SIM Swap: the Fraud that Affects the Smartphone’s SIM Card


SIM Swap: what is it

SIM Swap (SIM swapping or SIM exchange in Italian) is a type of cyber attack that consists oftaking over your mobile number of the unsuspecting owner, in order to access a series of services and information connected to the SIM.

The need to replace your SIM card arises from legitimate and recurring needs: due to malfunction, theft or the simple need to choose the most convenient telephone operator, in all cases keeping your number. However, this exposes the user to the real risk that some attacker, through a false document or the complacency of those who work at a store, tries to clone the mobile number with all the resulting consequences.

The purpose most commonly associated with SIM Swap attacks is the violation of two-factor authentication or authorization systems which are based on the sending of a temporary code (OTP) via SMS. Once the attacker has control of the phone numbercan access all services that require SMS verificationincluding online banking, two-factor authentication, and other applications that require phone number verification. In this way, the attacker can steal the victim’s personal and financial information, make unauthorized purchases or carry out other illegal activities.

Nowadays, access to many online services requires, in addition to entering your username and password, also authentication through a code received on your smartphone. The typical case is that of home banking services which involve sending the device code via SMS to initiate payments or bank transfers. But there are numerous other services, such as SPID, which are based on sending a code via SMS to authenticate users.
Many other services (such as Facebook, PayPal or Gmail), then, provide the possibility of resetting the password to access an account through the sole use of an OTP sent by SMS.
All the main and most popular ones instant messaging services (like Telegram, WhatsApp or Signal) identify users with their phone number and provide identification via SMS. All of these accounts and services can be hacked by anyone who has taken control of the phone number.

SIM Swap: how data is acquired

However, a SIM Swap attack can also be carried out for other purposes, for example to take the place of the target of the attack and send communications to a third person, who would be the true recipient of a scam attempt.
The risk of falling victim to this type of scam is therefore more real today than ever and even the most diligent user can fall into the trap.

But how can an attacker get hold of the victim’s number?

  • If he has physical access to the target’s device, taking possession of the SIM and exchanging it (hence the expression «SIM Swap») with another to deceive the victim;
  • If you are in possession of the victim’s identity documents and/or the ICCD code, ask the operator where the numbering is active to replace the SIM associated with the numbering, according to the procedure used in the event of theft, loss or malfunction of the SIM or by starting a process of portability of the mobile number to a different operator, who will issue a new SIM to which the number can be associated.

Once the attacker has completed one of these actions, he will have complete control of the incoming and outgoing traffic relating to that particular number.

Therefore, obtaining the telephone number is normally only possible by someone who can physically take control of the SIM card or by someone who is able to successfully complete SIM or MNP replacement procedures, which normally require identification of the interested party through an identity document.

How to prevent attacks

For prevent SIM Swap attacksthe Communications Regulatory Authority adopted resolution 86/21/CIR in July 2021, which introduced some important security measures. These measures, to which operators began to adapt starting from November 2022, apply to SIM replacement and mobile number portability procedures.
According to the resolution, all SIM change requests, including replacements due to theft, loss or number portability, can be requested exclusively by the SIM holder. It is therefore no longer possible to carry out these operations as a simple «real user of the utility». If you are not the owner of the SIM card, and you do not show up at the operator’s point of sale with your identity card and tax code, you will not be allowed to change your SIM.

The new security procedures should significantly prevent SIM swap attacks. In some extreme cases, however, attackers may be able to circumvent them and still fraudulently complete the procedures for replacing the SIM. It is therefore appropriate to pay attention to signs that may reveal that you have been a victim of SIM Swap:

  • Receipt of messages announcing that the number will soon be switched to a different mobile operator;
  • Sudden cessation of operation of the SIM and the appearance of an error message on the phone, for example: “SIM registration failed”;
  • Receiving unsolicited password reset notifications for our accounts on sites, services, platforms;
  • Receiving notifications of access to our accounts from unknown devices or from countries other than the one where you reside.

It is essential not to ignore or underestimate these signals, if they occur, and to immediately verify the causes of these anomalies.

For limit the risk of being affected by SIM Swap it is advisable:

  • Avoid leaving your mobile phone unattended;
  • Keep the plastic card supplied with the SIM on which the ICCD code of the SIM is shown in a safe place;
  • Do not enter, unless strictly necessary, the telephone number which we also use to receive OTPs on websites, online platforms and services;
  • Do not publicly disclose the telephone number also used for sending OTPs;
  • Activate alert systems via email or app notification for access to the most sensitive services;
  • Activate the two-factor verification system provided by instant messaging apps, which ask for an additional PIN to be entered if you register on the number on another phone.

Finally, to react effectively to a SIM Swap attack, timeliness is important. You must promptly report the theft of your number and ask the telephone company where the SIM is active to block the numbering pending recovery and, where possible, change the recovery or OTP sending telephone number associated with the sites or services used.

Cyber ​​attacks like these can seriously damage work activities. However, businesses and professionals can safeguard their data by adopting a Cyber ​​Risk policy. This coverage allows the insured to protect himself from cyber attacks and the resulting expenses and losses of data and confidential information. Furthermore, this coverage provides expert intervention for the recovery of lost data and decontamination from any malware. All these are services included in the Smart version, which has a maximum limit of up to €25 thousand. Lokky also offers its customers the possibility of taking out a Top version of the policy, which provides for an increase in the limit up to €250 thousand and the inclusion of numerous additional guarantees, including a daily allowance for business interruption and coverage of expenses for restoring the company’s image.

latest posts published

Lokky, the Italian data driven insurtech for professionals and SMEs

Lokky, the Italian data driven insurtech for professionals and SMEs

EconomyUp interviews Paolo Tanfoglio and Sauro Mostarda, Co-founder and CEO of Lokky Awarded as 'Best ...
An ally for cyber security: Load Balancing

An ally for cyber security: Load Balancing

Having a fast, high-performance and reliable website is a non-negligible aspect for those who have ...
Business Trend 2023 for SMEs, professionals and commercial activities

Business Trend 2023 for SMEs, professionals and commercial activities

The main trends of 2023 that you will need to consider in your business Digital ...
Occupational risks for pastry shops

Occupational risks for pastry shops

The pastry chef's activity involves the production of confectionery products, from the preparation of the ...
How to read a pay slip

How to read a pay slip

In collaboration with our partner F2Dwe decided to delve deeper into the elements that make ...
What are the most common cyber risks and how to protect yourself

What are the most common cyber risks and how to protect yourself

“Houston, we have a problem."Who doesn't know the words of Jack Swigert, pilot of the ...
Clinical Risk: What it is and What are the consequences

Clinical Risk: What it is and What are the consequences

In recent years, the responsibility of healthcare facilities has increased significantly and with this also ...
Commercial activities most affected by theft

Commercial activities most affected by theft

Theft, shoplifting and armed robberies are a plague for Italian traders. In Europe, Italy is ...
October is European Cyber ​​Security Month

October is European Cyber ​​Security Month

October is the European month dedicated to cybersecurity, a good opportunity to acquire new awareness ...
Estimating cyber risk: importance and difficulties encountered

Estimating cyber risk: importance and difficulties encountered

The biggest challenge regarding cyber security is to estimate cyber risk in a credible, sustainable ...

Leave a Reply

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *