Group-IB has printed a report on SIM swapping assaults, discovering that attackers proceed to make use of social engineering to bypass technical safety measures.
SIM swapping is a method during which an attacker takes over a sufferer’s telephone quantity, which allows them to entry the sufferer’s accounts. This entails tricking the telecom operator into reassigning the sufferer’s telephone quantity to a SIM card managed by the attacker.
“SIM swapping fraud usually begins when the fraudster acquires delicate details about the sufferer, corresponding to their nationwide ID, telephone quantity, and card particulars,” Group-IB explains. “This info is usually obtained by way of phishing web sites that mimic legit providers or through social engineering techniques.
As soon as armed with the required particulars, the fraudster initiates a request to swap or port out the sufferer’s SIM. This will contain changing the sufferer’s SIM to an eSIM with the identical cellular community supplier or porting the quantity to a distinct native telecom operator. These requests are sometimes submitted by way of telecom supplier cellular apps, enabling the method to be accomplished remotely.”
Cell carriers have safeguards in place to stop SIM swapping, however attackers can bypass these utilizing social engineering. In some instances, the attackers additionally goal the victims themselves and trick them into authorizing the swap.
“In some areas, this course of is safeguarded by a Authorities E-Verification Platform, which requires customers to confirm their id earlier than any SIM swap or port-out request is authorised,” the researchers write. “Verification strategies could embrace approving a login request or utilizing biometric authentication. To bypass these safeguards, fraudsters deceive victims into approving the verification request, usually by posing as representatives of legit providers—corresponding to job purposes or account updates.
As soon as the sufferer unknowingly authorizes the request, the telecom supplier deactivates the prevailing SIM and prompts a brand new one beneath the fraudster’s management. With management of the sufferer’s telephone quantity, fraudsters can intercept SMS-based two-factor authentication (2FA) codes and perform unauthorized transactions.”
New-school safety consciousness coaching may give your group an important layer of protection towards social engineering assaults. KnowBe4 empowers your workforce to make smarter safety choices each day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human danger.
Group-IB has the story.
