Jack Monroe is reported to have lost around £5,000 after the UK celebrity food writer fell victim to phone number hijacking fraud.
Cyber-criminals managed to obtain Monroe’s personal phone number which they then reactivated on another SIM card, enabling them to receive her two-factor authentication messages. With these details, the criminals were able to access Monroe’s financial accounts.
Privacy activists are now calling on the phone industry to take further steps to tackle ‘simjacking’, a crime to which the average consumer is becoming increasingly vulnerable despite best efforts; Monroe had previously spoken out about her fears regarding cyber-security, stating that she had strong defence mechanism in place.
On Twitter, the foodie stated that she was “white-hot angry”, and that she expects to get her phone number returned to her soon while the lost cash will take “longer to recover.”
“The money stolen has run into thousands of pounds – I’m a self-employed freelancer and I have to absolutely hustle for every single pound I earn. And someone has just helped themselves to around five thousand of them,” she said in a tweet.
Simjacking, which also goes by the name of simswapping, refers to criminals transferring a victim’s phone number over to a new sim card. The criminals can then use that number as if they were its real owners.
The process begins with the fraudster pretending to be a customer who wants to switch mobile provider while retaining their old phone number. The mobile phone operator will typically ask for personal data in order to confirm the customer’s identity. If this information – usually a date of birth or address – is available in the public domain, then the fraud can be carried out with relative ease; personal information of Jack Monroe was open to view on Wikipedia.
In other instances of the crime, mobile phone operators or assistants in phone shops can be bribed into helping the process along, aiding a crime of which the victim will not become aware until their phone stops working.
Now, banks and other financial services frequently send a text message to a customer’s phone which holds a code. This code then has to be entered on the service provider’s webpage by the phone’s legitimate owner.
Speaking to the BBC News website, managing director of Privacy Matters, Pat Walshe, said that the problem of simjacking in the UK is still a relative unknown.
“The industry has failed to address this problem for a number of years. It’s not trivial [to carry out a Simjack attack] but someone could do it easily enough,” Mr Walshe said, before stating that victims need to report the crime to their own mobile phone provider. Action Fraud and the Information Commissioner’s Office also need to be informed.
“I think Jack Monroe’s case should now force the ICO to investigate whether mobile operators are meeting their obligations to safeguard services and data under telecom privacy rules, in addition to the [EU data protection law] GDPR,” Mr Walshe added.
The post #Privacy: UK food writer victim of phone number hijack appeared first on PrivSec Report.