Article Details

SIM swappers hijacking phone numbers in eSIM attacks. SIM swappers have adapted their attacks to steal a target's phone number by porting it into a new eSIM card, a rewritable SIM chip present on many recent smartphone models. Embedded Subscriber Identity Modules (eSIMs) are digital cards stored on the chip of the mobile device and serve the same role and purpose as a physical SIM card but can be remotely reprogrammed and provisioned, deactivated, swapped, deleted. A user can typicall add an eSIM to a device supporting the functionality by scanning a QR code from the service provider. The technology is becoming increasingly popular among smartphone makers because eSIMs eliminate the need for a SIM card slot and can offer cellular connectivity on small wearables. Russian cybersecurity firm F.A.C.C.T. reports that SIM swappers in the country as well as worldwide have been taking advantage of this shift to eSIMs to hijack phone numbers and then bypass protections to access bank accounts. "Since the fall of 2023, analysts from F.A.C.C.T.'s Fraud Protection have recorded more than a hundred attempts to access the personal accounts of clients in online services at just one financial organization," reads the press release. "To steal access to a mobile number, criminals use the function of replacing or restoring a digital SIM card: transferring the phone from the victim's 'sim card' to their own device with an eSIM." To do that, the attackers hijack the user's account for the service provider's platform or app, which allows them to initiate the procedure of porting the victim's number to another device. They generate a QR code to activate a new eSIM and scan it with their device, essentially hijacking the number. Simultaneously, the legitimate owner has their eSIM/SIM deactivated. "Having gained access to the victim's mobile phone number, cybercriminals can obtain access codes and two-factor authentication to various services, including banks and messengers, opening up a mass of opportunities for criminals to implement fraudulent schemes," explained F.A.C.C.T. analyst Dmitry Dudkov. "There are many variations of the scheme, but fraudsters are most interested in online banking services." A bonus for the attackers is that by porting the number to their device, they gain access to SIM-linked accounts in various messenger apps, which opens up more opportunities for scamming other people, like posing as the victim and tricking them into sending money. Previously, SIM swappers relied on social engineering or worked with insiders at mobile carrier services to help them port a target's number. However, as companies implemented more protections to thwart these takeovers, cybercriminals turned their attention to emerging opportunities in new technologies. To defend against eSIM-swapping attacks, researchers recommend using complex and unique passwords for the cellular service provider account and enable two-factor authentication if available. For more valuable accounts, such as e-banking and cryptocurrency wallets, users should consider protecting them with physical keys or authenticator apps.