Sharing these information to the community:

SIM SWAP SCAM involves the following:

Getting the Internet Banking Login Credentials of the Victim

The internet banking login credentials (username and password) of a victim are typically stolen through a phishing attack. Other methods in which these can be attained include pharming, computers in public areas (such as internet cafés) which record sensitive information, keystroke logging software, or malware which provides criminals access to a victim’s computer.

Phishing and pharming are two methods being used by the criminals via the Internet. Their difference is: phishing involves getting a user to enter personal information via a fake website; while, pharming involves modifying DNS entries, which causes users to be directed to the wrong website when they visit a certain web address.

There are mainly two groups of the criminals: one group that uses phishing or other methods which they will personally use to steal money later; and, another group that uses pharming and sold the stolen data to their fellow criminals. While the phishing and the pharming groups/criminals operate in countries across the world, their fellow criminals who eventually steal the money are based in the Philippines.

Duplicating the SIM Card of the Victim

Armed with the victim’s internet banking login credentials which can now access sensitive information like bank accounts, e-mail address and mobile number, a SIM swap is needed before enrolling a third-party account to be used as beneficiary/conduit of fund transfers. [Note: A one-time password sent to the mobile number is used to enroll third-party account.]

The SIM swap can happen if the criminal is able to convince a Telco Agent/Help Desk that he/she is dealing with the owner of the mobile number (after answering customer identification questions or submitting fake ID/s). A new SIM card is then issued to the criminal in replacement of the “lost” one.

The criminal, now introducing him/herself as a Telco Agent, will call the victim (whose cellphone signal suddenly disappeared) that his/her mobile number was erroneously blocked/deactivated; that the Telco is working on it to restore the cellphone signal/reactivate the mobile number in the next 24 to 36 hours.

Linking a Third-Party Account as Beneficiary of Fund Transfers from the Bank Account of the Victim

The criminal will refer to the one-time password (sent to the mobile number with the new SIM card) to enroll third-party account, which, later on, will be used as recipient account of funds to be transferred from the bank account of the victim.

Access of the criminal to third-party/conduit account is either the result of: (1) opening a new bank account using fake IDs and bogus information; (2) skimming an ATM card; or, purchasing an ATM card from a person to whom it belongs (at a price higher than the deposit, of course).

Transferring and Withdrawing the Money

Fund transfers and withdrawals were often transacted shortly before and after midnight (2 days) to maximize, as applicable, the daily fund transfer and withdrawal limits of the accounts for at least two (2) days prior to discovery.