Browse Definitions :
Definition

SIM swap attack (SIM intercept attack)

A SIM swap attack, also known as a SIM intercept attack, is a form of identity theft in which an attacker convinces a cell phone carrier into switching a victim’s phone number to a new device in order to gain access to bank accounts, credit card numbers and other sensitive information. Relatively new and on the rise, SIM swap attacks are increasing in popularity due to the growing dependence on cell phone-based authentication methods.

Cell phone SIM cards are used to store information about its user and communicate with the Global System for Mobile communication (GSM). Without a SIM card, devices cannot be registered to an account, network or subscription. By compromising the SIM, this introduces a type of attack that does not affect the programming of the device at all, but rather disables it remotely without the victim’s knowledge.

The first step in a SIM swap attack is for the hacker to phish for as much information about the victim as possible. Through fraud emails, phone calls or social media accounts, hackers trick victims into revealing personal information such as legal names, birthdates, phone numbers and addresses that may be tied to account security.

After the attacker has collected enough information to fake the victim’s identity, they will call the cell phone provider to claim the original SIM card has been compromised and that they would like to activate a new one in their possession to the same account. Using the personal data previously collected, attackers can usually answer security questions without raising alarm and complete the transaction.

Once this is complete, the attacker has access to all of the victim’s text messages, phone calls and accounts that may be linked to the phone number. Since a large amount of banking, email and social media accounts can be retrieved or reset with mobile authentication, SIM swap attacks leave massive amounts of information vulnerable. If not caught early on, the attacker could potentially open new bank accounts to transfer funds in the victim’s name or lock the victim out of all accounts.

How to identify a SIM swap attack

The tell tale sign of a SIM swap attack is the discontinuation of sending or receiving text messages and calls to a device. Once the attacker has successfully redirected a phone number, the victim’s device will practically void its communication capabilities.

Cell phone users can also contact the provider to inquire if a SIM activation has been requested. Certain mobile carriers will also send an email confirmation of the SIM swap, verifying that this was made by the account holder.

How to prevent a SIM swap attack

Users can help protect cellular devices from SIM swap attacks in the following ways:

  • Avoid relying on SMS for primary communication as the data is not encrypted
  • Keep personal information utilized for protecting accounts private
  • Verify the types of alerts set up for each account to identify false logon attempts
  • Utilize the offer from every major US cell phone provider to set up an account PIN or passcode separate from the number
  • Enable two-factor authentication (2FA) for social media, credit card and bank accounts
  • Download authenticator apps, such as Google Authenticator and Authy, to link the physical cellular device
  • Remove cell phone numbers from accounts that do not require one
This was last updated in September 2018

Continue Reading About SIM swap attack (SIM intercept attack)

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Why do you think SIM swap attacks are becoming a more popular method of identity theft?
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

SearchCompliance

  • Whistleblower Protection Act

    The Whistleblower Protection Act of 1989 is a law that protects federal government employees in the United States from ...

  • smart contract

    A smart contract, also known as a cryptocontract, is a computer program that directly controls the transfer of digital currencies...

  • risk map (risk heat map)

    A risk map, also known as a risk heat map, is a data visualization tool for communicating specific risks an organization faces. A...

SearchSecurity

  • challenge-response authentication

    In information security, challenge-response authentication is a type of authentication protocol where one entity presents a ...

  • Secure Shell (SSH)

    SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system ...

  • honeypot (computing)

    A honeypot is a network-attached system set up as a decoy to lure cyberattackers and to detect, deflect or study hacking attempts...

SearchHealthIT

SearchDisasterRecovery

  • virtual disaster recovery

    Virtual disaster recovery is a type of DR that typically involves replication and allows a user to fail over to virtualized ...

  • tabletop exercise (TTX)

    A tabletop exercise (TTX) is a disaster preparedness activity that takes participants through the process of dealing with a ...

  • risk mitigation

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a data center.

SearchStorage

  • exbibyte (EiB)

    An exbibyte (EiB) is a unit used to measure data capacity.

  • zebibyte (ZiB)

    A zebibyte (ZiB) is a unit used to measure computing and storage capacity.

  • tiered storage

    Tiered storage is a way to assign different categories of data to various types of storage media with the objective of reducing ...

Close