Home Page Navigation Contents Contact Sitemap Search
HomeNewsCriminals want to get their hands on your SIM card – and then your bank account

Crim­i­nals want to get their hands on your SIM card – and then your bank account

Hackers steal or copy SIM cards and abuse them to obtain access to apps and bank details. Such an attack usu­ally starts with a phishing message.

Some US-$ 68 mil­lion have been scammed out of vic­tims by fraud­sters in the USA, using the so-called SIM swap­ping trick. In the process, they either steal or copy their vic­tims’ SIM cards and abuse it to obtain access to apps and bank details (source: Heise Secu­rity, 20 Minuten).

Cases of SIM swap­ping, even if com­par­a­tively few, have also come to light in Switzer­land. The ini­tial attack usu­ally involves phishing mails, texts or Mes­senger mes­sages con­taining a link to a fake web­site run by the attacker. This is where inno­cent users are asked to enter their mobile provider details and/or access data to a cer­tain online ser­vice or their e-banking facility. Some­times access data obtained via data leaks are also bought en masse (for instance on the Darknet).

Since e-banking por­tals and other online ser­vices increas­ingly make use of two- or multi-factor authen­tifi­ca­tion (2FA, MFA), attackers will need user name or account number and pass­word on the one hand plus a SIM card either stolen or reordered from the mobile provider, so they can inter­cept and use the second secu­rity factor. Data and SIM cards thus stolen or obtained some other way are then used by fraud­sters to obtain illegal access to rel­e­vant e-banking por­tals or online services.

Pro­tect your­self by ...

  • never using any links you receive by e-mail, SMS or mes­senger ser­vices or obtained by scan­ning in a QR codes to log into your finan­cial insti­tu­tion facility or any online service.
  • never filling in any forms received by e-mail and asking you to enter log-in information.
  • treating e-mail and SMS attach­ments with great caution.
  • never dis­closing any con­fi­den­tial infor­ma­tion, such as pass­words, during tele­phone calls.
  • always entering the address for your online ser­vice provider or finan­cial institution’s log-in page man­u­ally via the browser address line.
  • checking there is an SSL con­nec­tion (https://, lock symbol) when calling up a log-in page, and ver­i­fying that the Internet address shown in the address bar of your browser actu­ally indi­cates that you have reached the cor­rect page.
  • never leaving your mobile device out of sight and having a device or SIM card blocked imme­di­ately if lost or stolen.
  • con­tacting your finan­cial insti­tu­tion if you are not quite sure or some­thing is not com­pletely clear.

You might also be interested in these articles:

What else would you like to learn about security when e-banking?

Reg­ister for a course now
and learn more:

Basic course

Find out about cur­rent Internet threats and some easy pro­tec­tive mea­sures, and how to securely use e-banking.

fur­ther information

Online course mobile banking/payments

Find out about mobile banking, mobile pay­ments and how to securely use these apps.

fur­ther information

Online course for the under-30s

Learn how to use your smart­phone securely. Next to basics, we will show you what you should know about social media, clouds, mobile banking and mobile payments.

fur­ther information

Course for SMEs

Is your organ­i­sa­tion suf­fi­ciently secure? Learn which mea­sures you can take to sig­nif­i­cantly strengthen your organisation’s IT security.

fur­ther information

In excess of 50 data leaks affecting more than 6 mil­lion data recordsHow to drive bank fraud­sters absolutely insane