Sim Swappers Hijacking Phone Numbers In Esim Attacks
SIM swappers have adapted their attacks to steal a target’s phone number by porting it into a new eSIM card, a digital SIM stored in a rewritable chip present on many recent smartphone models.
Embedded Subscriber Identity Modules (eSIMs) are digital cards stored on the chip of the mobile device and serve the same role and purpose as a physical SIM card but can be remotely reprogrammed and provisioned, deactivated, swapped, deleted.
A user can typically add an eSIM to a device that supports the functionality by scanning a QR code from the service provider.
The technology is becoming increasingly popular among smartphone makers because eSIMs eliminate the need for a SIM card slot and can offer cellular connectivity on small wearables.
Russian cybersecurity firm F.A.C.C.T. reports that SIM swappers in the country and worldwide have been taking advantage of this shift to eSIMs to hijack phone numbers and bypass protections to access bank accounts.
“Since the fall of 2023, analysts from F.A.C.C.T.’s Fraud Protection have recorded more than a hundred attempts to access the personal accounts of clients in online services at just one financial organization,” reads the press release.
“To steal access to a mobile number, criminals use the function of replacing or restoring a digital SIM card: transferring the phone from the victim’s ‘sim card’ to their own device with an eSIM.”
Previously, SIM swappers relied on social engineering or worked with insiders at mobile carrier services to help them port a target’s number. However, as companies implemented more protections to thwart these takeovers, cybercriminals turned their attention to emerging opportunities in new technologies.
Now, attackers breach a user’s mobile account with stolen, brute-forced, or leaked credentials and initiate porting the victim’s number to another device on their own.
They can do this by generating a QR code through the hijacked mobile account that can be used to activate a new eSIM. They then scan it with their device, essentially hijacking the number.
Simultaneously, the legitimate owner has their eSIM/SIM deactivated.
“Having gained access to the victim’s mobile phone number, cybercriminals can obtain access codes and two-factor authentication to various services, including banks and messengers, opening up a mass of opportunities for criminals to implement fraudulent schemes,” explained F.A.C.C.T. analyst Dmitry Dudkov.
“There are many variations of the scheme, but fraudsters are most interested in online banking services.”
A bonus for the attackers is that by porting the number to their device, they gain access to SIM-linked accounts in various messenger apps, which opens up more opportunities for scamming other people, like posing as the victim and tricking them into sending money.
To defend against eSIM-swapping attacks, researchers recommend using complex and unique passwords for the cellular service provider account and enabling two-factor authentication if available.
For more valuable accounts, such as e-banking and cryptocurrency wallets, users should consider protecting them with physical keys or authenticator apps.