Thousands of testimonies similar to the following have been reported worldwide recently: a user’s smartphone signal suddenly fails and, when trying to restart it, the device has no response. This situation is detailed by IT security audits specialists.
The answer most people receive from the phone company is that the user has requested a copy of their SIM card in another city. “After talking to the phone company I checked my bank account only to find out that it had been blocked. When I talked to the bank they confirmed that the account was frozen due to unusual activity detection; I lost my savings and someone applied for a 50k USD loan using my name”, says a fraud victim who will remain anonymous.
“This is a variant of fraud called ‘SIM swap‘ attack”, mentioned the IT security audits specialists. “Although there is no exact figure on the number of similar cases presented each year, we can say that the figure has increased considerably”.
Experts mention that hackers try to access the details of the victim’s bank accounts. Criminals require a copy of the victim’s SIM card to break two-factor authentication, used by multiple mobile banking services, to authorize fraudulent transactions.
“Smartphones are the most used multifactor authentication tool, in addition, passwords can be obtained through simple phishing techniques”, the specialists mention.
Perpetrators of this kind of attack are sometimes computer students, but there are also international criminal groups that resort to this variant of attack to finance their illicit activities. In addition, to deceive the phone companies and get the duplicate of the SIM criminals do not have to invest great efforts, because it is enough to convince the company that the original chip has been lost to be enabled a new one.
IT security audits specialists the International Institute of Cyber Security (IICS) recommend users to be careful with the pages they visit and the software they install on their devices. Avoiding public WiFi networks and using password managers are also basic security measures to protect against SIM exchange attacks.