Massive SIM swap fraud spotted in the wild
- Cybercriminals are heavily relying on such type of frauds to steal money from users, especially in Brazil and Mozambique.
- Tricksters are using social engineering and simple phishing attack to take control of a victim’s phone.
SIM swap fraud is a type of account takeover fraud that enables the attackers to intercept the SMS authorization facility of several mobile users. The fraud leverages the weakness in two-factor authentication and two-step verification steps in order to port a telephone number to a new SIM.
Researchers have found that cybercriminals are heavily relying on such type of frauds to steal money from users, especially in Brazil and Mozambique.
What’s the matter - In a detailed analysis, researchers at Kaspersky Lab have revealed that tricksters are using social engineering and simple phishing attack to take control of a victim’s phone.
Once the attackers gain access to the customer’s phone number, they can use it to receive mobile money transactions or to collect banking-related OTPs. In Mozambique, the fraud is only limited to the users. However, this is not the case in Brazil. The fraud affects average citizens, politicians, ministers, governors and high-profile businessmen in the country.
Researchers noted that one organized group in Brazil had managed to trick 5000 users using SIM swap frauds.
Meanwhile, “At Mozambique’s largest bank they had a monthly average of 17.2 cases of SIM swap fraud; the true impact nationwide is difficult to estimate as most banks don’t publicly share statistics,” said the researchers.
How does SIM swap fraud work - The scam begins with fraudsters collecting details about the victim. It is done by phishing emails, or by buying information from organized crime groups or via social engineering or by obtaining information following data leaks.
Once the fraudsters have gathered the necessary details, they contact the victim’s mobile phone operator. They convince the telephone company to port the victim’s phone number to the fraudsters’ SIM.
As soon as the mobile number porting is complete, the victim loses the connection to its network and the fraudsters receive all the SMSes and voice calls intended for the victim.
“This allows the fraudster to intercept any one-time passwords sent via SMS or telephone calls made to the victim; all the services that rely on an SMS or telephone call authentication can then be used,” researchers added.
Major faults - Researchers found that some of the processes used by mobile operators are weak and leave customers open to SIM swap attacks. In some cases, the target is the carrier and not the customer.
“This happens when a carrier’s employees working in branches in small cities are sometimes unable to identify a fraudulent or adulterated document, especially branches located in kiosks or shopping malls, allowing a fraudster to activate a new SIM card,” researchers noted.
There are a few cases where the attackers recruit corrupt employees by paying anything between $10 and $40 to carry out SIM swap frauds.