SIM Swapping Fraud

By:  |  Category: Blog, Security Wednesday, August 8th, 2018  |  No Comments
SIM swapping

This is a eye opening read by Robert Lemos of Symantec on one of the newest scams to watch out for–SIM fraud. Unlike other scams, if hackers can get your phone number ported over they can pretty much get access to all of your accounts. Please be on guard!

Typically, the text message comes in late at night. Many people might ignore it.

“You’re on the phone with your carrier and just authenticated with an alternative method. Not you? Please call us.”

This is what happened to Cody Brown, a software developer and entrepreneur, late one night. He called the number, but his carrier was closed. Eleven minutes later, the attackers had changed his Gmail password. Then his Coinbase password got reset.

Within minutes, the attacker had transferred more than $8,000 out of Brown’s Coinbase account, he said in a detailed post-mortem published on Medium.
Brown shoulders the blame for not using two-factor authentication on his Gmail account, but also noted that the attacker was able to fool his service provider.

“After talking at length with customer service reps, I learned that the hacker did not need to give them my pin number or my social security number and was able to get approval to takeover my cell phone number with simple billing information,” he said.

Welcome to the world of SIM card fraud.

With two-factor authentication increasingly used to secure important accounts, attackers and fraudsters are actively pursuing ways to compromise mobile devices. One of the least technical methods is to collect billing information on a victim, call up customer service representatives at the victim’s carrier, and ask that their SIM card be ported over to a new phone.

Subscriber identity module, or SIM, cards are external processors that perform the cryptographic security for mobile phones. Essentially a smart card, the SIM chips have two important numbers stored on them at their time of manufacture: The International Mobile Subscriber Identity (IMSI) which acts as a username, and the 128-bit Key Identification, or KI, which is essentially a password.

If attackers can convince a customer service representative to port those numbers to a new SIM card, all calls and text messages will go to the attacker’s phone, while the victim’s phone will be disconnected from the network. Because many people only have a single mobile phone and no land line, getting disconnected can make recovering from an attack nearly impossible.

Read More

If you need assistance with managed IT and Security Services give EnhancedTECH a call at 714-970-9330 or contact us at [email protected]

Samantha Keller

Director of Marketing and PR at EnhancedTECH
Samantha Keller (AKA Sam) is a published author, tech-blogger, event-planner and mother of three fabulous humans. Samantha has worked in the IT field for the last fifteen years, intertwining a freelance writing career along with technology sales, events and marketing. She began working for EnhancedTECH ten years ago after earning her Bachelor’s degree from UCLA and attending Fuller Seminary. She is a lover of kickboxing, extra-strong coffee, and Wolfpack football.Her regular blog columns feature upcoming tech trends, cybersecurity tips, and practical solutions geared towards enhancing your business through technology.
Samantha Keller

Latest posts by Samantha Keller (see all)

Leave a Comment
Read previous post:
Sextortion is Newest Cyber Scam

Bribery and extortion have been around for ages, but sextortion, the newest cyber-con adds a devious twist. While "extortion" is...