March 14, 2024 at 03:01PM
SIM swappers have developed new tactics targeting eSIM technology, enabling them to hijack phone numbers and gain unauthorized access to bank accounts. By remotely reprogramming eSIMs, they can transfer a victim’s number to their own device, bypassing security measures. To protect against this, experts recommend using strong passwords and two-factor authentication, particularly for sensitive accounts.
Meeting Takeaways:
1. SIM swappers have evolved their attacks to target eSIM cards, which can be remotely reprogrammed and provisioned. This allows them to hijack a victim’s phone number and access various online services, including banks and messengers.
2. Russian cybersecurity firm F.A.C.C.T. reports that since the fall of 2023, there have been over a hundred attempts to access the personal accounts of clients at a financial organization due to eSIM-swapping attacks.
3. Attackers hijack a user’s account for the service provider’s platform or app, initiate the procedure of porting the victim’s number to another device, and generate a QR code to activate a new eSIM, essentially hijacking the victim’s number.
4. The attackers can gain access to SIM-linked accounts in various messenger apps, enabling them to scam other people by posing as the victim and tricking them into sending money.
5. To defend against eSIM-swapping attacks, researchers recommend using complex and unique passwords for the cellular service provider account, enabling two-factor authentication, and considering the use of physical keys or authenticator apps for more valuable accounts such as e-banking and cryptocurrency wallets.