What Are IMEI/SIM Scams?
While the advent of smartphones has provided us convenience to do tasks we normally would do on our computers like email, shopping, and banking, on the go, it has also brought another way for criminals to try and target us. Like most scams the IMEI and SIM scams are designed to steal your money.
IMEI stands for International Mobile Equipment Identity and is a unique number associated with your mobile phone. Manufacturers program each mobile phone with this unique number so no two have the same IMEI. On most devices you can access your IMEI number by typing *#06# on your keypad.
IMEI scams happen when you use your mobile browser to bank online. The malicious site knows that you are visiting from your mobile device and serves up a popup that asks you to enter your IMEI number. Once the IMEI number is obtained by the hacker, they call your carrier and report the phone missing and then have a new SIM card sent to them. Now the hacker is armed with what equates to a cloned phone, and when your bank sends a text verification, the cloned phone gets the text and now the hacker can get into your bank account.
SIM stands for subscriber identity module which is the small rectangular card that stores your contacts. But even more important, it’s how your carrier recognizes and authenticates your device on their network.
With SIM scams, the criminals either steal your phone or disable your SIM so they can use it to create a cloned phone. Once they have your SIM, like the IMEI scam, the thief can get access to your bank or credit card accounts. And they also have all your contacts, so they can also use this to potentially send phishing emails or texts to your address book posing as you.
To help protect yourself from these scams you should:
- Make sure that your mobile phone is password-protected and set it to auto-lock after a certain period of time
- Use your bank’s mobile application and not a copycat site or your mobile browser
- Don’t store personal information such as passwords and account numbers on your device, and never allow applications to “remember” your user names and passwords
- Check your financial statements online at least once a week to make sure there aren’t any anomalies.
- Install comprehensive mobile security on your smartphone, like McAfee Mobile Security, which includes anti-theft features so you can lock your phone, back up your data and even wipe the device, if necessary as well as web protection to protect you from visiting malicious sites
Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)