Security News > 2024 > March > SIM swappers hijacking phone numbers in eSIM attacks

SIM swappers have adapted their attacks to steal a target's phone number by porting it into a new eSIM card, a rewritable SIM chip present on many recent smartphone models.

Russian cybersecurity firm F.A.C.C.T. reports that SIM swappers in the country and worldwide have been taking advantage of this shift to eSIMs to hijack phone numbers and bypass protections to access bank accounts.

"To steal access to a mobile number, criminals use the function of replacing or restoring a digital SIM card: transferring the phone from the victim's 'sim card' to their own device with an eSIM.".

Previously, SIM swappers relied on social engineering or worked with insiders at mobile carrier services to help them port a target's number.

"Having gained access to the victim's mobile phone number, cybercriminals can obtain access codes and two-factor authentication to various services, including banks and messengers, opening up a mass of opportunities for criminals to implement fraudulent schemes," explained F.A.C.C.T. analyst Dmitry Dudkov.

Ongoing Microsoft Azure account hijacking campaign targets executives.

News URL

https://www.bleepingcomputer.com/news/security/sim-swappers-hijacking-phone-numbers-in-esim-attacks/