Mobile Identity Nightmare - Attack

What happens when fraudsters steal your mobile identity by committing Porting or SIM swap fraud?  The following is a true real-life example of SIM swap fraud.  This attack happened to “Bob”, a key employee of a security and risk prevention company.   

The Fraudster Attacks

  • The fraudster initiated a swap of Bob’s mobile phone number to a different phone/SIM.
  • Bob had a pin code on his account to presumably prevent any activity with his mobile number but the wireless carrier allowed a one-time exception. 
  • The swap was completed on a Friday night just before retail customer service centers closed allowing the fraudster more time to exploit Bob’s identity before he became aware. 
  • Once in control of the mobile phone number, the fraudster reset Bob’s Gmail password to gain full access utilizing two-factor authentication involving a text message sent to the mobile phone.
  • The fraudster reset not only the Gmail password but the mobile phone number associated with the account to a different phone number, locking anyone else out of the account. 
  • With access to Bob’s Gmail the fraudster quickly data-mined the email for banking information (e.g., US Bank, Wells Fargo, Paypal, Coinbase, etc.)
  • Using Bob’s email as the username to target banking and bitcoin accounts, the fraudster systematically attacked for password resets via two-factor authentication.

The Fraud is Discovered

Bob realizes he has been attacked when he can’t use his phone to make a call.  Then he realizes he can’t access his email.

How does he recover? 

Read our next blog “Mobile Identity Nightmare - Response”

Is your Mobile Identity Safe?

Phone numbers are used for more than reaching someone via voice or text, they are increasingly used to validate a subscriber's identity for account access.  Fraudsters have recognized this and are exploiting the increasing use of mobile phone numbers for identity.  

Criminals are utilizing number portability and SIM swap fraud to take control of a consumer’s phone to gain access to their personal and financial information. 

Today, these fraudsters use a variety of approaches including asking “their” wireless provider to replace a “lost” phone.  It is also relatively easy with some knowledge of the subscriber's personal information to port the phone number to a new account and be issued a phone with a new SIM.

These fraudsters, once in possession of the new phone, work quickly to invade websites and bank accounts, in most cases utilizing two-factor authentication, to steal credentials and capture one-time links, authentication codes, and passwords sent via text.  Once identity is verified, the criminals go after personal and financial information.  While mobile phones are primarily the target, wireline phones are not immune from attack. 

SIM Swap and Porting fraud are on the rise with damages to individuals, banks, and corporations worldwide.  

What does an attack look like? 

Read our next blog “Mobile Identity Nightmare - Attack”

Telecom Industry Changes

The telecom industry has been slow to change, and now several forces have come together to reshape the industry in a profound manner. As communications service providers navigate these shifts and use the changes to create a competitive advantage, competition between providers becomes increasingly turbulent.  

The industry has generated a need for customer-focused services and greater productivity. Shifts in industry structure are now based on offering new value and ensuring that communication and content services become digital. Let’s take a look into a few trends that are reshaping and changing the Telecom landscape. 

  • 5G Network: 5G is already being used in transportation, education, and healthcare environments. As our wireless networks become more critical due to higher dependency by people, many telecom companies turn to and are investing in 5G as a way to provide the public with the most effective network. 
  • Cloud Computing: Cloud computing is helping telecom companies thrive and provide better services in this shifting landscape by ensuring high scalability, helping to guarantee resilience, and offering quick disaster recovery. Investing in infrastructure to provide more cloud-based applications and sustaining them is something every Telecom company should be investing in to ensure relevancy. 
  • Big Data: Big Data helps Telecom companies increase profits and it’s potential is significant in terms of helping to win clients. Only 20% of telecom companies have been deploying big data. Those early adaptors are reaping the benefits of turning data into profitable insights. Big Data projects can be launched in sales and marketing, customer care, competitive intelligence, and network and supply chain optimisation. If you need a competitive advantage - look no further than launching a Big Data project. 
  • Internet of things: IoT helps providers of services to provide more excellent means of communication between devices and individuals. IoT is pushing change and helping to create smooth business processes, increased revenue, and defining greater efficiencies. As we continue to understand the need for fast and stable connectivity as Internet-connected devices become more prevalent  and gain more insights into how IoT makes it possible for telecom suppliers to track the different communications bases remotely - we must continue to explore new ways of using the Internet of Things and stay ahead of the game. 

Launching new solutions, adapting existing business models, and network infrastructure upgrades are inevitable for telecommunication companies interested in staying viable and growth-driven in the post-pandemic environment.

The landscape is changing and it is changing fast. Make sure your company is growing with it. 

nVentory Identity Verification

The explosive growth in digital engagement has also led to an undesirable outcome: a sharp increase in cyber fraud. Identity fraud—derived on the back of credentials stolen through a massive number of phishing attacks—has gone up significantly compared to previous years. SIM swaps and account takeovers are now more common than ever before.

  • 20% increase in account takeover incidents in financial service in 2020 from previous year
  • $56 Billion in financial losses due to identity fraud in the US in 2020
  • $436 Million in fraud losses reported in the US where the contact method used by scammers was a phone call
  • 4X rise in number of SIM swap fraud cases in the UK during the last five years 

To support our customer's efforts to protect their customers, 10x People is adding support for identity verification for account takeover protection including support for GSMA Mobile Connect. GSMA Mobile connect allows Digital Service Providers (DSP) to match the phone number entered by the user with the device accessing the DSP portal.  Mobile Connect has been launched by more than 70 operators around the world.

In addition, 10x People is extending the GSMA Mobile Connect API so that additional information can be supplied to further validate the customer for fraud risk or trust scoring that is leveraged by financial organizations.  

10x People hates cyber fraud just as much as you do.  We can help you protect your customers.  

Contact us at info@10xpeople.com to learn more. 

Sources:  Kaspersky, US FTC, Javelin Strategy & Research, Action Fraud