Wireless customers at AT&T (NYSE:T) are falling victim to an elaborate scam in which hackers impersonate representatives from the wireless company in order to get personal information that allows them to hijack a customer’s SIM card and make expensive international calls as well as gain access to credit card and banking information, according to a report from Bloomberg.
SIM cards are the chips that authenticate a particular user on a wireless network. Hackers only need to get a few pieces of personal information, including the last four digits of a Social Security number, in order to gain access to a person’s account. They then call the wireless provider and have the SIM card switched to a new device, which allows the hacker to make calls that are billed to the victim’s account. Hackers gain the trust of the customers by learning their names and addresses before making the phone call in order to better masquerade as representatives of the wireless carrier.
According to data from the Communications Fraud Control Association cited by Bloomberg, the telecom industry stands to lose $46.3 billion to fraud in 2013. The CFCA says that account-takeovers like the SIM card switching scam are the most common type of fraud in the wireless industry. The trouble wireless companies have is distinguishing between a real SIM card switch, which is a common practice performed when users switch devices and can be done over the phone, and when a hacker is performing the switch rather than the actual customer.
The scams often involve using the SIM cards to make expensive international calls, but can also lead to more sophisticated data theft, as the hackers can use text messages to receive passwords and security codes to bank accounts and other online services. AT&T hasn’t been the only reported victim of the SIM card hacking, as Vodafone’s (NASDAQ:VOD) South African unit Vodacom Group Ltd. has also had SIM card theft reported. Representatives from Sprint (NYSE:S) and T-Mobile (NYSE:TMUS) said they haven’t encountered this type of fraud, while a Verizon (NYSE:VZ) spokesperson declined to give Bloomberg a comment.
AT&T issued a statement on the matter, saying that customers should follow the Federal Communication Commission’s guidelines to avoid becoming the victim of scams. These tips include never giving personal information in response to an incoming call and calling the number found on a bill or statement if a caller that seems to be from the company is seeking personal information.
Follow Jacqueline on Twitter @Jacqui_WSCS