What is a SIM Swap Attack (SIM Interception Attack?)?

A SIM swap attack is a form of identity fraud where an attacker transfers a user's phone number to a different SIM card, allowing them to gain access to the user's phone calls, text messages, bank accounts, credit card numbers, and other sensitive information.

This type of attack is also known as a SIM intercept attack or SIM hijacking attack. It has gained popularity due to the increasing use of cellphones and the growing dependence on cellphone-based user authentication. The attackers are sly because they often trick their victims into revealing personal information without realizing that an attack has occurred until their phone suddenly stops working.

How a SIM Swap Attack Works

Mobile phone SIM cards store information about its user and identify the mobile phone to a cellular network. Without a SIM card, devices cannot be registered to an account, network, or subscription. By compromising the SIM, a SIM swap attack does not affect the programming of the device but rather remotely disables it without the victim's knowledge.

The general process for most SIM swap attacks is as follows:

  • The hacker gathers information about the victim through phishing emails, phone calls, or text messages. They trick victims into revealing personal data such as legal names, birthdates, phone numbers, Social Security numbers (SSNs), and addresses tied to account security.
  • They may also scrape information from other sources like lists of previously compromised accounts, social media, the internet, and the dark web.
  • A newer tactic used by some attackers is to lure mobile carrier employees to phishing websites. These websites replicate their company's login page but are hosted on attacker-controlled Internet Protocol addresses.
  • The hacker captures the information needed to access internal company systems by tricking unsuspecting victims into logging in.
  • They target the carrier's customers and swap SIMs at will, claiming the victim's identity for malicious or financially motivated purposes.

After collecting enough information to claim the victim's identity, the attacker contacts the mobile phone provider to declare the original SIM card has been compromised and requests to activate a new one in their possession. Using the personal data previously collected, attackers can usually answer security questions without raising any alarms and complete the transaction.

What Can Hackers Do With a Compromised SIM?

SIM swap attacks leave massive amounts of information vulnerable to theft and compromise. If not caught early on, the attacker could potentially:

  • Log in to the victim's bank account to steal their funds.
  • Lock the victim out of all online accounts.

Some hackers use SIM swap attacks to perpetrate fraud while hiding behind the victim, causing financial, social, or reputational harm. If the account holder is high-profile, such as a company chief executive officer, the attacker may threaten to publish stolen data, extort money, embarrass the victim, or disrupt their company's operations.

Identifying a SIM Swap Attack

A telltale sign of a SIM swap attack is the discontinuation of cellular service. A sudden loss of signal, indicated by no bars or on-screen notifications like "no service" or "emergency calls only," is a common red flag.

If the user's SIM has been swapped without their knowledge, they won't be able to send or receive text messages or make or receive calls with that device. Once the attacker has successfully redirected a phone number, the victim's device practically voids its communication capabilities.

Unusual account activity is another red flag. When a SIM is swapped, users usually receive notifications about login attempts or password resets. Some online accounts also send automatic notifications on detecting new device logins.

Preventing a SIM Swap Attack

Users can protect their cellular devices and accounts from SIM swap attacks by following these best practices:

  • Enable SIM protection security features, which lock the lines on the user's account so it cannot process a SIM change, including unauthorized and malicious SIM swaps.
  • Only the user or an authorized account manager can disable SIM protection.
  • Telecommunications companies have added new security controls to safeguard user accounts, such as requiring OTPs before activating a new SIM card or device.
  • User awareness is crucial; users must be alert to these attacks and take steps to protect themselves.

Responding to a SIM Swap Attack

If using precautions, hacks occur, and users should immediately contact their carrier. The user should reset passwords for sensitive accounts linked to the swapped-out phone number.

It's also essential to revoke access to suspicious devices and scan them for additional viruses, malware, or spyware. In cases of company-owned devices, notify both the company's cybersecurity team and law enforcement. Adopting a long-term strategy to enable login notifications on all online accounts and fraud alerts on all financial accounts can help.

The Regulatory Landscape to Protect Against SIM Swapping

In November 2023, the U.S. Federal Communications Commission (FCC) announced that it would be implementing new rules to protect cellphone users in the U.S. from SIM swap fraud.

The rules mandate wireless providers to adopt secure authentication methods before transferring a customer's phone number to a different device or service provider. The FCC also requires mobile companies to immediately notify customers if any SIM change request is made on their accounts.