How to protect your mobile phone against a duplicate SIM card

17/04/2020

Cybercriminals are relentless and they are taking advantage of the current lockdown situation to try to access your accounts. For this reason, following on from our "Protect yourself against fraud" series, here we explain what the so-called SIM duplication technique consists of.

This type of scam consists of obtaining, using various strategies, a copy of the mobile phone's SIM card and operating with it, as if it were the original card. It consists of several phases:

  1. The fraudster obtains the victim’s personal data by various means, whether it be phishing, a fake website, a phone call, social engineering or mobile phone hacking.
  2. Then, making use of these data, he/she asks the telephone operator for a physical duplicate of the card, claiming that the terminal has been lost or stolen. Although it is difficult to get the card –this procedure is almost always performed in person and by means of identification with an ID document– he/she might be able to do it.
  3. With the new card, the fraudster can receive one-time passwords (OTP) by SMS and then reset the passwords to access electronic banking, circumventing this strong authentication system. This gives him/her full access to your banking products, allowing him/her to arrange loans, make transfers, pay by card, withdraw cash from ATMs, etc.

How can you protect yourself from this fraud? Here are some useful tips:

  • The best way to avoid this is to defeat the attack in the first phase: never give out personal data or information.
  • If you suddenly lose coverage on your mobile phone, you should immediately contact your communications company and ask if your SIM card has been duplicated.
  • You should also immediately check your bank accounts for any unusual activity. If there is any, notify your bank so that they can take the appropriate security measures.
  • Consider using other alternatives to SMS such as two-factor identification. There are software options, such as Google AuthenticatorAbre en ventana nueva, Microsoft AuthenticatorAbre en ventana nueva or AuthyAbre en ventana nueva, or hardware options, such as a security token or cryptographic key. Most banks offer this service. Ask for it and follow the steps to activate it.
  • Do not post your phone number on social networks. In general, it is a good idea to take care with your digital footprint and think twice before posting anything.
Did you find this information useful?