The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) warned of an aggressive vishing (voice-phising) campaign which began this summer. These attacks have been directed at organisations as well as individuals. One of the fraud methods used by the criminals is SIM-Swap. Well known to the FBI, it reported it to be one of the most devasting cybercrimes of 2019. SIM-Swap fraud (also known as SIM Jacking or SIM-Swapping) is an invasive and insidious attack that involves a fraudster porting a telephone number to a different device that they control.
A SIM-Swap occurs when a fraudster sets out to get some private information on their victim through various phishing attacks. Once the information is obtained, the attacker tricks the victim’s mobile phone carrier and requests their number to be changed to a different SIM card under the pretence as having lost their phone. The fraudster answers the security questions asked by the carrier’s agent using phished information – the carrier transfers the number to the requested SIM card allowing the fraudster to have complete control over their victim’s number – hence the “swap”.
Once the victim’s number is operational on the fraudster’s SIM, they can begin resetting passwords and gaining access to online accounts that receive SMS messages or automated voice calls for authentication purposes. Amongst others, this gives the fraudster access to bank accounts, messaging history and social media accounts. A victim may only realise something is wrong when they notice they have lost mobile network service on their handset. By the time they contact the mobile operator, the fraudster has had plenty of time for the fraudsters to drain bank accounts, hack social media platforms or collect the information they need to blackmail the victim. Each SIM card has a serial number, also known as an International Mobile Subscriber Identity (IMSI). Just like car registration plates that identify vehicles on the road, IMSIs help mobile carriers identify the SIM on their network. In the case above, where a fraudster ports their victim’s number on a device in their possession, the serial number of the SIM, the IMSI, also changes. Sentry SIM SWAP by PVN detects these changes and prevents such attacks from happening.
As mobile phones are increasingly becoming a vital part of our everyday transactions and security, the protection of mobile identity is now paramount.
Want to learn more about SIM-Swap? Contact our experts for a free consultation