SIM Swapping Cyber Crime 

Uploaded on 2023-10-17 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

SIM Swapping is a cyber threat that affects end users of mobile devices and enables a form of fraud whereby a cyber criminal obtains a duplicate SIM card associated with an individual's mobile phone or other SIM equiped device.

SIM card duplication is carried out by specialised cyber criminas and has serious consequences for the victims, fom theft of the victim's credentials and information, to the transfer of bank funds, loan requests and other types of fraud based on identity theft.

This allows them to steal money from their online banking application, among other possibilities. "Taking into account the simplicity with which this type of cyber threat is carried out and its high probability of success, it has been observed that sophisticated cyber criminals are beginning to incorporate SIM Swapping techniques in their campaigns and the first traces of activity directed towards business environments are beginning to be observed," explains Raquel Puebla, cyber security analyst at Entelgy Innotec Security a leading cybersecurity services company in Spain and one of the main service providers in Latin America. 

For a SIM Swapping campaign to be successful, several stages must take place and these include:-

Information gathering:  First, the cyber criminal gathers information on the potential victim to be targeted by the fraudulent action. He will use information from open sources and, most especially, from the individual's social networks (name, surname, telephone number, address, etc.).

Obtaining credentials:   SIM swapping makes it possible to obtain the codes that are usually used as a second authentication factor. To do this, the credentials of the service of interest to the attacker must first be obtained, for which phishing, pharming or spoofing activities can be carried out.  

Spoofing:   The cybercriminal contacts the telephone provider of the individual he is trying to defraud, pretending to be the owner of the SIM card to be duplicated. Social engineering tactics are also used for this purpose by claiming, among other things, that the SIM card has been lost or stolen.

Deactivation of the original SIM:    Usually, when the duplicate SIM occurs and the second card is activated, the one that was being legitimately used is deactivated and your mobile device is left without coverage, allowing a malicious third party to gain control over the duplicate phone number. In a small percentage of situations the attacker requests the activation of a multiSIM service, in which case both the attacker's card and the legitimate owner's card will work, making detection and remediation of the spoofing much more difficult.

Scams:   Following the above actions, the attacker can carry out all sorts of scams that affect the individual who is being impersonated.  It is common for cyber criminals to focus on gaining access to online banking services and subsequently making transfers from the victim's funds, and even taking out loans in the victim's name without their actual authorisation. 

One-time passwords:   To successfully complete the above procedure, attackers request the sending of a one-time password (OTP code) via SMS messaging, which is usually used by financial institutions as a two-factor authentication. Having access to the duplicate SIM card, the attackers can view the message, which in theory should only be transmitted to the holder of the line, using it to access the individual's bank account. 

Social network credentials:   Among other possibilities, it is also common for the SIM Swapping cyber attack to conclude with the obtaining of the user's email account access credentials or those corresponding to their social network profiles.

You Might Also Read: 

Mobile Authentication: The Good, The Bad & The Ugly:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Israel & Hamas: EU Issues TikTok A Warning
IoT Security Needs A Human Touch  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Renaissance

Renaissance

Renaissance is Ireland's premier value added distributor of IT security solutions and a leading independent provider of business continuity consultancy.

Venafi

Venafi

Venafi is a world-class cyber-security company dedicated to protecting machine identities for our hyper-connected digital economy.

SQNetworks

SQNetworks

SQNetworks provides a full range of cybersecurity consultancy, services and solutions.

Xcina Consulting (XCL)

Xcina Consulting (XCL)

Xcina Consulting provides high quality business and technology risk assurance and advisory services.

exceet Secure Solutions

exceet Secure Solutions

exceet Secure Solutions is your experienced specialist for Internet of Things (IoT), Heath Telematics, electronic signatures and timestamps and IT security.

FRSecure

FRSecure

FRSecure is a full-service information security management company that protects sensitive, confidential business information from unauthorized access, disclosure, distribution and destruction.

Startupbootcamp Fintech & Cybersecurity

Startupbootcamp Fintech & Cybersecurity

Startupbootcamp is the world’s largest network of multi-corporate backed accelerators helping startups scale internationally.

FortifyData

FortifyData

FortifyData is the next generation of cyber risk management–a comprehensive platform that continuously evaluates your third-party, internal and people risks.

Integrity

Integrity

Integrity is a PCI QSA and ISO 27001 certified company specialized in Information Security and IT Consulting.

US Digital Corps

US Digital Corps

The U.S. Digital Corps is a new two-year fellowship for early-career technologists where you will work every day to make a difference in critical impact areas including cybersecurity.

North East Business Resilience Centre (NEBRC)

North East Business Resilience Centre (NEBRC)

The North East Business Resilience Centre is a non-profit organisation here to support businesses in the North East of England in protecting themselves from cyber crimes and fraud.

WhizHack Technologies

WhizHack Technologies

WhizHack's mission is to not only create a pipeline of cyber security products but also to empower people to sustainable innovation in securing digital assets of tomorrow.

Aravo Solutions

Aravo Solutions

Your Extended Enterprise is full of hidden risks – Aravo makes them visible, measurable, and manageable.

SquareX

SquareX

Squarex secures your online activities without compromising productivity.

NeuroID

NeuroID

NeuroID combines the power of industry-leading behavioral analytics with advanced device and network intelligence to create your first line of defense against malicious bots, bad actors, and fraud.

Slide

Slide

Slide is a modern, security-first Business Continuity & Disaster Recovery (BCDR) company built exclusively for Managed Service Providers.