A 42-year-old manager at an unnamed telecommunications company has admitted SIM swapping customers at his store.
SIM swapping, also known as SIM jacking, is the act of illegally taking over a target's cell phone number and re-routing it to a phone under the attacker's control.
Once an attacker has successfully hijacked their victim's mobile number, they can use it to send and receive calls and messages.
For that reason, SIM swapping can be used to get around two-factor authentication codes sent by SMS message.
Armed with an email and password-which are easily bought online- and the 2FA code, an attacker could take over the victim's online accounts.
SIM swapping can be done in a number of ways, but perhaps the most common involves a social engineering attack on the victim's carrier.
If you have a telecoms manager on your payroll then there's no need for social engineering-they can just do the SIM swap for you.
Using managerial credentials, he swapped the SIM numbers associated with customers' phone numbers into mobile devices controlled by another individual, enabling this person to control the customers' phones and access the customers' electronic accounts - including email, social media, and cryptocurrency accounts.
In exchange, Katz received $1,000 per SIM swap and a percentage of the revenue from the compromised phone number.
He was paid in Bitcoin, which was traced back to Katz's cryptocurrency account.
Katz pleaded guilty before Chief U.S. District Judge Renée Marie Bumb in Camden federal court on March 12, 2024, to a charge of conspiracy to gain unauthorized access to a protected computer.
In this case, being careful online would not have helped the victims to prevent the SIM swap.
However there are some things that are tell-tale signs of a SIM swapping attack and some things you can do to limit the consequential damage.
If your mobile number suddenly is inactive or out of range, call your mobile operator immediately.
Check your online accounts immediately if you receive a notification about unusual activity.
Contact the account provider if you find you no longer have access yourself.
If you fall victim to a SIM hijacking attempt, change the passwords for services like your online banking and email immediately.
If you notice irregular transactions, contact your bank to have your account blocked and avoid further fraud.
Contact your cellular service provider so they can stop the attacker by cutting off their access to the mobile network.
If you want to find out how much of your data has been exposed online, you can try our free Digital Footprint scan.
This Cyber News was published on www.malwarebytes.com. Publication date: Tue, 19 Mar 2024 12:13:04 +0000