It’s extremely likely that you are reading this post on your smartphone or tablet. We use our mobile devices to remotely access a wider range of services than ever before. Your mobile phone has become everything that you do. You take it everywhere you go; you use it for pretty much all of your daily contact with individuals (messaging friends, interacting on social channels) and with organisations (consuming content, communicating, purchasing, being entertained). But with our lives now increasingly being lived through mobile, and with the rapid acceleration of our dependence on this medium since March 2020, there are underlying problems that we mustn’t ignore.
With mobile usage comes mobile fraud, and the threat to our privacy, security and finances is very real. This article looks at the five biggest mobile fraud threats currently out there to ensure that you’re aware of what the bad guys are up to.
Here’s a look at the top 5 mobile fraud threats and the common ways fraudsters operate:
A common method that the fraudsters use to commit fraud is to take over an individual’s online accounts in order to ‘socially engineer’ access to their bank account and other personal or financial data. Collecting personal data from multiple sources, including messaging and social media channels, allows them to persuade the mobile operator to ‘SIM Swap’ your account to a new SIM card which the fraudster uses to intercept one-time passcodes to access your accounts.
Alternatively, by using smart card copying software or through remote hacking, a fraudster is able to ‘SIM clone’ a SIM card, creating a duplicate of their victim’s SIM, which grants them access to their phone number and all the services they receive from their mobile service provider, including phone calls and SMS messages. This again allows them to access personal data and account details where they can transfer funds and make purchases without your knowledge.
Your mobile phone and tablet are increasingly becoming storage devices for most of the apps and personal data that you need to access the key services that you rely on (bank accounts, online stores, travel and entertainment brands, etc.)
Fraudsters are able to transfer data and services from one mobile device to another, making an exact replica of the original. Without any device-specific checks, the bad guys are then able to make calls and instigate transactions from the cloned device for which only the original will be billed.
Your Caller ID is the number that appears on a phone that you’re calling to identify the call as originating from you. Fraudsters can create and use false caller IDs, often appearing to be from a local area or company that the victim knows and trusts, to scam or defraud the recipient. Calls and messages are sent from this ‘spoofed’ caller ID to trick you into engaging in a fake exchange.
Once the call or message is answered, the fraudster will often then use social engineering techniques to persuade the victim to part with valuable personal information or even money.
When a mobile user’s account is closed, the mobile operator will release their phone number (after a short period of ‘quarantine’) for reassignment and use by another, unrelated, customer. As we have established, it is now becoming commonplace that many people’s online accounts are tied to their phone number, enabling fraudsters to activate mobile phones using new numbers with the specific aim of finding a number that has recently been recycled.
In many online transactional journeys where we use our mobile device, we are required to prove that a device is in our possession before a payment, money transfer or similar transaction is approved and enabled. A common method of establishing this device possession is to send a one-time passcode to the user. Often this is via voice call or voice message to the user’s mobile phone.
In addition, some scams can begin with the fraudster calling their victim and, by pretending to be in an urgent situation, persuading them to forward their call on to someone else. In either case, the forwarding of inbound calls or messages to a fraudster’s device will enable them to intercept messages or sensitive data intended for the recipient and use this to access accounts or services where they can extract funds or make payments without their knowledge.
As we established above, the mobile phone has become an intrinsic, critical part of our lives and as such is now probably the single most important daily personal possession that we have, one that we interact with every few minutes and are rarely parted from. Even if you aren’t reading this article on your phone, it will be in easy reach.
The effect of this is that the mobile phone provides unique data in that it is the only available source of ‘dynamic’ data about what is happening right now – in ‘real time’. This capability allows mobile data to be used as a source of valuable signals in the fight against fraud, even in the fast-moving digital world that we live in.
This ‘dynamic data’ can be used to immediately flag whether a device has been lost or stolen, signal that a SIM card has been recently swapped, that Call Forwarding has been set to divert calls to another device, or that a device has been recycled and is no longer used by the previous owner. The signals that it can reveal are available immediately so that if any of these actions occur, the data can be checked within an online banking or retail flow and used to help prevent transactions or transfers before they happen.
Even better, by using mobile data to keep fraudsters out, it is also possible to easily identify the good guys – you and me – and ensure that, with simple mobile data checks behind the scenes, we are able to access our online services securely, quickly and easily and get on with our lives.
Hear from us when we launch new research, guides and reports.