MENU

Republic of the Philippines
National Police Commission
PHILIPPINE NATIONAL POLICE
ANTI-CYBERCRIME GROUP
Camp BGen Rafael T Crame, Quezon City
E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

ACG-CYBER SECURITY BULLETIN NR 224: BEWARE OF SIM SWAP SCAM

Reference Number ACG-CSB 110321224

         The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as Restricted pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.

SUMMARY

     A SIM card is also known as Subscriber Identity Module (SIM). SIM swapping is a way of stealing phone number and assign it to a new SIM card. It is a type of account takeover fraud that generally targets a vulnerability in two factor authentication and two steps verification in which the second factor or step is a text message (SMS) or call placed to a mobile telephone.

   The fraudster exploits a mobile phone service provider's ability to seamlessly port a phone number to a device containing a different SIM. This feature is normally used when the phone of a customer was lost, stolen, and/or switched to a new phone.

    The swindler contacts the victim's mobile telephone provider and uses social engineering techniques to convince the telephone company to port the victim's phone number to the swindler's SIM. The swindler also pretends to be the victim using personal details to appear authentic and claiming that they have lost their phone. In many cases, SIM numbers are changed directly by telecom company employees bribed by criminals.

     The victim's phone will lose connection to the network and the fraudster will receive all the SMS and voice calls intended for the victim. This allows the fraudster to intercept any one-time passwords sent via text or telephone calls sent to the victim and to directly transfer funds from a bank account, extort the rightful owner, or sell accounts on the black market for identity theft.

    In this setting, the scammer has access to every piece of information you are sending out in the internet such as bank and social media accounts, emails, credit card information, personal details, contacts, and can also automatically receive the confirmation codes texted to your number.

    In this setting, the scammer has access to every piece of information you are sending out in the internet such as bank and social media accounts, emails, credit card information, personal details, contacts, and can also automatically receive the confirmation codes texted to your number.

RECOMMENDATION

 

        All PNP personnel as well as the public are advised to follow the tips below in order to avoid the security risk of SIM SWAP SCAM:

 

  • Immediately change password/PIN of bank and digital accounts.
  • Monitor digital and financial accounts.
  • Call telephone company hotlines or visit the nearest stores to temporarily deactivate the line.
  • Inform the concerned bank about the incident and report to concerned authorities.
  • Limit the personal details you share online. Avoid sharing your full name, address, phone number, birth date, etc. publicly.
  • Don’t post screenshots of bills that will reveal the aforementioned personal details.
  • Don’t fall for phishing calls, texts, or emails. Always scrutinize every message you received and make an effort to determine if it is fake or not.
  • Use security questions and strong passwords and don’t reuse it.

 

For additional information, please refer to the following websites:

POINT OF CONTACT

 

    Please contact PCPT MARK GERALD A NORBE Police Community Relations Officer thru e-mail address This email address is being protected from spambots. You need JavaScript enabled to view it. or contact us on telephone number (632) 723 0401 local 7483 for any inquiries related to this CYBER SECURITY BULLETIN.