SIM Swapping Cyber Crime 

Uploaded on 2023-10-17 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

SIM Swapping is a cyber threat that affects end users of mobile devices and enables a form of fraud whereby a cyber criminal obtains a duplicate SIM card associated with an individual's mobile phone or other SIM equiped device.

SIM card duplication is carried out by specialised cyber criminas and has serious consequences for the victims, fom theft of the victim's credentials and information, to the transfer of bank funds, loan requests and other types of fraud based on identity theft.

This allows them to steal money from their online banking application, among other possibilities. "Taking into account the simplicity with which this type of cyber threat is carried out and its high probability of success, it has been observed that sophisticated cyber criminals are beginning to incorporate SIM Swapping techniques in their campaigns and the first traces of activity directed towards business environments are beginning to be observed," explains Raquel Puebla, cyber security analyst at Entelgy Innotec Security a leading cybersecurity services company in Spain and one of the main service providers in Latin America. 

For a SIM Swapping campaign to be successful, several stages must take place and these include:-

Information gathering:  First, the cyber criminal gathers information on the potential victim to be targeted by the fraudulent action. He will use information from open sources and, most especially, from the individual's social networks (name, surname, telephone number, address, etc.).

Obtaining credentials:   SIM swapping makes it possible to obtain the codes that are usually used as a second authentication factor. To do this, the credentials of the service of interest to the attacker must first be obtained, for which phishing, pharming or spoofing activities can be carried out.  

Spoofing:   The cybercriminal contacts the telephone provider of the individual he is trying to defraud, pretending to be the owner of the SIM card to be duplicated. Social engineering tactics are also used for this purpose by claiming, among other things, that the SIM card has been lost or stolen.

Deactivation of the original SIM:    Usually, when the duplicate SIM occurs and the second card is activated, the one that was being legitimately used is deactivated and your mobile device is left without coverage, allowing a malicious third party to gain control over the duplicate phone number. In a small percentage of situations the attacker requests the activation of a multiSIM service, in which case both the attacker's card and the legitimate owner's card will work, making detection and remediation of the spoofing much more difficult.

Scams:   Following the above actions, the attacker can carry out all sorts of scams that affect the individual who is being impersonated.  It is common for cyber criminals to focus on gaining access to online banking services and subsequently making transfers from the victim's funds, and even taking out loans in the victim's name without their actual authorisation. 

One-time passwords:   To successfully complete the above procedure, attackers request the sending of a one-time password (OTP code) via SMS messaging, which is usually used by financial institutions as a two-factor authentication. Having access to the duplicate SIM card, the attackers can view the message, which in theory should only be transmitted to the holder of the line, using it to access the individual's bank account. 

Social network credentials:   Among other possibilities, it is also common for the SIM Swapping cyber attack to conclude with the obtaining of the user's email account access credentials or those corresponding to their social network profiles.

You Might Also Read: 

Mobile Authentication: The Good, The Bad & The Ugly:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Israel & Hamas: EU Issues TikTok A Warning
IoT Security Needs A Human Touch  »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CORDIS

CORDIS

CORDIS is the European Commission's primary public repository and portal to disseminate information on all EU-funded research projects and their results.

Tubitak

Tubitak

Tubitak is the scientific and technological research council of Turkey. Areas of research include information technology and security.

Japan Information Security Audit Association (JASA)

Japan Information Security Audit Association (JASA)

JASA is non-profit association active in developing and managing the quality of Information Security Auditing and Auditors in Japan.

ElcomSoft

ElcomSoft

ElcomSoft is a global leader in computer and mobile forensics, IT security and forensic data recovery.

Terranova Security

Terranova Security

Terranova is dedicated to providing information security awareness programs customized to your internal policies and procedures.

Infopulse

Infopulse

Infopulse is a global provider of Software Engineering, Cloud & IT Infrastructure Management, and Cybersecurity services.

Elitecyber Group

Elitecyber Group

Elitecyber group is a team of Cyber Security recruitment experts who work for Cyber Security and Cyber Defence clients and candidates throughout Europe.

Cado Security

Cado Security

Cado Security is pushing digital forensics, and cyber incident response to the next level with an incident response software platform and specialist consulting services.

Cythereal

Cythereal

Cythereal is the leader in predicting and preventing advanced malware attacks. Security Automation for the Overwhelmed Administrator.

Indevis

Indevis

Indevis provides IT security, datacenter and network solutions, accompanied by professional consulting, management and support services.

tru.ID

tru.ID

We’re tru.ID, and we're reimagining mobile authentication, one API at a time.

Information Security Officers Group (ISOG)

Information Security Officers Group (ISOG)

ISOG's mission is to strengthen information security through awareness and education programs, promoting community and fellowship among information security leaders.

BlueSteel Cybersecurity

BlueSteel Cybersecurity

BlueSteel is a compliance consulting firm that leverages deep system, data and application expertise to build sustainable cybersecurity solutions.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Certcube Labs

Certcube Labs

Certcube Labs provide a broad range of services in the areas of Assessments, Development, Risk Advisory, Blockchain, Forensics Investigations, Managed Security Solutions, and IT Security Trainings.

Deepware

Deepware

Deepware is an emerging AI research company dedicated to exploring the potential of GenAI in both generation and detection.