23-02-2018 06:13 PM - last edited on 24-02-2018 11:24 AM by Leanne_T
Ever since mobile phones have become a tool for some banking transactions, they have also become a tool for fraudsters wanting access to your bank account.
This criminal activity is known as SIM swap fraud. But there are steps you can take to help reduce the risk of fraudsters accessing your bank account and potentially withdrawing your cash.
There are various methods fraudsters use to secure bank details and other personal information that can allow them to access your bank account. Once they have illegally accessed your bank account, they can then try to transfer funds out of it – but banks have several methods to then confirm that it’s really you trying to move your money.
When banks use SMS messages for two-factor authentication to try to confirm that it’s really you (essentially, the delivery of a unique passcode to a device that you own), it means there is an opportunity for a fraudster to authorise a bank transfer by switching a your phone number over to a new SIM and intercepting the authorisation message.
They do this by contacting the victim’s phone company, cancelling the old SIM, and activating the number on a new SIM that they have in their possession – often using correct personal details, bank details and other information that they have acquired elsewhere to pass the mobile operator’s security checks. Hence ‘SIM swap fraud’.
The good news is that most banks don’t rely only on this method, and there are some things you can do to help make sure you’re more protected.
Ensure you have a unique, secure password set on your EE account
Check your bank’s authentication policy. We generally only see these cases with banks that rely on SMS for two factor authentication – we do not see this type of fraudulent activity with banks that use other means such as mobile apps and devices for two factor authentications.
Make sure you keep your bank and contact details as protected as possible by regularly changing passwords for online services. Try not to have a single password for all accounts.
Avoid clicking on links in emails that you don't trust. ActionFraud has some great advice on how to protect yourself and spot the signs of fraud.
Don't enter your personal details into any website you've accessed via a link in email.
Don't save your personal information on any computer which has shared or public access.
Be alert: if you are getting a lot of nuisance calls on your phone this could be a tactic used by fraudsters to make you turn off your phone (which makes SIM swap easier).
Contact us if you have concerns.
Don't give away too much personal information on social media or over the phone. Your bank will never ask for your personal information by phone - this is a common phishing tactic used by fraudsters, so always be alert and contact your bank directly if you suspect any suspicious activity.
Keep anti-virus software up-to-date on your personal computer
We regularly review and update our process and policies to improve security to prevent SIM swap fraud.
We’re continuing to work with the mobile and banking industries to help protect our customers and in particular advising them that SMS should not be used as two-factor authentication for financial transfers.
If you have any questions please tap "Reply" below and we'll do our best to answer
28-06-2018 03:27 PM
Thank you this is a very helpful article.
Can you please advise whether the secure EE account password you are reffering to is the same as the one you use to logon to the EE Website or is that seperate?
28-06-2018 03:37 PM
Hi @mcloggies and welcome to the community.
The secure EE password is the one when you give when you speak to customer services via telephone or live chat.
Ideally this would be different from your online account access.
28-06-2018 03:55 PM
Appreciate the prompt response and clarification.
Can you please confirm if there are any published guidelines outside of this post in which EE detail and advise their customer to do this ? The reason i ask is that i dont see this mentioned on any of the existing articles on the link below?
28-06-2018 04:21 PM - edited 28-06-2018 04:34 PM
Having different passwords for the many different online accounts you have (such as your EE account, your email account, your online banking) is common tip to follow.
It limits the amount of accounts which could be breached should somebody get hold of one of your passwords.
McAfee pride themselves on being the world’s largest dedicated security technology company, and they recommend this.
You can read their advice on online password security here.
12-09-2019 01:49 PM
all very interesting but what is in place at EE to prevent a criminal requesting a SIM swap in the first place? i could be reading the article wrong but there doesn't seem to be anything in there that addresses this. What security steps are in place a EE to verify that it is the SIM owner requesting the swap?
12-09-2019 03:33 PM
Good Afternoon @superflyguy.
Thanks for the question.
Security questions will be asked to verify the account holder.
12-09-2019 04:01 PM
thanks for the reply.
however if a criminal has identified someone as a target for sim swap it's fair to assume they would probably have the answers to basic security questions, no? mothers maiden name, first school etc.. not hard to find out.
is there anything more robust that can be put in place? a separate pin for example.
13-09-2019 08:40 AM
Our security questions are put in place to protect customers and we had that in mind when we put our security questions in place. If you go into store you will be asked for photo ID. If we believe the caller is not the customer, they will be referred to an EE Store.
a month ago - last edited a month ago
Yes, but what are the security questions that you ask?
I believe the concern is whether these questions are sufficient, possibly too generic and had been exposed in other third party breaches. This is a very important question as these services are used for MFA.
I dont believe this this well communicated by EE but there are addition steps EE customers can take to further secure their accounts. This is done by contacting EE and having a PIN placed on the account.
a month ago
Welcome back to the community.
For security reasons we do not disclose what questions may be asked.
by jackmod Monday
by Leon6 2 weeks ago