New rules could give fraudsters a back door to clone mobile phone numbers
New rules meant to make it easier to swap mobile contracts could give criminals access to important personal information, experts have warned.
The new text-to-switch service, launched last week, allows billpayers to easily get a code to move provider.
It aims to encourage switching and save customers on their bills.
However, the system is so easy to use that it has become vulnerable to attack, said Richard De Vere, a cybersecurity consultant.
Using voice-aid Siri on an iPhone, fraudsters could send a text to the number. They would then, without having to log into the phone, get a code from the customer’s provider.
This could ultimately help give them access to bank details.
However, fraudsters would need physical access to your phone to get the code. And at that point they could simply use the phone. And in the past scammers could get codes over the phone if they knew some personal details.
Cybersecurity professor Eerke Boiten from De Montfort University told the Sunday Telegraph that the system may also be abused by some apps. Software which has access to people’s messages might secretly request the code, he said.
Ofcom said that “any claims that these changes will increase this type of fraud are completely unfounded.”
“Text-to-switch should actually help reduce the risk of Sim-swapping scams. Under the new rules, only someone in possession of a SIM can request or receive a switching code by text. So we’ve designed the process to provide extra protection for mobile customers, while also making switching easier,” a spokesperson for the regulator said.
Main image credit: Getty