The use of a mobile phone number as one of the main and basic elements for strong and reliable identification of its owner/subscriber, is an international practice used by organisations, companies and public sector for the services they offer.
Banks are no exception to this practice, since they send through their customers' mobile phone number one time passwords (OTP) which enhance security of electronic transactions (money transfers, purchases via cards etc.), security alerts for executed transactions and remote signing up for new services.
What is SIM Swapping fraud?
In principle, change/replacing of SIM card is a completely legitimate service offered by mobile operators to their subscribers, so that the latter retain their phone number in case of loss or theft of their device or in case of need to use a different size SIM card. With the activation of the new SIM card, the old one is automatically disabled and mobile telephony services (calls, SMS, internet access) are now made from the new card that operates with the same number.
In cases of SIM Swapping fraud, perpetrators take advantage of the possibility of changing a SIM card and pretend to be either the SIM card holder or someone authorised by the legitimate subscriber, in an attempt to deceive mobile operators and obtain a new card which replaces the card of the legal holder.
Once the new card is activated, the old one, in the possession of the legitimate subscriber, is disabled, transferring all services (calls, SMS, Internet access) on the device possessed by the perpetrators, enabling them to carry out illegal activities without the legitimate subscribers’ knowledge (e.g. receiving calls and messages intended for them, intercepting one time passwords or security verification messages etc.).
But how can perpetrators, by replacing/exchanging the SIM card, access my e-Banking?
Unauthorized replacement/exchange of SIM card is usually the second part of the above mentioned fraud. In the first part, perpetrators have managed to intercept e-Banking credentials, usually through a phishing email or through trojan/malware they have installed on the victim's device.
Useful tips: What can I do?
- In case your mobile phone stops working for unusual reasons, contact your mobile operator immediately. Sometimes you may lose signal due to wider problems affecting your mobile service. However, if you lose signal in a location which, usually, has good coverage, it is safer to contact your network provider and confirm that your SIM card has not been deactivated.
- Do not share your mobile phone number on social media.
- Subscribe to the services of organisations that provide SMS and email notifications when your transactions are executed.
- Never reply to unknown messages or calls asking for your account details and your registered mobile phone number.
- Do not follow webpage links or open attachments that you have received from unknown e-mail senders. Check carefully the sender’s details since perpetrators often pretend to be legitimate businesses and organisations.
- Do not share with anyone or enter your e-Banking credentials (username and password) or card numbers on unknown websites. Always confirm that you are visiting your bank's official website and remember that banks will never, and for no reason/in no way, ask for your credentials.
- Make sure that your PC and devices (tablets, smartphones) are always protected with the latest operating and application updates. Install and always have a trusted malware protection program up to date.
- Check frequently your account statements.
- In case you have been a victim of SIM Swapping fraud or have found out transactions that do not have your approval, please inform your bank immediately.
Measures taken by banks
Banks are not able to know whether a subscriber has been a victim of SIM swapping, phishing or if his/her computer has been infected with malware and his/her credentials have been intercepted.
Banks always aim in safeguarding electronic transactions, in line with current technical and technological developments, global best practices in information security and applicable laws and regulations. Additionally, strong emphasis is given on user’s experience as well as on prompt/rapid services provided to their customers.
Online frauds consist a wider problem which requires the cooperation of many stakeholders in order to deter or prevent them. Especially nowadays, when the use of electronic services has increased significantly worldwide due to Covid-19, perpetrators are trying to take advantage of these particular circumstances by increasing attempts to intercept data.
HBA has set up a special committee for the Prevention and Treatment of Fraud in Payment Systems, with the purpose of monitoring, processing and guiding in this area. The committee coordinates the cooperation between the Hellenic Police's Cyber Crime Division, the Bank of Greece and regularly cooperates with competent bodies in Greece and abroad.
For further advice on cyber security and protection measures for bank transactions, you may visit banks’ official websites, Europol and Hellenic Bank Association website.
At Eurobank we take all possible measures to safeguard the safety of your data when you carry out transactions through our systems.
We apply modern security protocols and use cutting-edge technology to protect any transactions you carry out online, over the phone or with your cards.
Security rules for you
The secure environment Eurobank offers you is not enough to stay safe. You must follow certain basic security rules for:
Find out how to stay safe from internet fraud.