Sim Swapping is a common scam, where crooks can steal your phone number. Only, a new method has just been reported by a victim. The principle ? A fake SMS sent by SFR claiming that an eSim has been ordered on your line.
If the SIM card is still the dominant format, for a few years now, all French operators have been offering their customers the option of eSIM, provided they have a smartphone compatible with this technology, of course.
If you’re not familiar with the eSim, it’s actually a miniaturized version of the traditional SIM card. Non-removable, it is directly soldered to the motherboard. In addition to allowing manufacturers to get rid of the sim card tray (and by extension saving valuable space for other components), it makes changes with operators much easier. Indeed, the information written on the eSim is can be modified remotely at any time by your operator.
Also read: Sim Swap scams – already hit by the crisis, he has his bank account emptied
SIM Swapping, a simple technique with disastrous consequences
Now that we have explained in detail what the eSIM is, it is necessary to approach the principle of SIM Swapping. In short, this is a popular method for scammers to transfer your number from your SIM card to a SIM card in their possession. To do this, scammers simply call your operator’s customer service and try to impersonate you.
Usually, they pretend a theft, the loss of the smartphone or a network problem for example. To handle the operators, the maneuver is not very complicated. Simply provide personal information such as your date of birth, your email and postal address or other (data that can be easily obtained on social networks, or on stolen databases for sale on the dark web).
Once the scammers have your number, they can use it to run phishing campaigns, or to unlock access to sensitive services via double authentication. In October 2020, a user’s SIM card was hacked via this method. The hacker managed to steal 17,000 euros from his bank account.
The eSIM is perfect for SIM Swapping
However, the eSIM is obviously perfectly suited to this method. Indeed, a user tells on the site Signal-Arnaques.fr to have been the victim of a new scam. Here is the detailed procedure. It all starts with the receipt of a fake SMS from SFR. It is written that a “eSIM card has been ordered on your line”. The text message contains a link redirecting you to a perfect imitation of the operator’s site.
Here, you are naturally asked to log in with your SFR username and password to cancel the order. Once a false form has been duly completed, the user is warned that his line may experience some malfunctions during the next 72 hours.
You will have understood it, it is here that the trap closes on you. The hackers will obviously recover the information provided for order with your identifiers a new SIM card in your name. As a result, hackers take your number to use it fraudulently. According to the victim’s testimony, the scammers exploited the line to:
- send dozens of false messages to users to encourage them to pay a fine after a video-verbalization for lack of Crit’Air sticker
- make premium rate calls to numbers created by hackers (resulting in a phone bill of several hundred euros for the victim)
To avoid being a victim of SIM Swapping, several reflexes are good to take. First of all, avoid posting personal information on the web, or modify them or limit their access as much as possible (restricted circle of friends, etc.). Of course, systematically opt for double authentication on all of your accounts. And to do this, do not go through your phone number and use a dedicated app like Google Authenticator instead.