SIM-swapping is one of the latest breeds of digital scam that is sweeping the country – and one that might rely on contact centres as an access point – or a source of personal data – to complete the fraud.

What is a SIM-swapping scam?

SIM-swapping is one of the more elaborate scams currently perpetrated by cyber criminals, but one that promises a large payday. The goal of the scam is to take over a person’s phone so they can access their online banking services and transfer funds into their own account.

The first step in the scam involves gathering information about the target. Once they have collected personal data, they contact the target’s mobile phone company and claim that their SIM is broken.

Assuming the scammer knows enough about the target to bypass ID&V, they can then request that an alternative SIM is activated – but of course the SIM that gets activated is in the possession of the scammer. If this request is activated, the scammer is then in control of the target’s phone – and everything that entails.

Scammers then attempt to access the target’s online banking. They can request a password reset, because the reset link will be sent by SMS to the phone in their possession – or confirmed by automated phone call.

Having redefined the target’s password, they can freely plunder the bank accounts. To streamline the transfer of funds, some scammers create new accounts in the target’s name, so they can transfer money without arousing suspicion, as the bank believes the target is simply transferring money between their own accounts.

Contact centre security

The SIM-swapping scam is a good reminder of the lengths that thieves will go to. A SIM-swapping scam involves multiple stages, methodical planning and determination. The scammer might call several service providers to glean more personal information about their target, or to confirm information that they already have. It’s easy to see how contact centre staff can become unwitting accomplices in these complicated scams.

All contact centres are targets for criminals – either to gain direct access to a customer’s account, or as part of a larger scheme. The only way to keep ahead of the scammers is to regularly access risks, maintain employee training, implement robust security practices, and use secure software to manage the identification and verification process.

As more criminals recognise the potential gains from cyber crime, it seems that this kind of scheme will only grow in popularity – and contact centres will remain on the front line.