The SIM scam duplicated: if your phone does weird things, check the bank account

"Damn technology!" This habitual thought when the mobile phone locks up or goes out without warning, assaulted Mario Fernández (who asks to be quoted with a false name) when one morning his smartphone stopped having coverage. He was at work and did what anyone: turn off and on again. It did not work Once at home, from another phone he called his company to explain what was happening. Then he realized that the problem was with him. "They told me that I had requested a duplicate of my SIM card at a branch in another city," he says, "and I told them it was not like that.Said and done: several thousand euros had disappeared and he had requested a loan for another 50,000 in his name. Without knowing how, someone had usurped their identity to access their personal information and profit from it.

"It could have been the result of sim swapping [supplanting the mobile SIM card, in Spanish]," says Carlos Vico, a lieutenant in the Technological Crimes group of the Civil Guard, who says that this type of scam, which is carried out through telephone chips, it goes up. "We do not have the precise number of complaints, but there is a significant increase in these cases every year," he says. The usurpation of Fernandez is still being investigated by the Civil Guard.

Vico explains that many of these scams carry the previous theft of data from the bank account of the victims and that the duplicate of the mobile SIM card is essential to obtain the double verification that many banks require when making payments or mail services. electronic to change the password. This consists of sending a text message to the owner's phone to confirm the operation with a code that is provided. "The first cases took place in the United States and since 2015 this type of fraud also began to gain relevance in Spain," the lieutenant adds.

"The telephone is almost always the second verification step", confirms Carles Garrigues, professor of Computing at the Open University of Catalonia. "And the theft of passwords may have been by phishing [a computer fraud with which private information is obtained from the user], the king of scams." Garrigues explains that cybercriminals can get sensitive data from their victims also through fraudulent apps that extract information from smartphones without us noticing or false wifi signals.

"For example, you think you're connecting to Gmail and it's actually another page; the situation can become critical when the criminals manage to get the password of the victim's email, which is usually associated with several services, "says the teacher, who always recommends monitoring what we install on our devices and review the permissions that request, be cautious with open and careful connections with the passwords we choose. "But absolute security is very difficult to achieve," he concludes.

Fernandez, 37, who lives in Almeria, still can not understand what happened that day. He explains that until his cell phone coverage failed he had not noticed anything strange. "When I saw the bank account I had to go to the emergency room to get something to reassure me," he explains. Immediately afterwards he reported what happened to the Civil Guard and contacted his bank. "Now the economic issue is solved, but I do not understand what could have happened," he says.

The duplicate of Fernandez's card was made in a Vodafone store in Tarragona, 700 kilometers from his residence, according to him he said he had known about the operator. "My goal is to clarify what has happened," insists Fernandez, who has filed a claim with the regional consumer agency against the company. Vodafone explains for its part that the protocol to follow to deliver duplicates of SIM is very strict, since it can only be done after delivering the user's access code-a four-digit code that he has put-or presenting the DNI, The billing address and the last four digits of the bank account. "Without DNI, it is not duplicated," repeats the company, which says it has no record of other incidents of this type.