As a West Â鶹´«Ă˝Ół»police officer in charge of public communications, Const. Kevin Goodmurphy is used to warning people about scam artists.
But recently he got a very personal reminder of how easy it is to be targeted by fraudsters, after he was scammed himself.
“It does feel different when you are the victim,” he said, listing off feelings of shock, vulnerability and panic that followed immediately after he realized what had happened.
While some people think scam victims must be especially gullible or technologically illiterate, his own experience shows that just isn’t the case, said Goodmurphy. “Everybody is vulnerable.”
In his own case, fraudsters had already used Goodmurphy’s information to transfer tens of thousands of dollars out of his bank accounts by the time he phoned his bank branch. Luckily, he was able to stop the transaction.
But that happened only because he acted immediately, he said.
Scammers apparently targeted Goodmurphy via his personal cell phone while he was at work at the police station. He’d left the phone on his desk while in a meeting. When he came back, about 45 minutes later, there was a text message from his phone carrier, advising there had been a request to switch his phone number to another service provider. It asked him to contact them urgently if he hadn’t authorized the switch.
Then Goodmurphy saw he no longer had any cell service on the phone.
“I knew right away my phone had been compromised.”
He contacted his cellphone provider immediately, and in the meantime used the Wi-Fi connection to open his online banking app. “I realized my accounts had been drained.”
What followed was 24 hours of phone calls, emails and in-person meetings to safeguard his accounts and reverse potential damage.
After doing some research, Goodmurphy said it appears he fell victim to a “SIM swap scam” – a fraud that’s been reported in the U.K. but is relatively new in Canada.
Typically, a scammer will approach a cell phone provider via email or phone and impersonate the victim, saying they want to switch their old phone number to the new cell service provider and request that be added to a new “SIM card.” If the victim doesn’t reply to a warning text quickly, the switch goes ahead, essentially swapping out all of the information attached to that phone number into the fraudster’s phone with the new SIM card. Instantly, the scammer has access to all the victim’s text messages, emails and phone calls.
Once they have control of the phone, said Goodmurphy, fraudsters will quickly download popular apps including banking apps and claim to have forgotten their password. When a verification text message is sent, the fraudster – who has control of the phone – is the one who receives it.
“And then you can imagine the sky's the limit,” he said. “They can get into anything you have on your phone. ... They’re very, very quick.”
Usually victims don’t even realize what’s happened until it’s too late, he said.
As an advocate for prevention, Goodmurphy said he’s since learned “there were steps that I could have taken and didn’t.”
For instance most cellphone providers now offer extra “port protection” under which more questions will be asked of anyone asking to switch their phone to a new service.
Other steps include using an offline password manager – so all your information isn’t stored in your phone – and not broadcasting sensitive information like birthdays on social media.
Too often “nowadays we’re quite comfortable and confident” handing over personal information for profiles created on whatever new online service we sign up for, and even sharing it publicly on social media like Facebook, said Goodmurphy. But “that information makes you quite vulnerable,” he said.
That’s also a feeling that lingers after someone has been scammed, said Goodmurphy. “You don’t know the extent of the personal information they’ve learned about you. ... I’m still left wondering if I covered all my bases.”