SIM Swapping Cyber Crime 

Uploaded on 2023-10-17 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

SIM Swapping is a cyber threat that affects end users of mobile devices and enables a form of fraud whereby a cyber criminal obtains a duplicate SIM card associated with an individual's mobile phone or other SIM equiped device.

SIM card duplication is carried out by specialised cyber criminas and has serious consequences for the victims, fom theft of the victim's credentials and information, to the transfer of bank funds, loan requests and other types of fraud based on identity theft.

This allows them to steal money from their online banking application, among other possibilities. "Taking into account the simplicity with which this type of cyber threat is carried out and its high probability of success, it has been observed that sophisticated cyber criminals are beginning to incorporate SIM Swapping techniques in their campaigns and the first traces of activity directed towards business environments are beginning to be observed," explains Raquel Puebla, cyber security analyst at Entelgy Innotec Security a leading cybersecurity services company in Spain and one of the main service providers in Latin America. 

For a SIM Swapping campaign to be successful, several stages must take place and these include:-

Information gathering:  First, the cyber criminal gathers information on the potential victim to be targeted by the fraudulent action. He will use information from open sources and, most especially, from the individual's social networks (name, surname, telephone number, address, etc.).

Obtaining credentials:   SIM swapping makes it possible to obtain the codes that are usually used as a second authentication factor. To do this, the credentials of the service of interest to the attacker must first be obtained, for which phishing, pharming or spoofing activities can be carried out.  

Spoofing:   The cybercriminal contacts the telephone provider of the individual he is trying to defraud, pretending to be the owner of the SIM card to be duplicated. Social engineering tactics are also used for this purpose by claiming, among other things, that the SIM card has been lost or stolen.

Deactivation of the original SIM:    Usually, when the duplicate SIM occurs and the second card is activated, the one that was being legitimately used is deactivated and your mobile device is left without coverage, allowing a malicious third party to gain control over the duplicate phone number. In a small percentage of situations the attacker requests the activation of a multiSIM service, in which case both the attacker's card and the legitimate owner's card will work, making detection and remediation of the spoofing much more difficult.

Scams:   Following the above actions, the attacker can carry out all sorts of scams that affect the individual who is being impersonated.  It is common for cyber criminals to focus on gaining access to online banking services and subsequently making transfers from the victim's funds, and even taking out loans in the victim's name without their actual authorisation. 

One-time passwords:   To successfully complete the above procedure, attackers request the sending of a one-time password (OTP code) via SMS messaging, which is usually used by financial institutions as a two-factor authentication. Having access to the duplicate SIM card, the attackers can view the message, which in theory should only be transmitted to the holder of the line, using it to access the individual's bank account. 

Social network credentials:   Among other possibilities, it is also common for the SIM Swapping cyber attack to conclude with the obtaining of the user's email account access credentials or those corresponding to their social network profiles.

You Might Also Read: 

Mobile Authentication: The Good, The Bad & The Ugly:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Israel & Hamas: EU Issues TikTok A Warning
IoT Security Needs A Human Touch  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CERT-SE

CERT-SE

CERT-SE is the national and governmental Computer Security Incident Response Team of Sweden.

EC-Council

EC-Council

EC-Council is a member-based organization that certifies individuals in various e-business and information security skills.

Holm Security

Holm Security

Holm Security are taking vulnerability assessment into the next generation as a cloud service.

Professional Insurance Agents (PIA)

Professional Insurance Agents (PIA)

Professional Insurance Agents (PIA) offer commercial insurance services including Cyber Liability insurance.

Hitachi Systems Security

Hitachi Systems Security

Hitachi Systems Security provides customized services for monitoring and protecting the most critical and sensitive IT assets in our clients’ infrastructures 24/7.

National Centre for Cyber Security (NCCS) - Pakistan

National Centre for Cyber Security (NCCS) - Pakistan

National Centre for Cyber Security (NCCS) undertakes cyber security research and plays a leading role in securing Pakistan’s Cyberspace.

Secure Technology Integration Group (STIGroup)

Secure Technology Integration Group (STIGroup)

Secure Technology Integration Group, Ltd. (STIGroup) is an innovative firm that provides CyberSecurity consulting, secure IT engineering, managed security services, and human capital solutions.

Privafy

Privafy

Privafy helps mobile service providers, IoT manufactures , and enterprises redefine the way they protect Data-in-Motion.

Corellium

Corellium

Corellium are dedicated to supporting our peers in the ARM community who seek to build more secure, performant, and accessible software and devices.

East Midlands Cyber Resilience Centre (EMCRC)

East Midlands Cyber Resilience Centre (EMCRC)

The East Midlands Cyber Resilience Centre is set up to support and help protect businesses across the region against cyber crime.

Orpheus Cyber

Orpheus Cyber

Orpheus Cyber provides predictive and actionable intelligence to our clients - enabling them to anticipate, prepare for and respond to the cyber threats they face.

National Cybersecurity Agency (ACN) - Italy

National Cybersecurity Agency (ACN) - Italy

The ACN is the National Authority for Cybersecurity in Italy. the Agency promotes public-private initiatives to strengthen the national cybersecurity and resilience posture.

OryxLabs

OryxLabs

OryxLabs provide advanced enterprise digital risk protection solutions. Learn more about how 24x7 continuous assessment, monitoring, and improvement can secure your network.

Institute for Applied Network Security (IANS)

Institute for Applied Network Security (IANS)

For the security practitioner caught between rapidly evolving threats and demanding executives, IANS Research is a clear-headed resource for decision making and articulating risk.

Invisily

Invisily

Invisily makes enterprise and cloud computing resources invisible to attackers with zero trust solutions, making them visible only when needed to only those who need them.

Seiber

Seiber

Seiber are a UK based Cyber Security company who provide consultancy and training services. Our objective is to stop bad things happening to good people.