11 Types of Telecommunications Fraud: How to Detect & Prevent It

by Bence Jendruszak
Do you think 2FA can protect you? SIM swap fraudsters think otherwise. Learn all about SIM swap fraud and how to prevent it in this article.
SIM swap fraud happens when a fraudster takes control of someone’s phone number. The fraudster contacts a telecom operator and convinces them to transfer a victim’s phone number to a new SIM. The fraudster then controls the new SIM and can receive SMS and phone calls.
This is particularly damaging when fraudsters receive 2FA and OTP messages. They can essentially log into the victim’s accounts and mine them for information or money. In 2020, 10 fraudsters were arrested by Interpol after stealing more than $100M in crypto following SIM swapping attacks.
SIM swap fraud is also known as SIM splitting or SIM jacking. It is a form of social engineering and telecommunications fraud as a telecom agent must be deceived and convinced to transfer the phone number to a new SIM.
SIM Swapping tends to happen in one of two ways:
In both scenarios, the next steps are very similar:
A SIM swap is only the first step for fraudsters. Once they are in control of your phone number, however, there is no limit to the number of damage they can do. This can take the form of:
Preventing SIM swapping is a three-pronged strategy. It takes collaboration between businesses, telecom operators, and users. Let’s break it down below in three different points.
The first step in preventing SIM swapping fraud is for telecom operators (telcos) to deploy more stringent verification procedures.
Luckily, regulations have been put in place in several countries to ensure user accounts benefit from increased protection.
In the US, for instance, the FCC amended its Customer Proprietary Network Information (CPNI) and Local Number Portability rules. The new rules state that mobile carriers must notify actual customers before reassigning the number to a new SIM card or a porting.
As a bonus, the rules are also designed to block robocalls by forcing mobile carriers to maintain a Robocall Mitigation Database. If a phone number is tagged as spam, it should be displayed as such on people’s caller IDs when the phone is ringing.
The rules are strict, as the FCC has indicated that any mobile carrier not following them would be banned and essentially stopped from operating.
If you can’t trust 2FA to guarantee that the right person is logging into their account, you need to authenticate using alternative methods.
One of these methods is to look at digital footprints…
In simple terms, it’s about checking that the data for the user logging in is consistent with data you’ve collected in the past. Most companies already look at IP addresses, but you could also look at the device’s configuration of software and hardware.
We’ll go into more detail on this later – though you can skip to the tools section to find out more if you prefer.
Last but not least, phone number holders should keep a close watch on their personal accounts. Common sense goes a long way, but more and more companies are taking matters into their own hands to educate users about the importance of their account details.
2FA or MFA verification is a good starting point, but more and more businesses now incentivize users to rely on biometrics authentication and email verification to log into their accounts – or at least to be notified when a suspicious login happens.
While telecom operators should have their own SIM swapping detection methods in place, most businesses can also leverage anti-fraud tools.
These tools are designed to authenticate users, which may come in handy if they have just been victims of SIM-jacking attacks.
Tools with a proven track record of helping authentication include:
Want to try it yourself? Give our phone lookup tool a go:
SIM swap fraud has targeted some of the most famous people on Earth. Jack Dorsey, Jeff Bezos, and Kim Kardashian have all been victims of SIM jacking.
And while targeting your phone may not be as glamorous, fraudsters still do their best to take over accounts in any way they can.
The good news is that regulations are forcing telco operators to be more stringent when it comes to verifying users. And thanks to tools like SEON, you can also perform your due diligence whenever a user logs in with new data.
A fraudster who SIM swaps your SIM card will take control of your phone number (but not your device), so they can receive SMS on your behalf. It is particularly dangerous as they can receive 2FA and OTP codes to log into your social media, banking, or even ecommerce accounts.
SIM swap fraud happens when a bad agent convinces a telco operator to switch a phone number to a new SIM. The victim isn’t aware of it, and the fraudster takes control of the new number.
Yes. If you perform a SIM swap, you may be prosecuted and imprisoned.
Sources
Showing all with `` tag
Click here
Bence Jendruszák is the Chief Operating Officer and co-founder of SEON. Thanks to his leadership, the company received the biggest Series A in Hungarian history in 2021. Bence is passionate about cybersecurity and its overlap with business success. You can find him leading webinars with industry leaders on topics such as iGaming fraud, identity proofing or machine learning (when he’s not brewing questionable coffee for his colleagues).
The top stories of the month delivered straight to your inbox