SIM Swap: What is it?

Not only viruses and malware are dangerous for our PCs, nowadays the preferred target of cybercriminals seem to be mobile devices and in particular the scams related to cloned SIM. Nowadays everyone has the chance to own a mobile device and many are the less experienced users who make an unsafe use, giving the green light to a whole series of new threats such as the SIM Swapping attack. It is literally possible to define the term as “exchange”, an illegal duplication of the SIM card without the number being altered. In this way, the cybercriminal has free access to the victim’s mobile phone number, often without the knowledge of the person concerned. You may notice a slight slowdown or some bugs in the system, but nothing so worrying at least at the beginning, all aspects of little importance that can be a symptom of a scam that can cause an incredible number of problems.

Why is SIM Swap used?

Although we often do not take this into account, the personal telephone number is one of the sensitive data of each individual citizen. To the mobile phone number are associated several services, also very important, now necessary to operate also in mobility and remotely. Just think about all those websites or digital services that require a verification code via SMS before you can log in: home banking apps, personal social accounts, email providers and much more. Having said that, it is easy to understand why what is called sim swapping fraud or sim swap fraud is being implemented and why it has become such a technique. Cloning a phone SIM is also quite simple: the hacker will just go to a phone store and request a new card to then replace the real owner and bring the scam to a conclusion.

Steps for a perfect SIM swapping

In Italy alone, hundreds of users have been affected only in the last period. It is also no coincidence that the banking sector is the most affected, with criminals who, once they have access to their credentials and phone number, are able to forward as many transfers as possible at their own expense. This profitable technique is basically carried out in three specific steps:

• The acquisition of user data and credentials that take place through social media, using spyware and phishing emails that point to social engineering;
• Request to the involved telephone operator of a new SIM with the same number of the victim, so as to get completely in control of everything that is connected to the number;
• By combining the information obtained in the first and second step, the cybercriminal is able to access in complete autonomy banking services, postal and any type of service that allows a monetary gain to the organization.