LetterHe is on a cyber attack that targets brands and Spencer (M&S) is the last growing wave that includes something called wiring fraud.
While complete technical details are under investigation, reporting in Times It shows that cyber attackers have used this method to access the M&S internal systems, probably by controlling the employee’s mobile phone number and persuading the IT staff to reset important credentials.
Wiring scam is not a new phenomenon, but it is increasingly dangerous and more prevalent.
According to CIFAS, the National Scam Prevention Service in the UK, SIM-SIM has reached approximately 3,000 in 2022 in 2022 in 2022.
What has been mainly dangerous for encryption or online investors is now very common.
This form of cyber attack shows how large companies and ordinary individuals can endanger the tactic that exploit human factors, such as the trust and how to create their digital identity around mobile phones.

SIM-SWAP fraud starts when a fraudster convinces a mobile operator to transfer the number one victim to the new SIM card or even ESIM (one on the device) under the control of the fraud.
This can be done by phone, via an online chat or even with the help of a bribe. After transferring the number, all calls and texts intended for the victim are directed to the fraud. This includes important verification codes for email, banking, messaging programs such as WhatsApp and government services such as HMRC.
It will be dangerous alone. But what makes the wiring scam is very effective is that cyber fraud often has access to a piece of personal data about its target. This information may be collected from data violations, phishing attacks, low -profile websites, or even victim’s social media.
People often underestimate their disclosure online: Birthday on Instagram, a phone number in a job post or a home address used in an online show. The fraudsters combine these data to build a convincing profile, enough to deceive the customer service staff of a mobile operator by believing that they are talking to the real account holder.

How does wiring scam work
Once the fraudulent obtained control of a number, its consequences are widespread. Attackers can access sensitive information, including personal documents, and receive password reset links for other user accounts. They can log in to WhatsApp or Telegram accounts, read private messages, forge the user, and even contact friends or family members for more fraud.
Victims may see false messages sent in their names or frauds transactions from their accounts. This can lead to financial loss, damage to the victims, as well as issues related to emotional and mental health.
In the case of M&S, attackers apparently used this access to manipulate internal processes and access sensitive systems. This highlights a wider risk: Many companies still trust the phone numbers as a secondary approval method for employees and vulnerable their systems to the same cyber attack against people.
Reduce risk
While it is difficult to identify the real time of cell phone number, taking specific measures can significantly reduce the likelihood of targeting and sacrificing. People should refrain from sharing personal data unnecessary, especially on several operating systems and most importantly on unknown or unreliable websites.
Many invaders do not get all the necessary information from a single source. Instead, they collect it gradually, using public profiles, marketing databases, and past leaks to create a comprehensive image.

Note that you share your phone number, birthdays or other IDs can make it harder for others to forge the identity of others. It is also important to learn how phishing works and how to know it, so you don’t send your sensitive information to the phishing or fake websites.
Preventing SMS -based authentication is another important step if possible. Many services now support reputable applications, such as Google Authenticator, Microsoft Authenticator, because of the authy that are tied to your mobile number. For mobile accounts, setting a unique pin or password for your account, which must be offered for any change, can add an additional protection layer. This makes it harder for someone without that SIM card exchange code. However, users alone cannot do this task.
Mobile network operators need to enhance authentication practices, moving beyond the basic questions about names and addresses that are easily collected or guessing. Banks and other financial institutions must re -appeal using SMS or at least SMS as the default method for sensitive authentication. And companies, especially those who run personal data or financial assets, must teach their customer information technology and customer services teams to identify the signs of identity -based attacks.
SIM-SWAP fraud is not because it is very technical, but because it abuse our trust in the phone number to confirm identity. The M&S item and similar examples show how fragile this trust can be – and why our mobile identity is no longer optional.
Hussein Ebroshan is a senior lecturer at the Faculty of Accounts and Information Science, University of Angelia Ruskin
This article is originally published by the conversation and is published under the Creative Commons. Read Main article