How to Avoid SIM Card Duplication Fraud
A cautionary tale to encourage you to make your digital life safer.
I wanted to share a friend’s experience with identity theft that I hope will help make your digital life safer. Of Course, the friend’s name and bank have been changed to protect privacy. Here is how the story goes:
It was 3 AM Sunday and Susan’s iPhone lit up with a text message: “XXXX Bank: DO NOT share this Sign In code. We will NEVER call you or text you for it. Code 123456. Reply HELP if you didn’t request it.” Three minutes later another text came with another code from XXXX Bank. Susan looked up the bank’s phone number and called.
Someone had already changed the email of record, the phone number, and the physical address on her accounts. Since it was the middle of the night and on the weekend, there was no supervisor to help with this. The bank had no default mechanism to lock down the accounts until this was resolved.
Susan realized that her and her husband’s entire digital lives had been stolen. This started an eight-month saga to protect their credit and regain their digital privacy. The next morning, she immediately locked down their credit with the three credit agencies and went into the bank. They told her that this was most likely SIM card duplication fraud and helped her with her accounts.
SIM card duplication fraud is a form of identity theft where a fraudster gains access to your SIM card details and duplicates it. In essence, the fraudster tricks your mobile provider into transferring your phone number onto their SIM card. Once successful, they gain access to your text messages, calls, and more critically, any OTPs (One-Time Passwords) sent to your cell phone number. This allows them to access banking and financial sites.
The bank referred Susan to the Apple store. They helped her with a new phone, new phone number, and how to create a unique SIM PIN code to protect her phone.
Susan finally sought help from the local FBI office, the chief investigative unit in cases of fraud, including identity theft. If there had been a financial loss, she was told the US Secret Service would have been involved in the investigation as well. She felt that the FBI acted disinterested and told her there was little that could be done. If the evidence of identity theft continued, she would likely have to change their drivers’ licenses, social security numbers, and perhaps even their names. They told her how digital criminals buy stolen personal information on the dark web in lots of 1000 for $10. Susan’s digital life was likely bought for 1 cent. They showed her how these bad actors can create a rapid bio of almost anyone by going to fastpeoplesearch.com and entering a person’s name and city. Research yourself – you will be shocked by what information is available on you, your family and your history.
Here is a list of things to consider from Susan’s visit to the FBI:
- Most of this fraud is from foreign bad actors.
- Consider moving to one of the large banks, such as Chase or Bank of America. They have better fraud detection departments.
- Most fraud is from checks – you should minimize using checks.
- Apple products are the most secure – phones, computers, & email
Recommended Actions:
- Change the PIN for your SIM card on your phone. The default SIM PIN code on all ATT phones is 1111. You should change this as soon as possible to something that is not discoverable. Here are directions for iPhone and Android.
- Use Fast People Search to remove your personal information from 199 websites that gather and list information. Visit fastpeoplesearch.com/removal to get started.
Susan continues to monitor her banking, credit cards, and brokerage accounts daily. She uses three-factor authentication for most digital logins (password, texted code, and biometrics). She will not let her credit card out of her sight when shopping or in restaurants. If they can’t bring the credit card machine to the table, she pays in cash. (Yes, there are skimmers that can copy credit card information.) It has now been eight months since the texts started, and life is finally getting back to normal.
I have had several clients and friends who have had significant identity theft events. In my next two blog posts I will continue to share these experiences and their recommendations to help you make your digital life safer.
Ralph Broadwater, M.D., CFP®
© 2023 The Arkansas Financial Group, Inc., All rights reserved.
The Arkansas Financial Group, Inc. is a Fee-Only Financial Planning Firm located in Little Rock, AR serving clients in Arkansas and throughout the country.
Please remember that past performance may not be indicative of future results. Different types of investments involve varying degrees of risk, and there can be no assurance that the future performance of any specific investment, investment strategy, or product (including the investments and/or investment strategies recommended or undertaken by The Arkansas Financial Group, Inc. [“AFG]), or any non-investment related content, made reference to directly or indirectly in this commentary will be profitable, equal any corresponding indicated historical performance level(s), be suitable for your portfolio or individual situation, or prove successful. Due to various factors, including changing market conditions and/or applicable laws, the content may no longer be reflective of current opinions or positions. Moreover, you should not assume that any discussion or information contained in this commentary serves as the receipt of, or as a substitute for, personalized investment advice from AFG. AFG is neither a law firm, nor a certified public accounting firm, and no portion of the commentary content should be construed as legal or accounting advice. A copy of the AFG’s current written disclosure Brochure discussing our advisory services and fees continues to remain available upon request or at www.arfinancial.com.
Please Remember: If you are a AFG client, please contact AFG, in writing, if there are any changes in your personal/financial situation or investment objectives for the purpose of reviewing/evaluating/revising our previous recommendations and/or services, or if you would like to impose, add, or to modify any reasonable restrictions to our investment advisory services. Unless, and until, you notify us, in writing, to the contrary, we shall continue to provide services as we do currently. Please Also Remember to advise us if you have not been receiving account statements (at least quarterly) from the account custodian.