MobileMobile SecurityTech News

How hackers can steal your PHONE NUMBER: ‘SIM-jacking’ allows criminals to take control of SIM cards to raid bank accounts – and it is on the rise in the UK

DigTec - Sim Card
  • Fraudsters obtain codes from operators to switch numbers to another device
  • There has been more than 300 fraudulent code-gaining attempts since last April
  • In the preceding year, however, there had only been 99 similar cases in total 
  • Author Jack Monroe had £5,000 stolen from her bank account from SIM hacking

Hijacking other people’s SIM cards in an attempt to steal personal information is on the rise in the UK, according to new figures.

Reports of fraudsters obtaining codes that allow phone numbers to be switched to a new phone have totalled 300 since last April — compared with 99 in the preceding year — according to the Information Commissioner’s Office (ICO).

The dodgy practice involves the criminals obtaining a code from a person’s network operator that lets them switch their victim’s mobile number to another SIM.

Once they have obtained unfettered control of the victim’s phone number they can target them further, often for financial gain.

Criminals with enough armed with enough knowledge of a mobile phone user’s personal details can fool network operators into providing them with this all-important code, called a Porting Authorisation Code (PAC).

The culprits need to have as much information as they can to pass security clearance with the network operator and gain a PAC, including name and date of birth, often obtained by phishing emails.

Once this had been obtained, the hijacker can get control of personal information stored to a SIM card, such as identity, messages and personal security keys – and ultimately steal money.

Figures obtained from the ICO by New Scientist show there have been more than 300 reported cases of attempts to fraudulently obtain PACs since April 2019.

The ICC had already revealed last month that there had been 399 SIM-jacking cases since the start of April 2018, suggesting most of the incidents have taken place in the last nine months.

These figures suggest the technique to enable fraud has become increasingly popular among criminals in a short amount of time and such incidents could keep rising.

A PAC is normally 9 characters long and in the format ‘ABC123456’.

Phone users can request one for free simply by sending a text on the number that they want to transfer to another network.

Some operators such as EE and Vodafone allow users to obtain a PAC from a phone number other than one connected to the number they want to switch, such as a landline.

However, a Vodafone employee confirmed to MailOnline that a customer has to relay a code that’s been sent to the mobile phone connected to their account if they want to obtain a PAC.