Security News > 2020 > January > Mobile Carrier Customer Service Ushers in SIM-Swap Fraud
Mobile carriers have left the door wide open to SIM-swap attacks, particularly when it comes to prepaid accounts, researchers have found.
According to PhishLabs, a typical attack would start with an attacker phishing personal and banking information - often via SMS phishing, which has the added benefit of confirming that a victim's cell phone number is an active line.
"Specifically, our attacker knew the victim's name and phone number. We also assumed that the attacker was capable of interacting with the carrier only through its ordinary customer service and account refill interfaces."
If asked for the date or amount of the last payment, an attacker could purchase a refill card at a retail store, submit a refill on the victim's account, then request a SIM swap using the known refill as authentication.
"Though still uncommon, mobile phone customers in the U.S. and Canada are the prime targets of these attacks and their private accounts such as their banking information is the end goal," the firm said.
News URL
https://threatpost.com/mobile-customer-service-sim-swap-fraud/151993/