The Rise in SIM-Swap Attacks: What Executives Should Know

Criminals increasingly target senior-level executives in an attack that can impact their corporate and home office environments and even extend to family members. 

In this article, we will cover the mechanics of SIM-swapping and what executives need to know to mitigate this risk. 

What Is a SIM Card?

SIM is an acronym for a subscriber identity module, which is a smart card or a unique identifying number (e-SIM) and acts as the key to a user's cellular network.

It stores information like the unique identification number, the users contacts, and other data, and activates calling, texting, and data services in a mobile phone for the individual user's mobile account. Because of these distinctive details, removing a SIM card from one phone and transferring it to another automatically shifts that card’s mobile services to the new device. When cybercriminals exploit this key in a SIM swapping attack, they can gain access to valuable information within the victim's account.

What Is SIM Swapping?

SIM-swapping is a type of identity theft where a malicious actor tricks or deceives a mobile phone carrier into transferring a victim's account to a new SIM card in control of the criminal.

Once the SIM is transferred, the attacker can intercept calls and text messages, including those containing two-factor authentication (2FA) codes. The attacker will access any codes received via SMS or automated phone call. This negates the layer of security and access control 2FA provides. Any account tied to or protected by the victim's phone number is at risk, such as email, banking, and social media. 

The criminal can also gain access to an executive’s company network, extort that company, access sensitive information, use credit card information or bank accounts, and fraudulently transfer funds. 

It is important to understand that this is not a new method of attack; instead, it is a rising method of attack that can be very effective for high-value targets like a corporate executive. 

How Do Criminals Carry Out the Attacks? 

Typically, the attacker begins by amassing personal information relevant to verifying the victim’s cell phone account.

There are two common methods to gain this information: 

• The attacker may buy the information from a dark web marketplace and collate it with the information found on social media profiles and corporate websites.  
• The attacker may also use a phishing scam to trick the victim into providing credentials. The phishing email will have a malicious link to a website where the victim is asked to enter information such as their birthdate, passwords, and/or Social Security number. The attacker will take the credentials entered and move to the next phase of the attack.

Once the attacker marshals enough of the victim’s data, they will impersonate the victim to the mobile service provider.

After the mobile services provider has “verified” the identity of the victim, the attacker will claim to have lost the original SIM card and ask the mobile service provider to “port” the number to a new card that is in their possession.

As soon as the victim's account is ported into the new SIM card, the attacker has control over the phone and can intercept phone calls and text messages.

At this point in the attack, the criminal can intercept the text message-based authentication codes used to access bank accounts and social media profiles or the victim’s corporate network. 

They will change the passwords to all accounts (email, cloud storage, and social media accounts) by using the password resets. It is crucial to understand that the attacker is only successful if they can defeat any SMS-based or mobile/text authentication on any accounts with control of the victim’s phone number.

How Do Criminals Choose Their Targets?

Executives are attractive targets for cybercriminals. Their privileged access to a corporate network is inviting to cybercriminals looking to exploit valuable data, corporate networks or any means to extort large sums of money.

Criminals may frequently target high-profile executives with a strong media/social media presence and/or those perceived to be involved in high-value transactions or negotiations. The company size and revenue can be a factor, as executives of these companies are more lucrative targets.

Of course, with access to personal data and compromised credentials readily available on dark web marketplaces, the barrier to entry has become much lower and unsophisticated criminals can easily perpetrate these attacks.

What Are the Signs of a SIM Swap Attack? 

These are strong signals that your SIM card may have been compromised: