The TIO Systemic Spotlight report — Reducing fraudsters’ theft of mobile numbers — reveals how fraudsters steal a consumer’s mobile number by convincing the mobile service provider to switch the number to a new SIM card in the fraudster’s possession (known as “SIM swaps”).
And, the TIO warns that once a fraudster has access to a consumer’s mobile number they can use it to access the consumer’s bank account, emails, and other online accounts.
Commenting on the TIO’s publication of the report, Ombudsman Judi Jones said, “Fraudsters are developing new ways to collect personal information about a consumer – accessing social media profiles, posing as telemarketers, or sending deceptive emails. They use this information to impersonate consumers, deceive mobile service providers, and steal consumer’s mobile numbers”.
Jones also said that since the Telecommunication Industry Ombudsman started to work with the providers on this issue, they have introduced new security procedures including two-factor authentication.
“We welcome the industry’s continued work towards consistently robust identity verification procedures. It is important to ensure these procedures keep up with evolving technological risks,” Jones said.
Jones notes that the TIO has also published a guidance note about how its office handles complaints about unauthorised SIM swaps.
The TIO also offers guidance on what consumers should do if their mobile number is stolen?:
If you find your service is suddenly disconnected or receive notification about a SIM swap you didn’t authorise, you may be a victim of mobile number theft. We suggest you:
- Contact your bank or financial services provider immediately and explain that your mobile number has been taken. Ask them to check for any withdrawals or unusual transactions on your account.
- Contact your mobile service provider and ask them to get your number back.
- Contact IDCARE, Australia and New Zealand’s national identity and cyber support service at www.idcare.org or via phone on 1300 432 273.
- If fraud or theft has occurred, contact the police.
For unresolved complaints about financial institutions, the TIO directs enquirers to contact the Australian Financial Complaints Authority at www.afca.org.au or via phone 1800 931 678.
And, if you have a complaint about how your mobile service provider dealt with a SIM swap, contact the Telecommunications Industry Ombudsman at www.tio.com.au or via phone on 1800 062 058.
And, on how consumers can protect against the theft of their mobile numbers, the TIO notes that the more publicly available your personal information is, the more susceptible you are to mobile number theft.
To protect yourself, the TIO suggests you:
- Don’t respond to emails asking for your bank account details, phone number and personal details.
- Don’t respond to any caller who asks for access to your computer. Don’t give them any passwords or other information. Hang up.
- Don’t click on links in emails or text messages saying you have won a prize or have a message, particularly if you don’t know the sender.
- Reduce disclosure of personal details such as full name, mobile number and full date of birth online on social media, online dating websites or blogs. If you must enter these details, ensure they are hidden from public view.
- Lock your letterbox. Fraudsters can gain personal information about you by physically stealing your mail.
The TIO also lists ways mobile service providers can strengthen identity verification procedures:
- Allowing customers to set up PINs on their telco accounts.
- Enhancing the customer authentication steps before customers can make a transaction by requiring customers to provide an additional form of ID as well as full name, date of birth and mobile number.
- Introducing two-factor authentication by sending customers one time PIN numbers through SMS or email for all high risk transactions such as SIM swaps.