The SIM (Subscriber Identity Module) is a tiny integrated circuit card that goes into your phone. It contains multiple identifying numbers and keys that the phone uses to communicate with the mobile phone network. Some mobile handsets have an eSIM, which is a built-in SIM card.

How does an attacker swap the SIM cards?

Many businesses have used 2FA (Two-Factor Authentication) to improve the security while allowing system access. The use of an SMS as the second component is by far the most prevalent. After giving their login and password, the user will be required to input an OTP provided through SMS. The SMS code is the second element. In a SIM-swap attack, the threat actor’s goal is to get possession of a SIM to receive the SMS codes delivered to the victim. This is done with an aim to be successful in bypassing the 2FA system’s protection.

Swapping any Subscriber Identity Module card is a legitimate customer service operation. Hackers take malicious advantage of this. Threat actors using social engineering techniques impersonate the victim to the mobile phone company’s customer service staff. A SIM-swap attack begins with victim research and phishing attempts to obtain the personal information that may be used to effectively impersonate the victim. Hackers often impersonate genuine customers and supply the necessary information by self-help applications or portals to request the SIM swap.

What all can an attacker do after swapping the SIM cards?

Threat actors may be able to acquire access to the targeted users’ email, bank accounts, and social media accounts. This allows them to commit additional fraud as well. Taking control of the SIM may also make it easier to change passwords. They could possibly use the ‘Forgot Password’ function of online accounts that rely exclusively on the supply of a 2FA code through SMS.

How would you ascertain whether a SIM-swap attack is happening with you?

Keep an eye out for the following signs that you are being personally targeted for a SIM-swap attack:

  • Prior to the SIM-swap attack – The threat actor must mimic you, so they may contact you and ask you to exchange codes or SMS messages from your cell phone carrier. They will relay these codes to your telecom service provider to impersonate you to their customer support representatives.
  • During the attack is occurring – Your mobile phone’s network data connection is lost, and you neither receive any phone calls nor any messages via SMS. This is because your mobile phone number has now been transferred to the attacker’s swapped SIM card.
  • After the attacker successfully swapped the SIM(s) – If the attacker modifies sensitive credentials, you lose the account access of your email, bank, and social media accounts. As the thieves continue to mimic you, you notice unexpected transactions on your bank records or unusual behavior on social media.

If you see any of these signs, call your mobile phone provider right away to see if a SIM swap has occurred and to get it reversed. Also, contact your bank to have your online account password changed.

How to prevent SIM-swap attacks from happening?

When selecting a 2FA solution to protect their businesses, Security Managers may avoid SMS-based solutions and instead use a smartphone app. Google or Microsoft Authenticator generates OTP codes on the smartphone and is thus not vulnerable to SMS redirection.

Individuals may defend themselves from SIM-swap attacks by declining to provide any PII data to anyone who calls you claiming to belong to a mobile phone operator. If in doubt, hang up the phone first. Search out your mobile phone company’s contact information, then call back to ask them to confirm why they were calling. Never give out one-time passwords over the phone; they are meant to be typed into web pages or applications. It is advisable to choose an app-based authenticator rather than SMS. Also do not click on links received in SMS messages since it is easy to impersonate the sender of an SMS.

Centex Technologies provide complete IT infrastructure and Cybersecurity solutions for businesses. For more information on how you can protect your systems, contact Centex Technologies at Killeen (254) 213-4740, Dallas (972) 375-9654, Atlanta (404) 994-5074, and Austin (512) 956-5454