What is SIM swapping fraud and how can you protect yourself?

Share
We take a look at SIM swapping, a form of identity theft where a criminal steals your mobile phone number by assigning it to a new SIM card

Over the last few years, thousands of data breaches have occurred with billions of records stolen, including the April 2021 Facebook data leak that impacted 533 million accounts.

Sim swapping has become a more common form of attack, as more and more people continue to live their lives through their mobile phones. The primary goal of SIM swap fraud is typically financial gain, often in the form of stealing bank and credit card information. However, sometimes a SIM swap attack might be intended to embarrass or humiliate the victim when compromising social media accounts.

The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe.  Recently they released the ENISA Report - Countering SIM-Swapping, providing an overview of how SIM swapping attacks work and of the extent to which the Member States are affected.

 

What is sim swapping? 

Sim swapping procedures exist for legitimate reasons, for instance, when the Sim card is lost or damaged. Sim swapping is also used to connect mobile phones with an embedded Sim (eSIM). 

A sim swapping attack is where a criminal pretends to be a customer or a mobile operator and tries a mobile phone network telling them they need a replacement Sim for a phone. The attacker will convince the telecom provider to do the sim swap, using social engineering techniques, pretending to be the real customer, claiming that the original sim card is for example damaged or lost.

When the attack is successful, the genuine subscriber’s phone will lose connection to the network and they won’t be able to make or receive phone calls.

 

How does a sim swapping attack take place? 

Usually, the attacker begins a SIM swapping attack by gathering personal details about the targeted subscriber. There are many ways personal data can be retrieved, this can be done through social engineering, phishing, malware, exploiting information from data breaches or doing research on social media.

Having all necessary information, the attacker would be able to convince the mobile network operator to transfer the subscriber's mobile number to a new SIM card under their control, or perform the process themselves online.

As a result, the attacker takes over the account and can receive all the SMS and voice calls intended for the legitimate subscriber. Fraudsters can perform online banking frauds but can also bypass the two-factor authentication (2FA) used to secure social media and other online accounts. 

How can you protect yourself from an attack? 

 

  1. Don't respond to fake emails, text or phone calls, These are ways in which fraudsters use to gather personal information about you
  2. Be vigilant if you receive suspicious calls, texts or emails from people asking for information – even if they claim to be from a genuine company.
  3. Be careful what you share on social media, Avoid posting things about yourself or family members birthdates, pet names and schools as these are often questions used to reset passwords.
  4. Call your provider immediately if you recieve unsolicited texts or emails about your sim being ported or PAC request, or you unexpectedly lose phone service
  5. Tell all your banks as soon as possible in case the fraudster attempts to make a transfer online or over the phone.

 

Share

Featured Articles

Resilience: Firms Fail to Grasp Cyber Financial Impact

Resilience and YouGov survey reveals 74% of mid to large UK businesses face cybercrime, while ransomware understanding lags behind data breach concerns

SonicWall and CrowdStrike Unite for SMB Security Service

SonicWall partners with endpoint protection specialist CrowdStrike to offer managed detection and response capabilities through managed service providers

FS-ISAC CISO Talks Cyber Strategies for Financial Providers

FS-ISAC CISO JD Denning explains the cyber strategies financial providers need to adopt in order to stay afloat in the wave of cyber attacks

Darktrace Reports 692% Surge in Black Friday Cyber Scams

Cyber Security

KnowBe4 Launches AI Agents to Counter Phishing Threats

Technology & AI

Gen Reports 614% Rise in Command Prompt Manipulation Scams

Cyber Security