Ex-GCHQ chief in warning over rise of 'sim swapping' as US seeks to extradite hacker over $50m fraud
A FORMER security services chief has warned people to toughen up phone security or risk falling prey to a growing number of "sim-swapping" hackers who have been taking over people's mobile devices and clearing bank accounts.
Peter Yapp (above) was deputy director of GCHQ's Cyber Security Centre, and oversaw its response to the NHS WannaCry ransomware attack in May 2017, before moving into the private sector as a cyber security expert.
Sim Swapping happens when fraudsters trick mobile phone companies into thinking they are speaking to the genuine owner of a phone number, so they can report "their device" lost and get all the data transferred to a new sim and device belonging to the cyber criminal.
It can give them access to online banking and other apps, leaving them vulnerable to having bank accounts cleared or credit cards used.
In an exclusive interview with Essex News and Investigations, Mr Yapp, now a cyber security advisor for Schillings, said fraudsters needed just a few basic personal details from their victim in order to convince the phone company they are a genuine customer.
He said: "People give away too much on social media like a full birth date, mother's maiden name or where they live and all of that can be used against you.
"They phone up a provider with a little bit of detail that makes them sound credible to switch over the sim and get access to a whole load of things that were probably never intended to be accessed through a phone number.
"If your phone suddenly stops working or the messages are not going through, you have probably lost your sim and you must contact the provider."
He spoke in the wake of a series of arrests of suspected sim swappers in the UK from February.
Eight men were arrested by the National Crime Agency (NCA) in England and Scotland as part of a transatlantic investigation into a series of sim swapping attacks, in which criminals illegally gained access to the phones of high-profile victims including celebrities in the US.
Corey De Rose, 21, (above) is facing extradition to the US after he was arrested in London in February.
The FBI has been investigating a global hacking group called The Community which allegedly stole $50 million through sim swapping.
The international arrest warrant states he conspired with others to "steal the identities of US citizens for the purpose of stealing Bitcoin and other Cryptocurrencies."
He appeared at Westminster Magistrates Court and was initially remanded in custody ahead of an extradition hearing in November.
The court heard he has been living a millionaire's lifestyle following the alleged cybercrimes.
However, he was later released on conditional bail after security of £270,000 was paid to the court.
Mr Yapp added: "It is almost like we have been sleepwalking into this and did not realise how far down the line we have come and how much we rely on devices which now contain so many aspects of our lives all attached to a phone number."
Many people's phones now include all their music, photographs, social media, banks and utilities, he said.
He said: "It's devastating for someone to lose all this, it's so personal and affects them so intimately
"We built a world on the internet with all these systems in the early days and no one thought about security and now there is a desperate scramble to make that secure.
"People feel they shouldn't have to go through all these efforts to secure their life but we have to raise awareness."
Mr Yapp said there was a "bare minimum" of five key actions could keep you safe from sim swappers.
1) Strong, unique passwords for the most sensitive accounts using random words with capitals, lower case, numbers and special characters;
2) Use a password manager to generate a string password across all accounts;
3) Set up two-factor authentication;
4) Always update programmes and apps as soon as available;
5) Be aware of phishing emails and messages