Fraudsters Hijack Mobile Numbers to Crack Open Bank Accounts
Each time, her phone number was involuntarily ported from Vodafone to Optus, and she's been powerless to stop it. It's a type of attack known as SIM hijacking or swapping. A criminal pretends to be an authorized holder of a number, often by tricking a customer service representative, and succeeds in moving a number to a different SIM card.
Once the attackers controlled Henriquez's phone number, they took AU$500 (US$360) from her Westpac account using "cardless" cash, which allows ATM withdrawals using only a one-time passcode. The fraudsters also later took $1,300 in a direct debit transaction.
SIM hijacking is not a new attack, but there's increasing interest in stealing phone numbers. That's because banks often send two-step verification codes over SMS. Additionally, major services such as Google, LinkedIn, Facebook and Instagram use the mobile channel in some scenarios for password resets.