SIM Swapping Cyber Crime 

Uploaded on 2023-10-17 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

SIM Swapping is a cyber threat that affects end users of mobile devices and enables a form of fraud whereby a cyber criminal obtains a duplicate SIM card associated with an individual's mobile phone or other SIM equiped device.

SIM card duplication is carried out by specialised cyber criminas and has serious consequences for the victims, fom theft of the victim's credentials and information, to the transfer of bank funds, loan requests and other types of fraud based on identity theft.

This allows them to steal money from their online banking application, among other possibilities. "Taking into account the simplicity with which this type of cyber threat is carried out and its high probability of success, it has been observed that sophisticated cyber criminals are beginning to incorporate SIM Swapping techniques in their campaigns and the first traces of activity directed towards business environments are beginning to be observed," explains Raquel Puebla, cyber security analyst at Entelgy Innotec Security a leading cybersecurity services company in Spain and one of the main service providers in Latin America. 

For a SIM Swapping campaign to be successful, several stages must take place and these include:-

Information gathering:  First, the cyber criminal gathers information on the potential victim to be targeted by the fraudulent action. He will use information from open sources and, most especially, from the individual's social networks (name, surname, telephone number, address, etc.).

Obtaining credentials:   SIM swapping makes it possible to obtain the codes that are usually used as a second authentication factor. To do this, the credentials of the service of interest to the attacker must first be obtained, for which phishing, pharming or spoofing activities can be carried out.  

Spoofing:   The cybercriminal contacts the telephone provider of the individual he is trying to defraud, pretending to be the owner of the SIM card to be duplicated. Social engineering tactics are also used for this purpose by claiming, among other things, that the SIM card has been lost or stolen.

Deactivation of the original SIM:    Usually, when the duplicate SIM occurs and the second card is activated, the one that was being legitimately used is deactivated and your mobile device is left without coverage, allowing a malicious third party to gain control over the duplicate phone number. In a small percentage of situations the attacker requests the activation of a multiSIM service, in which case both the attacker's card and the legitimate owner's card will work, making detection and remediation of the spoofing much more difficult.

Scams:   Following the above actions, the attacker can carry out all sorts of scams that affect the individual who is being impersonated.  It is common for cyber criminals to focus on gaining access to online banking services and subsequently making transfers from the victim's funds, and even taking out loans in the victim's name without their actual authorisation. 

One-time passwords:   To successfully complete the above procedure, attackers request the sending of a one-time password (OTP code) via SMS messaging, which is usually used by financial institutions as a two-factor authentication. Having access to the duplicate SIM card, the attackers can view the message, which in theory should only be transmitted to the holder of the line, using it to access the individual's bank account. 

Social network credentials:   Among other possibilities, it is also common for the SIM Swapping cyber attack to conclude with the obtaining of the user's email account access credentials or those corresponding to their social network profiles.

You Might Also Read: 

Mobile Authentication: The Good, The Bad & The Ugly:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Israel & Hamas: EU Issues TikTok A Warning
IoT Security Needs A Human Touch  »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Lloyd's

Lloyd's

As an insurance market, Lloyd’s can provide access to more than 65 expert cyber risk insurers in one place.

Security Brokers

Security Brokers

Security Brokers focus services and solutions with a focus on strategic ICT Security and Cyber Defense issues.

BigID

BigID

BigID is redefining personal data protection and privacy. BigID software helps companies secure their customer data & satisfy privacy regulations like GDPR.

Forter

Forter

Forter provides new generation fraud prevention to meet the challenges faced by modern enterprise e-commerce.

V-Key

V-Key

V-Key is a global leader in software based digital security, providing solutions for mobile identity, authentication, authorization, and mobile payments for major banks.

SecureAppbox

SecureAppbox

SecureAppbox provide solutions that protects the communication of sensitive data as well as advice on data security and compliance with GDPR.

CybeReady

CybeReady

CybeReady’s Autonomous Platform offers continuous adaptive training to all employees and guarantees significant reduction in organizational risk of phishing attacks.

Cyberspace Solarium Commission (CSC)

Cyberspace Solarium Commission (CSC)

The Cyberspace Solarium Commission was established to develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences.

Singular Security

Singular Security

Singular Security help public and private organizations minimize cybersecurity risk and pass their IT compliance audit.

Cyphra

Cyphra

Cyphra’s team provide cyber security consulting, technical and managed services expertise and experience to support your organisation.

Revere Technologies

Revere Technologies

Revere Technologies is a pure-play cyber security solutions and services provider in Sub-Saharan Africa.

Numen Cyber Technology

Numen Cyber Technology

Numen Cyber Technology is committed to becoming a Threat Discovery and Response expert for corporate customers.

Varutra Consulting

Varutra Consulting

Varutra Consulting is an Cyber Security Consulting, Solutions and Training services firm, providing specialized security services for software, mobile and network.

SyberFort

SyberFort

SyberFort offers a suite of SAAS-based platforms designed to fortify your digital defenses including Threat Intelligence and Brand Protection.

Custocy

Custocy

Custocy is a unique collaborative AI technology that identifies sophisticated and unknown (zero-day) attacks.

Idenhaus Consulting

Idenhaus Consulting

Idenhaus specializes in Cybersecurity and Identity Management (IAM) Consulting.