SIM swap targeting verified buyers

Overview

Organised fraud groups bribe or coerce telecom staff to perform illegal SIM swaps on high-value marketplace buyers. Once the phone number is reassigned, the actors intercept OTPs, reset account credentials, and initiate refunds to mule bank accounts. They also impersonate buyers to social-engineer support teams and obtain additional data.

Indicators & telemetry

• Buyer reports sudden loss of network service followed by OTP or password reset attempts.
• Multiple failed login attempts preceding a successful login from a new device fingerprint.
• Refund requests or payout releases initiated within one hour of the SIM swap event.
• Telecom provider sends SIM swap alerts (where available) that correlate with suspicious account activity.

Preventive recommendations

1. Offer in-app “suspend payouts” button for buyers who suspect their number has been compromised.
2. Require step-up verification (biometrics, device binding, security questions) for high-value refund approvals.
3. Subscribe to telecom SIM swap notification APIs and block sensitive actions for 24 hours after a swap alert.
4. Educate buyers to immediately contact both their telco and Qubicbox support if service drops unexpectedly.

Response checklist

• Lock the buyer account and freeze payouts until identity is reverified.
• Validate recent refunds or changes; reverse transactions where possible and notify partner banks through Qubicweb intelligence channels.
• Coordinate with telecom fraud desks to reverse the SIM swap and collect insider evidence.
• Issue breach notifications if personal data was accessed, in line with NDPR/GDPR timelines.
• Update trust centre advisories and notify affected merchants if compromised buyers placed orders.