Jean-Michel, resident of Tarn tells how he was trapped by a SIM Swap scam and its consequences for several weeks. Manipulated by crooks, he gave them all the information so that they could pretend to be him to his operator. From there, they took control of his bank account. This employee of the culture sector, very affected by confinement and closures, finds himself without any activity and with nothing in his bank account.
For some time now, it has been known that not all two-factor authentication is created equal. In particular, double-factor authentication in the form of a code received by SMS. A risk that initially seemed largely virtual, but the number of scams that target precisely this weak point are increasing with deplorable consequences for the victims.
The proof with this testimony of a inhabitant of Tarn, Jean-Michel, picked up by Radio France. In January, he received an SMS which seemed to come from his operator Orange, simply telling him that his “Termination request has been taken into account”. Surprised, he contacted Orange customer service directly, who assured him that everything was normal on their side. A few weeks later, he received a call from an apparently local number. He hung up.
This SIM Swap scam attacks a user already very hard hit by the crisis
At the other end of the line, someone pretends to be an Orange advisor. He tells : “He spoke French perfectly, very calmly. He explains to me that if I was not at the origin of the request for termination, I had to change my access codes “. For “Help” the fake advisor sends him a link supposed to allow him to change his password. From there the crooks have access to his Orange customer account, and the actual SIM Swap scam can begin.
The crooks then call the real Orange customer service and pretend to be Jean-Michel. They then obtain the transfer of the line to a SIM card over which they have control. From then on, they can log into most of this poor user’s secure accounts. His bank, whose name is not mentioned, is based precisely on a two-factor authentication with code received by SMS.
Result? Shortly after this call, he realizes that his cell phone line is no longer working.. Then, at the beginning of April, he noticed questionable withdrawal from his account. In total 850 euros have so far been debited from his account. And the debits continue, despite multiple oppositions and 7 changes of credit cards.
Also Read: LeBonCoin – New SMS Scam Will Empty Your Bank Account
Neither the bank nor the operator offer him a real solution
Jean-Michel is not rolling in gold, however – he lost his activity in the culture sector with the coronavirus pandemic. France Info specifies that neither his bank nor his operator offered him a real solution to put an end to this terrifying scam. In Europe, all banks will eventually have to abandon SMS double authentication in favor of other modes such as secure keys, application of code generators, or authentication via the banking application, etc.
We have been talking about this change since September 2019. And yet, the PSD2 directive which is to introduce it has given banks and merchants a delay until 2022 – so that everyone has time to offer the necessary technical solutions. Some organizations have not expected and already offer more secure authentication modes than the code received by SMS. Unfortunately, this is not yet the case for everyone, and we must remain very vigilant because this type of scam can only progress.
Source: France Info