SIM swap attacks have constantly increased in the last year
Thousands of testimonies similar to the following have been reported worldwide recently: a user’s smartphone signal suddenly fails and, when trying to restart it, the device has no response. This situation is detailed by IT security audits specialists.
The answer most people receive from the phone
company is that the user has requested a copy of their SIM card in another
city. “After talking to the phone company I checked my bank account only
to find out that it had been blocked. When I talked to the bank they confirmed
that the account was frozen due to unusual activity detection; I lost my
savings and someone applied for a 50k USD loan using my name”, says a
fraud victim who will remain anonymous.
“This is a variant of fraud called ‘SIM
swap‘ attack”, mentioned the IT security audits specialists. “Although there is no exact figure on
the number of similar cases presented each year, we can say that the figure has
increased considerably”.
Experts mention that hackers try to access the details of the victim’s bank accounts. Criminals require a copy of the victim’s SIM card to break two-factor authentication, used by multiple mobile banking services, to authorize fraudulent transactions.
“Smartphones are the most used multifactor
authentication tool, in addition, passwords can be obtained through simple
phishing techniques”, the specialists mention.
Perpetrators of this kind of attack are
sometimes computer students, but there are also international criminal groups
that resort to this variant of attack to finance their illicit activities. In
addition, to deceive the phone companies and get the duplicate of the SIM
criminals do not have to invest great efforts, because it is enough to convince
the company that the original chip has been lost to be enabled a new one.
IT security audits specialists the International Institute of Cyber Security (IICS) recommend users to be careful with the pages they visit and the software they install on their devices. Avoiding public WiFi networks and using password managers are also basic security measures to protect against SIM exchange attacks.
Gloss