Few know the expression “exchange of yes”, but this technique has been becoming increasingly common among cybercriminals seeking effective ways to access the victims’ bank and personal data. According to Marketeer, this silent threat is growing and requires special attention from digital service users. Therefore, if your mobile phone starts to present anommal anommal behaviors without apparent explanation, it is possible that the safety of your bank account is compromised.
In the center of the scheme, the same source explains, is the fraudulent duplication of the SIM card, ie the creation of a new copy of the card associated with the victim’s number. With this copy, cybercriminals can block the original card by turning off the true mobile network user without any notice. This begins a highly dangerous digital identity usurpation process.
How cybercriminals assume control of their number
It is precisely here that social engineering comes into play. Criminals do not need to invade servers or decipher passing words with advanced software: just convince the victim to provide essential personal data, such as the contract number with the operator or a citizen card image. Often this information collection is made through false telephone calls, misleading messages or emails that mimic well-known institutions.
Once this data gathered, the cybercriminals contact the operator pretending to be the victim and request a duplicate of the card. By activating this new card, the criminal assumes full control of the victim’s telephone number, receiving all verification SMS sent by the bank institutions. Thus, the authentication of two factors, which should protect the user, turns out to become a facilitator of the attack.
SMS Authentication: An unexpected weakness
With the new active yes, criminals are able to access the victim’s bank accounts and perform operations such as transfers, password changes and credit requests. All of this is possible because the validation codes, sent by SMS, are received on the attacker’s card. The security that many consider effective becomes an open door for digital theft.
Even email services, social networks or e -commerce platforms can be compromised, as many users have account recovery associated with the phone number. This almost total control over the victim’s digital identity puts at risk not only financial goods, but also personal and professional reputations.
The first alert sign and how to act quickly
The first symptom of this type of fraud is often ignored: network loss in the mobile phone without any technical explanation or coverage. This seemingly banal detail is actually one of the lighter signs that the SIM card has been cloned. When this happens, it is essential to contact the operator immediately, explains the same source.
If it is confirmed that a duplicate has been issued without its knowledge, the first measure should be the alteration of access to all bank accounts and critical platforms. In parallel, it is essential to notify the bank on the incident to prevent unauthorized transfers or operations.
We recommend:
The most common errors made by the victims
You should never provide personal data by phone, SMS or email, especially when these contacts are not requested. Legitimate entities do not ask for data updates through these channels, let alone press to click immediate verification links.
Another common risk vector is related to navigation habits. The simple act of opening an attachment or clicking on a malicious link can install a virus on the device and allow remote access by the attacker. Therefore, maintaining updated security software and being aware of the sender of messages is still essential.
The same source also underlines that social networks constitute a significant exposure point, especially when accepted or managed from your mobile phone. Many users publicly share information that, crossed together, can provide sufficient data for an attack. Birth dates, family names or even official documents photographs are recurring examples.
Online privacy and public wifi: a risky combination
Hence the need to regularly review the privacy definitions of online profiles. Restricting access to your mobile phone only to reliable contacts can be the difference between keeping data safe or unintentionally facilitating life to a cybercriminal.
In the field of connectivity, a common mistake is the use of public Wi-Fi networks to access bank accounts or insert passwords, refers to the same source. These networks, as a rule, are not safe and can be easily intercepted, allowing data capture in real time by malicious third parties.
The same applies to shared or without protection devices. Whenever possible, the use of public computers should be avoided to perform sensitive operations. The use of biometric authentication, such as fingerprint or facial recognition, is an additional layer that can make attacks difficult.
A responsibility that goes beyond the user
It underlines that the combat effective in the exchange of yes in your mobile phone requires not only individual surveillance, but also greater requirement to telecommunications operators, who should adopt reinforced verification systems for the issuance of new cards.
On the seat side, the bet on SMS alternatives, such as check apps or physical tokens, can significantly reduce the success of this type of fraud. However, shared responsibility is inevitable in an increasingly complex digital scenario.
Being informed and attentive to signs is an effective way to wage the threat before it comes to fruition. Digital literacy takes a central role here, because without proper knowledge, any user can become target.
Also read:
