The thought of someone gaining control of your phone number and being able to receive your calls and messages is a terrifying prospect.
That's especially true in the age of one-time passwords, the security measure set up by banks to make it harder for scammers to transfer or spend money from your account.
Worryingly, the practice is growing rapidly as victims have lost more than £10 million to SIM-swapping scams since 2015, according to Action Fraud.
And that figure only covers people who have reported a scam to the organisation, meaning many more could have been targeted and simply not reported it.
Coronavirus: online scammers' tricks to watch out for
What is a SIM-swap scam?
A SIM-swap scam is where a scammer tricks a mobile network into transferring your phone number to a SIM card that they own.
Once they have your number, they can get hold of calls and texts sent to you, which can include sensitive financial information such as one-time passcodes designed to protect you from fraud.
We talk to a loveMONEY reader who was affected by one such scam and reveal how you can keep yourself safe.
'They asked for ID but then ignored it'
Linda (she asked that we don’t reveal her last name) was on holiday last summer when she received an odd email from her bank, Royal Bank of Scotland (RBS), stating she was trying to re-register for online banking – and to contact them immediately.
She was alarmed by the email, especially as she never deactivated online banking, and another email followed shortly afterwards, requesting photo identification to approve some transfers.
So, she quickly got in touch by calling the number on her bank card and didn’t click on any links in either of the suspicious emails.
A week before this happened, Linda replaced her phone after her old one had a lot of issues.
When she swapped the old SIM for a new one and ported her number, her connection to the mobile network kept dropping out.
Linda now believes someone was trying to get hold of her number, which would explain why her friends and family struggled to get in touch with her at the time.
Following the suspicious emails Linda received a week after getting her new phone, she got in touch with RBS.
However, by the time she got through to someone, someone had already transferred nearly £8,000 from her Individual Savings Account (ISA) to her current account without her permission.
There were then four transfers to four new payees ranging from £1,900 to £2,000, leaving her account nearly empty.
“My bank [RBS] already let £8,000 be sent out of my account despite this person not having approval or [photo] ID,” said Linda.
“I don’t know any of the people the money was sent to.”
Safety tips: how to beat the scammers when using public Wi-Fi
After Linda discovered what happened, she immediately complained as the transfers were approved without her permission.
“They refused the refund because they said I should have taken better care of my account,” she commented.
“I didn’t do anything foolish.”
All Linda received from RBS was £75 in compensation due to the delayed response to her complaint.
So, she got in touch with loveMONEY to see if we could help.
How did RBS respond?
When I heard what had happened, I quickly got in touch with RBS to try and get them to change their decision.
I pointed out Linda was not responsible for what happened and quickly acted to try and protect her money.
For example, she used her bank card to find the correct contact number and didn’t click on any links on any emails (even though these were actually legitimate).
I felt that in this situation, the bank was wrong to approve any transfers without Linda’s express permission.
Thankfully, RBS were quick to offer a full refund and apologised for initially refusing one.
“We have reviewed Linda’s claim and taken the decision to refund her in full,” commented a spokesperson for RBS.
“We apologise for not reaching this decision sooner.”
RBS confirmed Linda was the victim of a SIM-swap scam and said they would also review their procedures to avoid this error happening again.
The bank believes the scammers de-registered then re-registered her account to gain access to her digital banking and used her number to receive one-time passwords.
Clone firm scam: ‘I lost £50,000 days before scammers were flagged by FCA’
How to stay safe
There are a few ways you can be alerted to an unwarranted SIM swap.
For example, NatWest warns you might receive an email or text prior to the swap stating that you have requested one, so if you receive this, get in touch with your phone provider and bank as soon as possible (using numbers you research separately).
The bank also said that a SIM swap results in your phone losing signal and you can no longer make calls, send messages, or use data.
So, if any of the above happens without warning, it’s worth investigating and getting in touch with your phone provider and bank if an unwarranted SIM swap is suspected.
Unfortunately, fraudsters only need a few personal details to carry out a SIM swap, according to Scott Johnston, Public Sector Outreach manager (EMEA) at analysis firm Chainalysis.
It’s worth checking what personal information is available via social media and also being aware of any data breaches with any companies you buy products from.