Dr. Security gives tips and answers questions related to cyber security. This time it’s about SIM Swapping attacks and the threat they pose to SMS-based authentication.
Dear Dr. Security, yesterday my smartphone suddenly lost the connection to the telecom provider, even though I always have very good reception at home. Nothing has changed even after waiting and restarting the phone. I’ve read your last answer about SMS authentication for payments and I’m afraid I might be a victim of an attack, could it be? (Roberto, Langenthal)
If the mobile phone suddenly loses reception in a place where there is normally good network reception, it could be related to many factors. For instance, the mobile operator might have a technical problem in your area or you might’ve ignored the phone bill after the second reminder, it happens! What it could also be, though, and where I can shed some light, is that you could be the victim of a SIM card swapping (in short, SIM-swapping) attack.
In such attacks a fraudster convinces your network operator to transfer your phone number to a SIM card that he possesses. When this happens, your original SIM card cannot work anymore on the phone network, and therefore you will lose signal. At the same time, the fraudster will receive all traffic that was meant for you, including calls, and SMS messages. The issue is that, even in a short time-frame, the prepared attacker can now log in into your e-banking and other sensitive portals, and perform all kind of operations, such as confirming unauthorized monetary transactions to their accounts.
How can that happen? This is a likely scenario:
- The attacker gets access to a large number of username and password combinations, such as from an online source. They combine this information with more targeted attacks against specific victims, such as through phishing or malware.
- With this information, including falsified documents, they apply with the mobile operator for a duplicate of the victim’s SIM card.
- With the new valid SIM card in their possessions, it is now easy to misuse the second factor (SMS authentication code) for logins and to confirm online payments.
- These payments are typically routed to money mule accounts, which gather a large amount of money and transfer it, in a second stage, abroad. In this way the full chain of transfers is harder to trace for authorities.
All of this happens in a very short time, during which the victim has to notice that their phone is not working, to notify the network operator and the police, and to block the fraudulent SIM card.
SIM-swapping attacks have become fairly common in a number of EU countries and abroad. Europol has recently disclosed in a press release an operation to follow such SIM-swapping operations and convict a number of criminals that managed to steal hundreds of thousand of Euros, together with a number of recommendations that anyone can follow to stay safe.
In summary, make sure you never disclose any private information (passwords, SMS codes, address, phone numbers, passport or identity card information, etc.) to suspicious individuals. Similarly, you should not click on links or download attachments that originate from unexpected emails. Finally, when possible, use app-based authenticators instead of SMS messages for important services. If your bank or credit card company still uses SMS messages to authorize transactions you can contact them and push so that they move to more secure solutions, such as the ones offered through the Futurae Authentication Suite.
Best, your Doc (working from home!)
I am happy to answer your questions, so do not hesitate to write to the Doctor at: firstname.lastname@example.org.