SIM Swap: what is it
SIM Swap (SIM swapping or SIM exchange in Italian) is a type of cyber attack that consists oftaking over your mobile number of the unsuspecting owner, in order to access a series of services and information connected to the SIM.
The need to replace your SIM card arises from legitimate and recurring needs: due to malfunction, theft or the simple need to choose the most convenient telephone operator, in all cases keeping your number. However, this exposes the user to the real risk that some attacker, through a false document or the complacency of those who work at a store, tries to clone the mobile number with all the resulting consequences.
The purpose most commonly associated with SIM Swap attacks is the violation of two-factor authentication or authorization systems which are based on the sending of a temporary code (OTP) via SMS. Once the attacker has control of the phone numbercan access all services that require SMS verificationincluding online banking, two-factor authentication, and other applications that require phone number verification. In this way, the attacker can steal the victim’s personal and financial information, make unauthorized purchases or carry out other illegal activities.
Nowadays, access to many online services requires, in addition to entering your username and password, also authentication through a code received on your smartphone. The typical case is that of home banking services which involve sending the device code via SMS to initiate payments or bank transfers. But there are numerous other services, such as SPID, which are based on sending a code via SMS to authenticate users.
Many other services (such as Facebook, PayPal or Gmail), then, provide the possibility of resetting the password to access an account through the sole use of an OTP sent by SMS.
All the main and most popular ones instant messaging services (like Telegram, WhatsApp or Signal) identify users with their phone number and provide identification via SMS. All of these accounts and services can be hacked by anyone who has taken control of the phone number.
SIM Swap: how data is acquired
However, a SIM Swap attack can also be carried out for other purposes, for example to take the place of the target of the attack and send communications to a third person, who would be the true recipient of a scam attempt.
The risk of falling victim to this type of scam is therefore more real today than ever and even the most diligent user can fall into the trap.
But how can an attacker get hold of the victim’s number?
- If he has physical access to the target’s device, taking possession of the SIM and exchanging it (hence the expression «SIM Swap») with another to deceive the victim;
- If you are in possession of the victim’s identity documents and/or the ICCD code, ask the operator where the numbering is active to replace the SIM associated with the numbering, according to the procedure used in the event of theft, loss or malfunction of the SIM or by starting a process of portability of the mobile number to a different operator, who will issue a new SIM to which the number can be associated.
Once the attacker has completed one of these actions, he will have complete control of the incoming and outgoing traffic relating to that particular number.
Therefore, obtaining the telephone number is normally only possible by someone who can physically take control of the SIM card or by someone who is able to successfully complete SIM or MNP replacement procedures, which normally require identification of the interested party through an identity document.
How to prevent attacks
For prevent SIM Swap attacksthe Communications Regulatory Authority adopted resolution 86/21/CIR in July 2021, which introduced some important security measures. These measures, to which operators began to adapt starting from November 2022, apply to SIM replacement and mobile number portability procedures.
According to the resolution, all SIM change requests, including replacements due to theft, loss or number portability, can be requested exclusively by the SIM holder. It is therefore no longer possible to carry out these operations as a simple «real user of the utility». If you are not the owner of the SIM card, and you do not show up at the operator’s point of sale with your identity card and tax code, you will not be allowed to change your SIM.
The new security procedures should significantly prevent SIM swap attacks. In some extreme cases, however, attackers may be able to circumvent them and still fraudulently complete the procedures for replacing the SIM. It is therefore appropriate to pay attention to signs that may reveal that you have been a victim of SIM Swap:
- Receipt of messages announcing that the number will soon be switched to a different mobile operator;
- Sudden cessation of operation of the SIM and the appearance of an error message on the phone, for example: “SIM registration failed”;
- Receiving unsolicited password reset notifications for our accounts on sites, services, platforms;
- Receiving notifications of access to our accounts from unknown devices or from countries other than the one where you reside.
It is essential not to ignore or underestimate these signals, if they occur, and to immediately verify the causes of these anomalies.
For limit the risk of being affected by SIM Swap it is advisable:
- Avoid leaving your mobile phone unattended;
- Keep the plastic card supplied with the SIM on which the ICCD code of the SIM is shown in a safe place;
- Do not enter, unless strictly necessary, the telephone number which we also use to receive OTPs on websites, online platforms and services;
- Do not publicly disclose the telephone number also used for sending OTPs;
- Activate alert systems via email or app notification for access to the most sensitive services;
- Activate the two-factor verification system provided by instant messaging apps, which ask for an additional PIN to be entered if you register on the number on another phone.
Finally, to react effectively to a SIM Swap attack, timeliness is important. You must promptly report the theft of your number and ask the telephone company where the SIM is active to block the numbering pending recovery and, where possible, change the recovery or OTP sending telephone number associated with the sites or services used.
Cyber attacks like these can seriously damage work activities. However, businesses and professionals can safeguard their data by adopting a Cyber Risk policy. This coverage allows the insured to protect himself from cyber attacks and the resulting expenses and losses of data and confidential information. Furthermore, this coverage provides expert intervention for the recovery of lost data and decontamination from any malware. All these are services included in the Smart version, which has a maximum limit of up to €25 thousand. Lokky also offers its customers the possibility of taking out a Top version of the policy, which provides for an increase in the limit up to €250 thousand and the inclusion of numerous additional guarantees, including a daily allowance for business interruption and coverage of expenses for restoring the company’s image.
latest posts published
Lokky, the Italian data driven insurtech for professionals and SMEs
An ally for cyber security: Load Balancing
Business Trend 2023 for SMEs, professionals and commercial activities
Occupational risks for pastry shops
How to read a pay slip
What are the most common cyber risks and how to protect yourself
Clinical Risk: What it is and What are the consequences
Commercial activities most affected by theft
October is European Cyber Security Month
