Cyber Threat Weekly

SIM Swapping

August 17, 2020 WMRCCU Season 1 Episode 13
Cyber Threat Weekly
SIM Swapping
Show Notes Transcript

This episode talks about the SIM Swapping, Ransomware target Travelex and Microsoft Patching. 


After listening to this podcast please visit Action Fraud, National Cyber Security Centre and the West Midlands Cyber Protect Website for more guidance on all things relating to online Security.


Our host today is Patrick, a Detective and Cyber Protect officer for the Regional Cyber Team part of the Regional Organised Crime Unit for the West Midlands.


Also covering the West Midlands is Sean Long – WMPDigitalPCSO, Warwickshire and West Mercia is James Squire - cyberpcso and Staffordshire Police area is Mathew Hough-Clews and can be found at sp_digitalpcso.


To contact us please email us at

Hello and welcome. Hello, my name is Patrick and I'm a Detective and Cyber Protect officer from the West Midlands Regional Cybercrime Unit. 

Today's date is Friday the 14th of August 2020, and these are your Cyber Threat Weekly headlines. Sim swapping fraud seen to be rising, Travelex forced into administration after ransomware attack, and Microsoft Patch Tuesday August appears to be a success. 

This week, the West Midlands Regional Cybercrime Unit, became aware of sim swapping scams taking place within the West Midlands region. 

Sim swapping also known as sim splitting, emerged several years ago, but is on the increase as mobile phone numbers become more widely used as part of security checks. Scam sees attackers access victims text messages, calls and other sensitive information, including security codes used as part of two factor authentication. A successful attack will follow five steps. 

Step one, fraudsters initially harvest as much as they can about an individual. This includes intercepting the post searching public information on social media and search engines and tricking them into installing malware malicious software, or buying information about them from organised crime groups. 

Step two, armed with information the fraudsters will call the victim's mobile phone provider and tell them that the handset has been stolen, lost or damaged. Provided they can answer basic security questions. Your sim is cancelled, our new one is activated. 

Step three, the first and a victim or no have a problem is when their mobile stops working. This can seem innocent at first, and some people may just think it is a signal problem. 

Step Four, fraudsters can then hack into a victim's online banking and open a parallel business account. Since the new business account is already in an existing customers name, there are fewer security checks conducted. 

Finally, step five, the fraudsters then start to transfer money to accounts in their control. The banks will either call or text to confirm that payments being sent are genuine, fraudsters will pretend to be the victim and insist the payments are pushed through. 

So how can you protect yourself against this type of fraud? There are six things that you can do to protect yourself from this type of fraud. 

Firstly, always make sure you have suitable antivirus software installed and it is kept up to date on all your devices. 

Secondly, always consider what you're downloading. Do not open files or click on links from unknown sources. 

Third, if you discover a virus on your computer, disconnect from the internet immediately and ask somebody who has knowledge in this area, a specialist advisor for professional organisation. 

Four, when creating a password, try not to use the same password for more than one account. This will prevent further accounts being taken over if one has been compromised. 

Five, create a strong password, by choosing three random words, numbers and symbols can still be used if needed. 

Six, try not to post information that is too sensitive on social media, such as your date of birth your first pet or school, as these are normally included in security questions to reset your passwords.

Report any fraud and cyber crime to action fraud and receive a police crime reference number. Sign up for free to action fraud alert to receive direct verified accurate information about scams and fraud in your area, by email recorded voice and text message. 

Travelex,  the well known money exchange Bureau has been forced into administration after being subjected to a ransomware attack with over 1000 jobs set to go. PriceWaterhouseCooper announced late last week that it had been appointed to join administrators of the currency exchange business. Despite operating over 1000 ATMs and thousands plus stores globally and providing services for banks, supermarkets and travel agencies in over 60 countries, the firm was forced to cut over 1300 jobs as part of the restructuring. The impact of a cyberattack in December 2019 and the ongoing Covid-19 pandemic this year has acutely impacted the business admitted PriceWaterhouseCooper in a notice announcing this news.

And Microsoft's Patch Tuesday seemed to be a huge success when it released updates to plug at least 120 security holes in his Windows operating system and supported software, including two newly discovered vulnerabilities that are actively being exploited. At least 17 of the bugs were squashed in Augusts patch, addressing vulnerabilities which Microsoft rates is critical, meaning they can be exploited by malware to gain complete remote control over an affected system with little or no help from users. This is the six month in a row, Microsoft has shipped fixes. For more than 100 flaws in its products. 

For additional guidance, please visit the National Cyber Security Centre (NCSC), Action Fraud and the Take Five campaign websites. Also please do not hesitate to contact us with regard to training, advice and guidance on how to protect and prepare yourself or your business online. 

Thank you