Group-IB has revealed a report on SIM swapping assaults, discovering that attackers proceed to make use of social engineering to bypass technical safety measures.
SIM swapping is a way wherein an attacker takes over a sufferer’s cellphone quantity, which allows them to entry the sufferer’s accounts. This entails tricking the telecom operator into reassigning the sufferer’s cellphone quantity to a SIM card managed by the attacker.
“SIM swapping fraud sometimes begins when the fraudster acquires delicate details about the sufferer, equivalent to their nationwide ID, cellphone quantity, and card particulars,” Group-IB explains. “This info is usually obtained via phishing web sites that mimic official companies or by way of social engineering ways.
As soon as armed with the required particulars, the fraudster initiates a request to swap or port out the sufferer’s SIM. This will contain changing the sufferer’s SIM to an eSIM with the identical cell community supplier or porting the quantity to a distinct native telecom operator. These requests are sometimes submitted via telecom supplier cell apps, enabling the method to be accomplished remotely.”
Cellular carriers have safeguards in place to stop SIM swapping, however attackers can bypass these utilizing social engineering. In some circumstances, the attackers additionally goal the victims themselves and trick them into authorizing the swap.
“In some areas, this course of is safeguarded by a Authorities E-Verification Platform, which requires customers to confirm their id earlier than any SIM swap or port-out request is accredited,” the researchers write. “Verification strategies could embody approving a login request or utilizing biometric authentication. To bypass these safeguards, fraudsters deceive victims into approving the verification request, usually by posing as representatives of official companies—equivalent to job purposes or account updates.
As soon as the sufferer unknowingly authorizes the request, the telecom supplier deactivates the present SIM and prompts a brand new one beneath the fraudster’s management. With management of the sufferer’s cellphone quantity, fraudsters can intercept SMS-based two-factor authentication (2FA) codes and perform unauthorized transactions.”
New-school safety consciousness coaching can provide your group an important layer of protection towards social engineering assaults. KnowBe4 empowers your workforce to make smarter safety selections each day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human danger.
Group-IB has the story.