This vulnerability reveals the weakness of the identification systems to make a login through a simple SMS as a two-factor authentication system. And it all starts when your mobile stops having coverage, where you are going to have to start trembling, since they could be impersonating your identity.
What is the SIM Swapping method?
In recent years, it has been shown that your SIM card is more valuable than you think, even more than your bank card. And it is that this is responsible for sending you text messages with verification codes to make logins or authorize bulky purchases. In this case, when someone steals your SIM card and installs it in their device, they will be able to receive these types of verification codes.
The question you will be asking yourself in these cases is: how are they going to steal my SIM card? Well, the truth is that many bands are specialized for it, thanks to a process which has different steps. The first of them is obtain personal information from the victim, such as the full name, ID, date of birth or bank account number. This is something that is achieved through fraudulent calls to a target audience that has previously been studied.
With all this information, the attacker is able to contact the phone company and request a duplicate of the victim’s SIM card. Being in a phone call is really complicated to correctly verify the identity, except by using the personal data that has been previously obtained. Right now, anyone could request the duplicate and it would be issued to the specified address, leaving the victim without coverage and with the card inoperative.
When the attacker receives the corresponding SIM card and inserts it into his device, he will not need to know the previous PIN, since a new one comes with the shipment. At that very moment you can request access to different services by receiving the authorization codes on that SIM card.
The most common, according to the police investigations that have been carried out, is to make a password recovery in the banking entities of the victims. Obviously, the phone number linked to the duplicate SIM card will be registered in the bank and that is why all the codes will be received as if they were reaching the victim.
From this moment on, the ban is open to making purchases of thousands of euros through the bank information obtained. And although this seems completely surreal, in Spain there have been numerous cases such as a 72,000-euro fraud that ended with the arrest of a young man from Melilla or also the 20,000-euro scam of a resident of Puerto de Mazarrón.
In these situations it has been seen that scammers always They use false addresses to be able to receive the packages they buy online. And they even invest the money that is stolen in cryptocurrencies. This is something common to avoid leaving a trace.
The solution may be in your hands
In order to understand the solution or prevention of this problem, it must be remembered that this cyberattack has two stages. The first of them is obtaining information through social engineering, and the second is the security that exists in the different logins.. In order to avoid the first phase, you must follow the following recommendations:
- Never provide your personal data through telephone calls from supposed telephone operators or electricity companies. In these cases, it is used to obtain information such as address or ID.
- Avoid falling for phishing emails or SMS, clicking on their links and entering data such as the addresssomething that is quite typical in the typical emails that inform you that they have not been able to leave you a Post Office package.
- Make a good configuration of the privacy settings of your social networks, so that only your friends can see the information they contain.
- Do not enter personal data (such as bank access) when you are connected to a public Wi-Fi network.
- Always download apps from official stores.
This also adds to the need to report any strange practice that you can detect on your mobile device. In the event that you run out of coverage or if you receive a duplicate SIM card SMS, it is important to contact your operator.
In addition, if you detect improper charges in your account, it is important to contact the bank to expose everything that happened, and also save all the evidence you have so that the corresponding investigation can be carried out by the State Security Forces and Bodies. We have already seen numerous cases in which it has been possible to detect this type of bands by monitoring the movements that are made in the possible shipments.
Likewise, it is also something that makes us think that operators should improve their security systems. SIM Swapping is so present largely because anyone can request a duplicate SIM card to the operator by phone without verifying identity. In this case, a reflection must be carried out and other systems that can verify this identity by telephone must be integrated, without being limited only to saying the DNI number or the date of birth.
In short, SIM Swapping is a practice that is spreading throughout the world and complements others such as phishing. Although it is true that it is a much more laborious practice, it is necessary to raise awareness of the prevention measures of these scams that can involve thousands of euros.