March 14, 2024 at 02:11PM
SIM swappers have adapted their attacks to steal phone numbers from eSIM cards, utilizing the digital cards stored on mobile device chips. Russian cybersecurity firm F.A.C.C.T. reports an increase in attempts to access client accounts. Attackers hijack the victim’s phone number by porting it to their own device with a new eSIM, enabling access to bank accounts and messenger apps. To protect against these eSIM-swapping attacks, experts recommend using unique passwords and two-factor authentication.
Key Takeaways from Meeting Notes:
1. SIM swappers have evolved their attacks to target eSIM cards, which are digital cards stored on the chip of mobile devices and can be remotely reprogrammed, provisioned, and swapped. They can use this method to hijack phone numbers and access online accounts.
2. The use of eSIM technology is increasing among smartphone makers as it eliminates the need for a physical SIM card slot and provides cellular connectivity on small wearables.
3. A Russian cybersecurity firm, F.A.C.C.T., reports that SIM swappers have exploited the shift to eSIMs to hijack phone numbers and gain access to victims’ accounts, especially in online banking services.
4. Attackers hijack a victim’s account on the service provider’s platform or app to initiate the porting procedure of the victim’s number to another device, gaining access to the victim’s eSIM/SIM.
5. Once they gain access to the victim’s phone number, cybercriminals use it to obtain access codes and two-factor authentication for various services, such as banks and messengers, to execute fraudulent schemes.
6. To defend against eSIM-swapping attacks, researchers recommend using complex and unique passwords, enabling two-factor authentication, and considering additional security measures like physical keys or authenticator apps for valuable accounts such as e-banking and cryptocurrency wallets.
Is there anything specific you’d like to focus on or any additional information you need?