SIM swap fraud — also called SIM splitting or simjacking — occurs when attackers impersonate users and attempt to convince cellular providers that they’ve lost or damaged the original SIM card and need all user data moved to a new SIM card in their possession. If successful, this effectively transfers ownership of the mobile number to attackers, leaving legitimate users cut off from their mobile networks — and enterprises exposed to potential cyberthreats.
Armed with user information stored in SIM cards, malicious actors are often capable of recovering passwords used for everything from e-commerce sites to corporate email accounts. What’s more, they can intercept one-time SMS messages used for MFA and “prove” to enterprise networks that they’re legitimate users — all without alerting users or IT teams.
How Do Attackers Carry Out SIM Fraud?
SIM fraud starts with social engineering. Attackers perform reconnaissance on social media sites and corporate webpages to obtain as much information as possible about their targets. They may also use phishing emails to elicit key personal or business details or purchase specific information about users on the dark web.
Equipped with this data, they contact cellular providers, masquerade as legitimate users and attempt to have SIM card data transferred. If successful, all cellular data is routed away from user phones and directly to hacker devices.
MORE FROM BIZTECH: Dive into the era of flux and transformation for security strategy.
How to Detect SIM Swap Fraud
While every SIM swap case is different, common indicators of SIM fraud include:
- Inability to make calls or send texts: If users are suddenly unable to make or receive calls or text messages, they may be the victims of simjacking.
- Notifications of odd activity: In some cases, mobile phone providers will send email alerts or phone calls to backup numbers notifying users of suspicious behaviors.
- Sudden denial of account access: If staffers suddenly find themselves locked out of business accounts — even as IT teams record recent logins — SIM fraud may be the cause.
How to Prevent SIM Swap Fraud
According to the Federal Trade Commission, there are several steps that users can take — and that enterprises can encourage, especially if staff are using corporate-sponsored devices.
- Keep personal information personal: Users should never respond to emails, texts or phone calls that include a request for personal information — even if it appears to be from corporate management members. Instead, it’s safer to follow up by using verified email addresses or phone numbers to confirm the legitimacy of any request.
- Reduce social sharing: Attackers build a target profile for SIM swapping in part through social posts and publicly available information. The less personal data shared, the better.
- Create a device account PIN: Cellular carriers often allow users to create an account PIN or passphrase that must be provided before any changes can be made to the account, in turn frustrating SIM-stealer efforts.