Four out of five banks here are leaving their customers’ accounts at risk of a fraud known as a ‘SIM swap’. This is according to a study carried out by the mobile data security company, moQom, in which they tested the vulnerability of bank accounts to these attacks.
Colin Larkin, CEO of moQom, explained that a SIM swap involves fraudsters getting control of your mobile phone by gathering personal information and changing SIM cards at a mobile phone store. “Now they have control of your phone. On the banking side, there are a range of phishing malware out there, and through the use of social engineering, the fraudster can gain access to your account”, he explains.
“You might receive a text telling you to call your bank. You could be asked to give across personal information including pin numbers. It could be a fake website in which you click on a mail and open a website which looks similar to the bank’s website and you’ll enter all your credentials,” he expands.
Mr Larkin said large amounts of money could be transferred in a very short time frame. “It depends on the type of account. Business accounts are especially vulnerable to large transfers. Personal accounts might be more restricted. In the UK, at least one person lost about a quarter of a million pounds in such an attack.” He said that some banks would take a practical approach and would refund money in the event of such an attack but he said that legally, the liability lay with the account holder.
Colin Larkin said the banks were aware of the practice and there were incidents of it in the UK and in Ireland.
“The BBC did an expose involving RBS subsidiary, NatWest. There are solutions that can be deployed. Mobile Operators came together here and deployed a national SIM swap protection programme to protect consumers. That’s available to the banks,” he said.
Listen to the full interview with moQom CEO Colin Larkin and Morning Ireland Business Correspondent Brian Finn here: