IT Security Outsourced IT

SIM-Swapping Attack

What is a SIM-Swapping Attack?

SIM swapping, sometimes called SIM hijacking, occurs when a device tied to a customer’s phone number is fraudulently manipulated. Cyberattackers usually employ SIM swapping as a way to receive one-time security codes from banks, cryptocurrency exchanges, and other financial institutions. A study by Princeton University found that four-fifths of SIM-swap attempts are successful1, and these types of cyberattacks have skyrocketed in recent years.

A SIM card is a small card stored inside of a smartphone that contains subscriber information. The cards are removeable and are transferrable to other devices. People often transfer their card to a new device for the convenience of transferring their phone number and other information. The data contained on a SIM card includes user identity, location, phone number, network authorization data, personal security keys, contact lists, and stored text messages.

A SIM swap attack combines social engineering tactics to complete this cyberattack. First, the cyberattacker rely on phishing, smishing, purchasing account credentials on the dark web, and collecting information on social media in order to gather data such as the victim’s full name and login credentials. Once they have this information, the cyberattacker proceeds to impersonate the victim and contact the mobile carrier to request that the SIM card be activated on a different device. After the SIM card has been activated on the cyberattacker’s device, they are able to use multi-factor authentication to take over the victim’s accounts. Using the password reset function, they can get the one-time-passwords (OTP) that allow them to completely overtake the victim’s accounts.

The following are signs that you may be a target or victim of a SIM-swap attack2:

Suspicious emails or SMS messages. If you receive suspicious emails or SMS messages with links, attachments, or requests for personal information, you may be being targeted in a phishing attack.

Repeated calls and texts. Cyberattackers often bombard the victim with calls and texts in order to get them to turn off their device, so that they will not realize that they have been targeted with a SIM swap attack.

Inability to call or send SMS messages. Once a SIM swap attack has been completed, the SIM card in the victim’s device will no longer work, making them unable to call or text.

Notifications of suspicious activity. Mobile operators may send the victim messages confirming SIM card activation on another device, or they may message to alert the victim to suspicious activity.

Denied access to accounts. If you are unexpectedly logged out of accounts, it is possible that your phone number is being used by a different SIM card.

1 Lee, Kaiser, Mayer, Narayanan, 2020, “An Empirical Study of Wireless Carrier Authentication for SIM Swaps”

2 Incognia, 2023, “What is a SIM Swap attack? [Why fast detection is important]”