Table of Contents
Making the headlines over recent weeks we’ve seen two high profile cyber attacks on M&S and Co-op. In both attacks the criminals used a type of cybercrime known as SIM swapping. Fraudsters managed to gain access to internal systems by impersonating employees and tricking IT staff into resetting passwords. No doubt you’ve heard about the disrupted services and stolen customer data, causing a major headache for both companies.
This type of fraud has been on the rise, and it’s something every business owner, including those in the HVAC sector, should be aware of. Let’s dive into a bit more detail on SIM swapping fraud is, why it’s on the rise, and most importantly, how you can protect your business.
What is SIM Swapping Fraud?
SIM swapping, also known as SIM hijacking, is when a fraudster tricks your mobile company into transferring your phone number to a SIM card they control. Once they have your number, they can intercept calls and texts, including those all-important two-factor authentication (2FA) codes. This means they can potentially access your email, bank accounts, and other sensitive information.
But how do they do it? One way is by gathering personal information about you from social media. They look for details like your mother’s maiden name, your pet’s name, or make of your first car—common answers to security questions. With this information, they can impersonate you and convince your mobile company to activate a new SIM card in their possession.
The Alarming Rise in Cases
The National Fraud Database reports that SIM swap fraud cases in the UK have skyrocketed by over 1,000%, jumping from 289 cases in 2023 to nearly 3,000 in 2024. This dramatic increase highlights just how lucrative and damaging this type of fraud can be. As we’ve seen with the example of M&S recently, they were losing an estimated £3.5 million each day. Not to mention the damage to reputation.
How HVAC Businesses Could Be Affected
You might be thinking, “M&S and Co-op are retail giants! What does this have to do with my HVAC business?” A smaller business does not have immunity. In fact, small to medium sized businesses are increasingly becoming the target of choice for cyber criminals. The data held is still valuable, but they are often perceived as more vulnerable due to the limited resources at their disposal. And, as HVAC companies increasingly rely on smart systems and IoT devices, they become attractive targets for cyber criminals, leading to devastating consequences.
Protecting Your Business
So, how can you protect your HVAC business from SIM swapping fraud? Here are some practical tips:
- Use Authentication Apps: Instead of relying on SMS-based 2FA, use authentication apps like Google Authenticator or Authy. These apps generate codes on your device, making it harder for fraudsters to intercept them.
- Educate Your Team: Make sure your employees are aware of phishing and social engineering tactics. Regular training can help them spot suspicious activities and avoid falling for scams.
- Monitor Your Accounts: Set up alerts for any unusual activity on your accounts. If you notice anything suspicious, act quickly to secure your information.
- Strong Passwords: Use complex, unique passwords for all your accounts and change them regularly. This makes it harder for fraudsters to gain access.
- Carrier Security Features: Contact your mobile company and ask about additional security measures, like setting up a PIN or using biometric verification.
SIM swapping fraud is a growing threat, but by staying informed and taking proactive steps, you can protect your business. If you need any help understanding or implementing anything mentioned in this article, don’t wait until it’s too late—get in touch today. We’re here to help.
