? And we know from many lawsuits that oftentimes they are not,” says Chris Frascella from the Electronic Privacy Information Center.
A related emerging threat is the call merging scam, where fraudsters exploit phone call merge features to steal one-time passwords. The National Payments Corporation of India has issued warnings about this technique, which involves scammers creating three-way calls to intercept authentication codes. The development comes as India prepares to launch an enhanced Central KYC Registry to strengthen financial sector identity verification.
Key warning signs of SIM swap attacks include sudden loss of cell service, unexpected password change notifications, inability to access accounts, and unauthorized financial transactions. Security experts recommend several protective measures, including using authentication apps instead of SMS-based codes, changing default SIM PIN codes, and carefully verifying the identity of callers claiming to represent financial institutions. These recommendations match emerging industry standards, as financial institutions increasingly implement biometric authentication and enhanced mobile verification for call center security.
Sources: KUTV, New Indian Express, Webvatorshops, Times of India
Follow Us