We’re aware of a new and sophisticated scam making the rounds in New Zealand. If you have received a call or an SMS that seems suspicious or to know more, read the info on this page to find out what to do.
What's the details of the scam?
The scam involves fraudsters moving Skinny customer mobile numbers to their own account and doing a SIM swap (moving a mobile number from one SIM card to another). This allows them to use the customer’s mobile number to perform sensitive tasks such as changing passwords and authorising financial transactions.
What to look out for:
• Receiving credit gifted to your Skinny account by an unknown person or an account pretending to be associated with Skinny e.g. Skinny Refunds.
• Someone calling you out of the blue claiming to be from Skinny, asking for your assistance to transfer the credit you’ve been incorrectly gifted or other unusual requests. Skinny will never call you out of the blue and ask you to enter a verification code or for your credit or debit card information. If you are suspicious of the phone call, hang up and call us back using the number listed on our website.
• Suspicious activity on other accounts, like receiving un-prompted password reset notifications or getting locked out of your account/s.
• If you don’t have mobile service in an area where you normally would, and other people’s phones are still connected, get in touch with us as soon as you can as it may mean you’ve been a victim of a fraudulent SIM swap.
Why do fraudsters and cybercriminals want access to my mobile number?
Many organisations now require customers to set up two-factor authentication (2FA) linked to the customer’s mobile number. Fraudsters are targeting mobile accounts to gain access to customer’s mobile numbers to perform sensitive tasks such as changing passwords and authorising financial transactions.
What do I do if I think I’ve been a victim of a SIM swap attack?
• Get in touch with Skinny as soon as you can on 0800 475 4669.
• Contact your financial services provider ASAP and check your financial transactions.
• Take a look at all other online accounts for suspicious activity.
• Change the password on your Skinny account to one you haven’t used before. We also recommend changing all your passwords on any other online accounts. It’s important that you choose a strong, unique password.
What can I do to lessen the chance of becoming a victim of a SIM swap attack?
• Avoid having information on your social media channels that can be used to verify your identity over the phone (e.g. birth date or contact details) or that you use for your password reset questions (e.g. pet’s name). Fraudsters can use this information to answer verification questions about you and potentially reset some of your passwords.
• If you have the option of app push notifications as a form of two-factor authentication (2FA), then use this option over SMS authentication. This is a more secure method of 2FA, particularly for banking.
More information
You can find more information about SIM swap attacks on the CERT NZ website.