Information about the typology of fraud «SIM Swapping»

Using the mobile phone number as one of the main and basic elements for the strong and reliable identification of its holder / subscriber, is an international practice used by organizations, companies and the public for the services they offer.

Banks are no exception to this practice, as they use their customers’ mobile phone numbers as a means to send codes (OTP) which enhance the security of electronic transactions (capital transfers, card purchases, etc.), the sending of alerts for transactions that have been executed and their remote registration in new services.>First of all, SIM Replace is a completely legal service that mobile phone providers offer to their subscribers, so that the latter can keep their phone number in case of loss or theft of their device or due to the need to use a different one. SIM card size. By activating the new SIM card, the old card is automatically deactivated and mobile phone services (calls, SMS, Internet access) are now made by the new card that works with the same number.>In cases of SIM Swapping fraud, the perpetrators take advantage of the ability to change the SIM card and pretend to be either the SIM card holder or someone authorized by the legal subscriber, thus trying to deceive them. mobile phone providers and obtain a new card to replace the one held by the rightful owner.>Once the new card is activated, the old one, which is in the possession of the legal subscriber, is deactivated and so all services (calls, SMS, internet access) are received on the device in the possession of the deceived perpetrator, giving them the opportunity to carry out illegal activities. without the knowledge of legal subscribers. (e.g. receiving calls and messages intended for them, stealing single-use codes or security verification messages, etc.).

But how can the perpetrators replace the SIM card to get into my e–Banking?

Unauthorized replacement / exchange of the SIM card is usually the second part of the above illegal mode of operation. In the first part, the perpetrators have managed to steal the e-Banking codes usually through one phishing e-mail or through malware (trojan / malware) installed on the victim’s computer.

Useful Tips, What Can I Do?
  • If your mobile phone stops working for unusual reasons, contact your mobile provider immediately. Sometimes you may lose your signal due to wider problems affecting your mobile phone service. However, if you lose the service in a position that is usually well covered, it is safer to contact your network provider and confirm that your SIM has not been deactivated.
  • Do not disclose your mobile phone number in social media.
  • Subscribe to the services of organizations that provide SMS and e-mail notifications when your transactions are performed.
  • Never reply to unknown messages or calls asking you for your account details and your registered phone number.
  • Do not follow website links and do not open attachments that you may receive from unknown email senders. Carefully check the sender as perpetrators often pretend to be legitimate businesses and organizations.
  • Do not notify anyone and do not enter unknown websites, your e-banking codes (username and password) or card numbers. You confirm that you have visited the official site of your Bank and remember that banks will never and in no way ask you for your passwords.
  • Your computer and your devices (tablet, smart phones) always have the latest operating and application updates. Install and always have a reliable malware protection program updated.
  • Check the movements of your accounts frequently.
  • If you have been a victim of SIM Swapping fraud or have found transactions that do not have your approval, notify your Bank immediately.
What measures do banks take?

Banks can’t know if a subscriber has been the victim of SIM Swapping, phishing or fraud infected with malware his computer and his passwords have been compromised.

Banks always aim to ensure electronic transactions in accordance with current technical and technological developments, global best practices in information security as well as applicable laws and regulations. In addition, much emphasis is placed on the user experience and speed of the services they provide to their Customers.

Electronic fraud is a broader problem and requires the cooperation of many parties involved to prevent or prevent it. Especially at this time, when the use of electronic services has increased significantly worldwide due to coronavirus, the perpetrators are trying to take advantage of the special conditions with increased attempts to steal data. The Hellenic Banking Association has set up a special Committee for the Prevention and Treatment of Fraud in the Media and Payment Systems with the aim of monitoring, processing and guiding in this area. The Commission coordinates the cooperation with Cybercrime Prosecution of the Greek Police, the Bank of Greece and cooperates systematically with other competent bodies in Greece and abroad.

For more security tips as well as trading protection measures in each bank you can visit their official websites, Europol website and the Hellenic Association of Banks website.