Telecoms operator Orange Belgium has revealed that a cyber-attack in July resulted in the theft of data from 850,000 customer accounts. The telecoms operator has been quick to reassure its customers that no passwords, email addresses, bank or financial details were hacked.
However, the hacker gained access to one of the operator’s IT systems containing customers’ surnames, first names, telephone numbers, SIM card numbers, personal unlocking (PUK) codes, and tariff plans. While these details do not put customers’ financial data directly at risk, they can be used to effect a whole range of further scams, including financial fraud.
Banks and other service providers routinely use their customers’ smartphones to add another level of security to their online transactions by sending a once-only code direct to the user’s phone. But over the last few years, cybercriminals have become increasingly adept at a practice known as “SIM swapping”. This refers to a fraudster convincing a mobile carrier to transfer a victim’s phone number to a new SIM card – one that is owned by the cybercriminals. This enables the criminals to intercept calls and text messages, including one-time passwords used by banks and social media. Fraudulent SIM-card swaps can also be used for corporate and political espionage to spy on key individuals to acquire confidential information.
SIM-swapping scams are on the rise
SIM-swapping scams are on the rise. According to Which magazine, data shows that reports of SIM-swap scams to Action Fraud have doubled year-on-year. Figures from fraud prevention service Cifas also found that its members – including mobile networks and other telecom providers – reported a 1,055% increase in cases of unauthorised SIM swaps, from 2023 to 2024. It’s believed that SIM swapping was one of the tactics used in the recent Co-op and M&S cyber-attacks.
“If you get a text from your network about your Sim being transferred, or a PAC (Porting Authorisation Code) request, don’t ignore it — this could be your only chance to stop scammers in their tracks,” warns Which magazine.
