By Fergal Parkinson
We’ve all seen them in multiple variations for years. My uncle has a diamond mine – the original and the greatest. We tried to deliver your parcel (even though you weren’t expecting one) Contact us to arrange the unlocking of your tax rebate. Yeah, right.
The fraudsters simply never let up. But they also never stand still – and not all attempts are as easy to spot as these. And that means that it’s essential for the security of their customers that businesses don’t stand still either: they have a responsibility to be aware of trends in the fraud industry.
It may perhaps seem odd to refer to fraud as an industry but as it’s happening on an industrial scale what other term could you reasonably use? The National Crime Agency estimates that the cost to the UK economy annually is some £190 billion Fraud – National Crime Agency To give that some perspective: the entire UK fishing industry is worth just £430 million, or almost 500 times less.
Phishing is plainly a lot more lucrative than fishing.
And more than most other enterprises. Which is why it’s happening on such a massive scale. So it’s difficult to overstate just how important it is to be alert to trends – and to be ready to respond to them swiftly.
Right now, one of the biggest new fronts in the war between bona fide business and fraud is on the issue of knowing who’s in charge of a mobile phone.
Because with mobiles at the heart of much human interchange and an ever-increasing proportion of trade and commerce, if the fraudsters can control a mobile number, they can control a lot of other stuff too, including accounts and bank cards linked to that number.
When Experian evaluated the new trends in fraud for 2022 7 global fraud predictions for 2022 – Global Insights (experian.com) one of their biggest concerns was digital authenticity during smartphone use. As their report put it: “Password-free experiences led by the ubiquitous smartphone and the ability to make real-time payments has resulted in a demand for a seamless, uninterrupted customer journey. But central to all of this is identity authentication.”
We at TMT Analysis have found that the two most prevalent ways the fraudsters use to hack phone numbers are what we call SIM Swap and Call Forwarding.
Your SIM card is the cornerstone of your mobile phone account identity so if the fraudsters can persuade your mobile provider – typically with a story about a lost handset and an urgent situation – to move your number to a new SIM card and then obtain that card and insert it into an alternative device that they control then they can control your accounts. Once they’ve pulled this off they will be able to intercept your calls and messages and even impersonate you for other services like online banking. To all intents and purposes they have then taken over your digital identity.
In Call Forwarding the criminals trick a network into forwarding calls and messages from a victim’s phone to their own number, again typically starting with the story that they’ve lost or damaged a handset and are now temporarily on another device. They’ll forward some messages to the genuine account holder of the phone to keep them from raising any alarm – while using their new access to the device to confirm their ID for a new account or to authorise a withdrawal request they have fraudulently activated.
If they target an individual they can often find enough information from their publicly available profiles – on social media and so on – to give them the means to approach the phone companies sounding plausible and then successfully pull off either scam. Their victim can be sitting there with their mobile phone in their hand as normal, scrolling carefree, unaware that they are about to lose tens of thousands of pounds because their number has been switched to a surrogate device.
I talked earlier about the responsibility that all companies have to their customers to be informed about such potential dark acts and to be alert to them.
So how do they exercise this responsibility? Well just as the weakness in a customer’s online security can stem from their intimate relationship with their mobile phone, that phone can also provide the solution to protecting them.
And, similarly, it’s the insight that we get from the phone companies whose security the fraudsters have managed to evade that can catch them: by using data obtained from the mobile phone companies we at TMT are able to detect unusual activity linked to a phone number in a moment.
If fraudsters have managed a SIM Swap or Call Forwarding scam, our checks will detect that there’s more than one handset linked to a number or that data is flowing to two places – or to a new place. All these anomalies and sub-variations therein are visible in the data in a matter of microseconds if your system is sensitive to them. And ours really is.
Because we are connected to the telephony network globally the information we are able to provide is based on live data rather than a back history of behaviours. The fraudsters can move quickly so this live data is key to detecting them quickly too.
So although it’s alarming that your customers can be targeted in these ways it is also, I think, reassuring that you can protect yourself – and them – from being targeted by simply making sure your security procedures are robust.
The technology is there to defeat these scams, it’s simply a question of tuning into the expertise that’s out there.