how scammers steal phone numbers
Sciences et technologies

how scammers steal phone numbers

Changing a SIM card has become much easier with the advent of virtual eSIM cards. Hackers use this technique to recover your phone number and gain access to your accounts, including bank accounts.

While the SIM card is still the standard, French operators have been offering their customers the eSIM option for several years – provided they have a smartphone compatible with this technology. It is a miniature version of a traditional SIM card, soldered directly to the motherboard, allowing manufacturers to eliminate the need for a SIM card tray and therefore save space for components. It also allows operators to more easily and remotely change the information recorded on it, which poses a risk. It didn’t take long for cybercriminals to spot a golden hacking opportunity and launch a new type of scam called SIM Swap. Russian cybersecurity firm FACCT has currently noticed a sharp increase in the number of attacks of this type. “Since the fall of 2023, FACCT Fraud Protection analysts have recorded more than a hundred attempts to access personal accounts of clients of online services of one financial organization.”, she explains. In most cases, the goal is to empty the victim’s bank account.

SIM card replacement: much easier to hack eSIM

In the past, SIM swappers would resort to social engineering, using phishing attempts or working with people in mobile operator departments to get hold of the target’s number. However, as companies implement additional security measures to prevent these hacking attempts, cybercriminals are adapting their methods using new technologies. Now they hack into their victim’s mobile account using stolen, hacked or leaked credentials. Once connected, they initiate number transfer to the new eSIM-equipped device. They then generate a QR activation code, which they scan with their smartphone, thereby intercepting the number. At the same time, the rightful owner has a deactivated eSIM.

Once cybercriminals have access to a victim’s phone number, they can use that line to launch phishing campaigns and thus gain valuable personal and banking information that they can resell on the dark web. They can also use it to unlock access to certain sensitive services, such as a banking app, or to make remote purchases through double authentication. They may also have access to accounts linked to the eSIM card, which opens up other opportunities for fraud, such as impersonating the victim and tricking their relatives into sending money. Suffice it to say that the financial losses can quickly become quite significant… Another method: calls at paid rates to numbers they create, which can result in the victim receiving a telephone bill of several hundred euros.

To protect against eSIM spoofing attacks, it is best to use strong and unique passwords for your mobile operator and online accounts. It is also better to systematically enable double authentication. Finally, for banking and financial accounts, it’s best to choose physical keys or two-factor authentication apps. Obviously, you should remain vigilant against phishing attempts and never reveal your credentials.

Hi, I’m laayouni2023