Beware of SIM Swap, a malicious technique that steals your mobile number (and your data)

Alexander Boero

July 13, 2022 at 3:45 p.m.


SIM card ©

© Shutterstock

SIM swap attacks are, according to cybersecurity experts, on the rise. The technique is all the more dangerous as the general public is not yet aware of it.

Cyberattacks that target personal data are on the rise. And if hackers very regularly launch phishing attacks, the cyber ecosystem is now alerting to the rise of SIM Swap, a technique which consists of attackers seizing a duplicate of the mobile SIM card of a victim. The interested objective is obviously to seize the data of the target to then access his bank account.

A technique to bypass two-step verification

SIM Swap is a technique that allows a hacker to obtain a duplicate SIM card. This then gives him the opportunity to access the personal data of his trapped owner, such as identity and telephone number.

First, hackers collect personal data using phishing techniques. As a result, they contact the victim’s mobile operator pretending to be the victim, on the Internet, on the phone and even sometimes by going to a store. Once the duplicate SIM card is in hand, the scammer inserts it into a device to access all of the victim’s information and data, including call logs and message history. From then on, it is easy for him to have total control and to access, for example, the banking application of the victim to steal his money. The risk of identity theft is also very high.

For this, the pirate must obviously resort to a verification code. But since he has access to the mobile line, he just has to copy and paste the code sent. Because, yes, having the duplicate SIM card allows you to bypass the two-step verification process.

Good Cyber ​​Hygiene Can Help Prevent SIM Swap

There are still ways to protect yourself from SIM Swap and its consequences. The first is, as Check Point Software explains, to be careful with your personal data. And this requires a certain mistrust of the websites consulted. Remember to check that the padlock is still in the address bar and that the URL begins with “https”.

As is often the case, it is also worth remembering to be wary of text messages or e-mails received with spelling errors, even if you know the sender. The domain name is important, and it is always advisable to ensure that it is genuine. The same goes for links and attachments, often a sign of a phishing attack.

Finally, Check Point draws our attention to the loss of network signal on your mobile. ” This is an easy and safe way to find out that there is a duplicate SIM card “, insists the company specializing in cybersecurity. If, without you being able to explain it, you are suddenly no longer able to make or receive calls or receive text messages, contact the authorities as well as your operator so that they can deactivate the SIM card and start your data recovery journey.

Source link -99