These attacks are not new; we began to see them in 2019, but today there are still some serious cases, so let’s take a closer look at them so we don’t get caught off guard.
What is SIM swapping?
The purpose of these attacks is quite simple: to make a duplicate of our SIM card. Now, let’s explain the motive and purpose in a little more detail.
SIM cards currently play a very important role in our devices. Among other things, they identify the service provider and allow us to make calls and send and receive SMS messages. This is particularly interesting because, as we have discussed in other posts, SMS messages can serve as a second factor of authentication. In other words, if an attacker gets hold of our SIM card, they could impersonate us.
However, the SIM card is inside our mobile device, which makes it difficult to steal or… In this regard, cybercriminals take advantage of a weakness in the identity verification process of some operators when making a duplicate SIM card. In this way, through social networks or the victim’s online data, the attacker collects information and, once obtained, calls the operator responsible for the SIM card, impersonating the victim and duplicating the SIM card. As we have said, this is possible due to the lack of security controls by the operator.
Before carrying out this entire SIM card cloning process, the attacker usually has the victim’s access credentials, normally for bank accounts, although others may be used. With this combination, the cybercriminal has everything they need to access our accounts and ‘get their hands on the loot’.
Identifying the attack
Recognising that you are suffering from this type of attack is very clear and straightforward, but we must be vigilant. When a SIM card is duplicated, the ‘old’ original card is permanently deactivated. This has the direct effect of losing your phone signal and mobile data.
In other words, when a cybercriminal makes the duplicate, we will be unable to make or receive calls or SMS messages, or access the Internet with mobile data.
The problem could arise when these types of attacks are carried out at times when we are not using our mobile device. For example, the alleged attacker may know if we are working, sleeping or busy with any other activity without access to our devices, in order to take advantage of our absence and carry out all the actions without us noticing.
How to protect ourselves
We could say that this type of attack mainly requires a combination of two specific techniques. On the one hand, the collection of personal information through public data on the Internet or obtained through social engineering. On the other hand, the service provider’s failure to verify identity when making a SIM duplicate.
In the first scenario (and the only protection we can provide ourselves), we apply general cybersecurity principles such as:
- Do not share personal information publicly on the Internet, such as data on open social networks.
- With regard to social networks, check your privacy and security settings to ensure that no one other than those you want to can view your content.
- Avoid providing personal or banking details in unknown calls or messages.
- Use two-factor authentication mechanisms that are not SMS-based.
- Always trust apps verified in official stores and do not install others from dubious sources.
- Avoid public networks and never enter personal details when connected to them.
With regard to the duplication of SIM cards that can be done in our name and which is at the heart of this type of attack, from our position, unfortunately, there is not much we can do.
A change is needed in the paradigm and procedures used by operators and entities to verify identity. A clear example of this type of measure in favour of cybersecurity is represented by Open Gateway with anti-fraud integrations (API SIM Swap). In these scenarios, the integration reports any changes to the secure terminal from which the transaction is made, allowing the device and the latest changes to be identified, in addition to the SIM card.
I am a victim, now what?
Let’s hope we never have to say these words, either about this or any other attack. Even so, we have to be prepared to act accordingly if this happens.
As they say, first of all, stay calm and then contact your service provider as soon as possible once you have identified the problem. They may disable your SIM card or take other action.
The next step is to contact your bank, as these types of attacks focus on or are often aimed at bank account fraud. If necessary, freeze or disable your accounts and cards temporarily until the situation is resolved. You should also check for any unusual charges and, if you find any, gather as much information as possible for a future complaint and refund.
We should also check any personal accounts where we know that our phone number or SMS can be used to identify us.
In any case, it is advisable to change your login credentials and even remove SMS as a validation mechanism in the relevant environments.
