Understanding How SIM Swapping Attacks Have Grown to Help Cybercriminals Monetize Their Activities

  • SIM swapping is a type of account takeover fraud that relies on phone-based authentication such as two-factor authentication and two-step verification.
  • Lately, the scammers are making heavy use of Remote Desktop Protocol (RDP) software to launch SIM swapping attacks.

A recent study by Princeton University has revealed that five major US wireless carriers - AT&T, T-Mobile, Verizon, Tracfone, and US Mobile - are susceptible to SIM swap scams. These attacks can jeopardize the bank accounts and personal details of customers with phone numbers from these carrier providers.

The infamous SIM swapping had also grabbed the spotlight following the recent hack of Twitter CEO Jack Dorsey’s account on his own platform. Securelist researchers, in their study from 2019, have indicated that SIM swap fraud is now huge in developing countries, especially in Africa and Latin America. With several mobile numbers often using 2FA to verify their accounts, SIM-swap attacks pave the way for criminals to access the victim’s email and bank account, cryptocurrency wallet, social media and more.

What is a SIM swap?

SIM swap is a type of account takeover fraud that relies on phone-based authentication such as two-factor authentication and two-step verification.

How does it work?

A SIM swap scam, also known as SIM splitting, simjacking, sim hijacking or port-out scamming, is a fraud that occurs when scammers take advantage of a weakness in two-factor authentication and verification in which the second step is a text message or call to your mobile phone number.

Usually, a basic SIM-card swapping work when scammers call a mobile carrier, impersonating the actual owner and claiming to have lost or damaged their SIM card. They then try to convince the customer service representative to activate a new SIM card in the fraudster’s possession. This enables the fraudsters to port the victim’s telephone number to the fraudster’s device containing a different SIM.

Once they gain access to and control over the victim’s cellphone number, fraudsters can then access to phone communications with banks and other organizations. They can receive any codes or password resets sent to that phone via call or text for any of the victim’s accounts.

The attack can also be used to gain control of a victim’s social media profiles and gather a variety of information.

Leveraging RDP to take the attack to another level

Lately, the scammers are making heavy use of Remote Desktop Protocol (RDP) software to hijack telecom employees’ machines. They are tricking the target employees to install or activate RDP software and then remotely reach into the company’s systems to conduct SIM swap attacks.

Detecting SIM swapping attack

  • The first big sign to spot SIM swapping is when your phone calls and text messages aren’t going through. This likely means fraudsters have deactivated your SIM and are using phone numbers.
  • If your login credentials no longer work for accounts like your bank and credit card accounts, you likely have been taken over. Contact your bank and other organizations immediately.
  • You will know you are a victim if your phone provider notifies you that your SIM card or phone number has been activated on another device.