Fraudsters steal phone numbers, drain bank accounts: TIO

Fraudsters are emptying the bank accounts of unsuspecting consumers after stealing their mobile phone numbers and email addresses.

This issue is highlighted in the Telecommunications Industry Ombudsman’s newly published Systemic Spotlight, ‘Reducing fraudsters’ theft of mobile numbers’.

Systemic Spotlight reveals how fraudsters steal a consumer’s mobile number by convincing the mobile service provider to switch the number to a new SIM card in the fraudster’s possession (known as ‘SIM swaps’). Once a fraudster has access to a consumer’s mobile number they can use it to access the consumer’s bank account, emails and other online accounts.

“Fraudsters are developing new ways to collect personal information about a consumer — accessing social media profiles, posing as telemarketers or sending deceptive emails. They use this information to impersonate consumers, deceive mobile service providers and steal consumer’s mobile numbers,” said Ombudsman Judi Jones.

“The Telecommunications Industry Ombudsman’s Systemic Investigation Team noticed a trend of complaints in 2018 about mobile service providers who had a low bar for consumer identity verification. We have been working with these providers to address these problems and help prevent future complaints.”

Since the Telecommunication Industry Ombudsman started to work with the providers on this issue, they have introduced new security procedures including two-factor authentication.

ACCAN welcomes the news that the TIO has been working with telcos to introduce new security procedures in an effort to combat fraudulent mobile number and identity theft.

“Our mobile phone numbers are increasingly being used as an additional security step to verify our identity when it comes to important accounts such as banking and email, so it’s important to make sure your number is protected,” said ACCAN CEO Teresa Corbin.

“Check your social media accounts to make sure that your mobile number isn’t publicly available and ask your mobile provider to set up a secret pin number or password that only you know, to identify yourself when you call them or deal with them in person.

“As consumers increasingly move their lives online, it is vital that our telcos and technology companies are putting appropriate protections in place to prevent Australians from falling victim to dishonest practices.”

The Telecommunications Industry Ombudsman has also published a guidance note about how the office handles complaints about unauthorised SIM swaps.

If consumers find their service is suddenly disconnected or receive notification about a SIM swap they didn’t authorise, they may be a victim of mobile number theft. Consumers are advised to:

• contact their bank or financial services provider immediately and explain that their mobile number has been taken. Ask them to check for any withdrawals or unusual transactions on the account;
• contact their mobile service provider and ask them to get the number back;
• contact IDCARE, Australia and New Zealand’s national identity and cyber support service at www.idcare.org or via phone on 1300 432 273;
• contact the police if fraud or theft has occurred.
   

The more publicly available a person’s personal information is, the more susceptible they are to mobile number theft. The TIO suggests that consumers:

• don’t respond to emails asking for bank account details, phone number and personal details;
• don’t respond to any caller who asks for access to their computer. Don’t give them any passwords or other information. Hang up;
• don’t click on links in emails or text messages saying they have won a prize or have a message, particularly if they don’t know the sender;
• reduce disclosure of personal details such as full name, mobile number and full date of birth online on social media, online dating websites or blogs. If these details must be entered, ensure they are hidden from public view;
• lock their letterbox. Fraudsters can gain personal information by physically stealing mail.
   

Ways mobile service providers can strengthen identity verification procedures:

• Allow customers to set up PINs on their telco accounts.
• Enhance the customer authentication steps before customers can make a transaction by requiring customers to provide an additional form of ID as well as full name, date of birth and mobile number.
• Introduce two-factor authentication by sending customers one-time PIN numbers through SMS or email for all high-risk transactions such as SIM swaps.
   

Image credit: ©iStockphoto.com/Martin McCarthy

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.