We had always thought that using one-off password for banking is safe, but it appears that there is a “SIM Swop Scam” which allow scammers to hijack your cellphone number and receive the passwords via SMS. How this works is still unclear, but we believe that the safest thing to do is never to use a public computer for banking, and watch out for phishing sites. And for the banks, it might be better to use security tokens for passwords rather than sending via SMS.
“The transaction had taken place on the day his SIM card was swopped, but, because he was on holiday, Lindsay hadn’t switched on his laptop in days.
The transfer was possible as the crooks had received an SMS once-off password from his bank, via Lindsay’s hijacked cellphone number – a security measure used by banks to authorise payments to new beneficiaries.“