Most scams where the victim is tricked into paying money to fraudsters originate on social media—often on Facebook, Instagram and WhatsApp.
But in the UK around one scam in five—and nearly half by the total value stolen—exploits weaknesses in our telecommunications infrastructure.
That could be someone spoofing the number of a legitimate entity, such as the tax office or your bank, when calling you. It could be a scammer exploiting security vulnerabilities in the mobile network to compromise and intercept voice and SMS messages.
In a rapidly rising form of fraud, criminals impersonate the nearest cell phone tower and send messages that look like they’re from your bank or mobile service provider
In a rapidly rising form of fraud, criminals impersonate the nearest cell phone tower and send messages that look like they’re from your bank or mobile service provider. One click on a link and you’re soon handing over valuable personal information or downloading malware that gives the scammers access to your payment app or crypto wallet.
In the latest episode of Unseen Money from New Money Review, my co-host Timur Yunusov and I are joined by telecom cybersecurity expert Dmitry Kurbatov, chief executive of UK-based company SecurityGen.
In the podcast, Dmitry explains how criminals can spoof a trusted entity’s phone number when calling you. We look at SIM swap frauds and discuss who bears responsibility for the continuing security flaws in mobile networks.
We highlight in which countries users are currently most exposed to mobile phone-based frauds. We look at the recent SK Telecoms breach in South Korea, which exposed the personal and financial data of up to 23 million users. And we describe the ever more ingenious methods being used by scammers to subvert telecoms networks.
Some technical terms used during the podcast:
“SIP trunking” is the digital method of making and receiving phone calls and other digital communication over an internet connection.
“SIP protocol” is a signalling protocol used for initiating, maintaining, and terminating multimedia sessions, including voice, video, and messaging.
“SIM farms” or “SIM boxes” bridge the internet and cellular networks, enabling the routing and redirection of calls or messages through multiple SIM cards.
“Rich Communication Services (RCS)” are a messaging protocol that enhances traditional SMS by offering richer features like multimedia sharing, group chats, read receipts and typing indicators.
“Drive-by smishing” is where fraudsters use fake base stations to force victims’ phones to connect to a fake mobile network and then use SMS messages to distribute malicious links or initiate scams.
In “software-defined radio”, components that are conventionally implemented in analogue hardware (e.g., mixers, filters, amplifiers, modulators/demodulators, detectors) are instead implemented by means of software on a computer.
A “global title” is an address used in SCCP (Signalling Connection Control Part, a network-layer protocol in telecommunications) for routing signalling messages on telecommunications networks.
“SS7” is a set of telecommunications protocols that are used to exchange information between different telephone networks.
“IPX” is a telecommunications interconnection model for the exchange of internet protocol-based traffic between customers of separate mobile and fixed operators.
