{"id":22500,"date":"2024-03-18T22:10:20","date_gmt":"2024-03-18T18:10:20","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/what-is-sim-swapping\/22500\/"},"modified":"2024-03-18T22:10:23","modified_gmt":"2024-03-18T18:10:23","slug":"what-is-sim-swapping","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/what-is-sim-swapping\/22500\/","title":{"rendered":"What SIM swapping is, and why business should care"},"content":{"rendered":"

Today\u2019s topic is SIM swap fraud, aka SIM swapping. This attack method is far from new but remains a live threat because of how effective it is. SIM swapping attacks pose a serious danger to business because they enable threat actors to gain access to corporate communications, accounts, and sensitive information like financial data.<\/p>\n

What is SIM swapping?<\/h2>\n

\nSIM swapping is an attack method for hijacking a mobile phone number and transferring it to a device owned by the attackers. Put simply, said attackers go to a mobile telecoms operator\u2019s office, somehow wangle a new SIM card with the number of a victim-to-be (see below for examples of how), insert it into their own phone, and thus gain access to the target\u2019s communications.<\/p>\n

It\u2019s typically text messages that are of most interest to the attackers \u2014 specifically ones that contain one-time verification codes. Having gained access, they can then log in to accounts linked to the phone number and\/or confirm transactions using the intercepted codes.<\/p>\n

As for the SIM swapping process itself, there are various approaches by the bad guys. In some cases the criminals employ the services of an accomplice working for the mobile operator. In others, they deceive an employee using forged documents or social engineering<\/a>.<\/p>\n

The fundamental issue that makes SIM swapping possible is that in today\u2019s world, SIM cards and cell phone numbers are not used solely for their designated purpose. They were not originally intended to serve as proof-of-identity which they\u2019ve evolved into.<\/p>\n

Now, one-time codes by text are a very common means of account security, which means that all other protective measures can be rendered null and void by a fraudster who smooth-talked a store employee into issuing a new SIM card with your number. Such a threat cannot be ignored.<\/p>\n

For the targeted organization, a SIM swapping attack can hit the bottom line hard. Cybercriminal interest in cryptocurrency assets continues to grow as they can be hijacked relatively easily and, more importantly, quickly. However, this method can be applied in more sophisticated attacks, too.<\/p>\n

U.S. Securities and Exchange Commission loses X account<\/h2>\n

\nFor instance, here\u2019s a very recent case<\/a>. On January 9, 2024, the U.S. Securities and Exchange Commission (SEC) posted on X (Twitter) that it had approved a Bitcoin spot exchange-traded fund (ETF).<\/p>\n

This Bitcoin-boosting event had long been in the pipeline, so the news didn\u2019t strike anyone as implausible. Naturally, in the wake of the announcement, the Bitcoin price soared (by roughly 10% to $48,000).<\/p>\n

\"SIM<\/a>

Fake post from the hacked SEC account announcing the approval of a Bitcoin ETF. Source<\/a><\/p><\/div>\n

However, the post was later deleted and replaced with a message that the SEC account had been compromised. The next day, X issued a statement<\/a> saying that the compromise was due not to a breach of its systems, but to an unidentified individual who had obtained control over a phone number associated with the @SECGov account. Most likely, the jump in the Bitcoin price caused by the fake post meant the fraudster made a killing.<\/p>\n

Then, toward the end of January, the SEC itself officially acknowledged<\/a> that its X account had been hacked by SIM swappers. On top of that, it turned out that two-factor authentication (2FA), at the request of SEC staff, had been disabled by X support in July 2023 to resolve login issues. The issues duly resolved, they then simply forgot to turn 2FA back on \u2014 so until the January incident, the account was left without additional protection.<\/p>\n

$400 million FTX crypto heist<\/h2>\n

\nIt was only recently revealed that one of the largest crypto heists in history was carried out using SIM swapping. We\u2019re talking about the theft of $400 million worth of assets from the FTX crypto exchange in the fall of 2022.<\/p>\n

Initially, many suspected that FTX founder Sam Bankman-Fried himself was behind the heist. However, the ensuing investigation showed that he appeared to have nothing to do with it. Then came the indictment<\/a> of a \u201cSIM swapping group\u201d headed by a certain Robert Powell.<\/p>\n

\"SIM<\/a>

Part of the indictment in the case of the $400 million FTX SIM-swap crypto heist. Source<\/a><\/p><\/div>\n

The text of the indictment gave us the details of this heist, which, incidentally, was neither the gang\u2019s first nor its last. The list of victims of its SIM-swap operations runs into the dozens. The indictment goes on to mention at least six more cases, in addition to FTX, involving the theft of large sums of money.<\/p>\n

Here\u2019s how the criminals operated: first, they selected a suitable victim and obtained their personal information. Next, one of the perpetrators forged documents in the victim\u2019s name, but with the photo of another criminal \u2014 the one doing the actual SIM swap.<\/p>\n

The latter criminal then paid a visit to the respective mobile operator\u2019s office and got a replacement SIM card. Text messages with confirmation codes sent to the victim\u2019s number were then intercepted and used to log in to the latter\u2019s accounts and approve transactions for the transfer of assets to the gang. Interestingly, the very next day after the FTX heist, the group robbed a private individual in the exact same way to steal a modest-by-comparison $590,000.<\/p>\n

How to guard against SIM swapping<\/h2>\n

\nAs we see, in cases involving serious amounts of money, your SIM card and, accordingly, 2FA through one-time codes by text become the weak link. As the above examples show, SIM swapping attacks can be extremely effective; therefore, threat actors will doubtless continue to use them.<\/p>\n

Here\u2019s what to do to protect yourself:\n<\/p>\n