The Rise in SIM-Swap Attacks: What Executives Should Know

SIM-swapping attacks targeting executives are on the rise. In 2023, the FBI investigated 1,075 SIM-swapping attacks, which resulted in nearly $50 million in losses. SIM-swapping has become so pervasive that it has prompted the Federal Communications Commission to consider strengthening regulatory actions for protecting consumers and businesses as it relates to this attack vector. 

Criminals increasingly target senior-level executives in an attack that can impact their corporate and home office environments and even extend to family members. 

In this article, we will cover the mechanics of SIM-swapping and what executives need to know to mitigate this risk. 

cybersecurity sim swapping

What Is a SIM Card?

SIM is an acronym for a subscriber identity module, which is a smart card or a unique identifying number (e-SIM) and acts as the key to a user's cellular network.

It stores information like the unique identification number, the users contacts, and other data, and activates calling, texting, and data services in a mobile phone for the individual user's mobile account. Because of these distinctive details, removing a SIM card from one phone and transferring it to another automatically shifts that card’s mobile services to the new device. When cybercriminals exploit this key in a SIM-swapping attack, they can gain access to valuable information within the victim's account.

What Is SIM-swapping?

SIM-swapping is a type of identity theft where a malicious actor tricks or deceives a mobile phone carrier into transferring a victim's account to a new SIM card in control of the criminal.

Once the SIM is transferred, the attacker can intercept calls and text messages, including those containing two-factor authentication (2FA) codes. The attacker will access any codes received via SMS or automated phone call. This negates the layer of security and access control 2FA provides. Any account tied to or protected by the victim's phone number is at risk, such as email, banking, and social media. 

The criminal can also gain access to an executive’s company network, extort that company, access sensitive information, use credit card information or bank accounts, and fraudulently transfer funds. 

It is important to understand that this is not a new method of attack; instead, it is a rising method of attack that can be very effective for high-value targets like a corporate executive. 

How Do Criminals Carry Out the Attacks? 

Typically, the attacker begins by amassing personal information relevant to verifying the victim’s cell phone account.

There are two common methods to gain this information: 

  • The attacker may buy the information from a dark web marketplace and collate it with the information found on social media profiles and corporate websites.  
  • The attacker may also use a phishing scam to trick the victim into providing credentials. The phishing email will have a malicious link to a website where the victim is asked to enter information such as their birthdate, passwords, and/or Social Security number. The attacker will take the credentials entered and move to the next phase of the attack.

Once the attacker marshals enough of the victim’s data, they will impersonate the victim to the mobile service provider.

After the mobile services provider has “verified” the identity of the victim, the attacker will claim to have lost the original SIM card and ask the mobile service provider to “port” the number to a new card that is in their possession.

As soon as the victim's account is ported into the new SIM card, the attacker has control over the phone and can intercept phone calls and text messages.

At this point in the attack, the criminal can intercept the text message-based authentication codes used to access bank accounts and social media profiles or the victim’s corporate network. 

They will change the passwords to all accounts (email, cloud storage, and social media accounts) by using the password resets. It is crucial to understand that the attacker is only successful if they can defeat any SMS-based or mobile/text authentication on any accounts with control of the victim’s phone number.

How Do Criminals Choose Their Targets?

Executives are attractive targets for cybercriminals. Their privileged access to a corporate network is inviting to cybercriminals looking to exploit valuable data, corporate networks or any means to extort large sums of money.

Criminals may frequently target high-profile executives with a strong media/social media presence and/or those perceived to be involved in high-value transactions or negotiations. The company size and revenue can be a factor, as executives of these companies are more lucrative targets.

Of course, with access to personal data and compromised credentials readily available on dark web marketplaces, the barrier to entry has become much lower and unsophisticated criminals can easily perpetrate these attacks.

What Are the Signs of a SIM-swap Attack? 

These are strong signals that your SIM card may have been compromised:   

  • Sudden and unexplained lack of phone service  
  • Uninitiated password reset notifications 
  • Atypical social media posts and notifications  
  • Login attempt notifications 
  • Uninitiated account lockouts  
  • Unexpected transactions

What to Do If You’re the Victim of a SIM-swap 

Corporate executives who suspect they are a victim of SIM-swap attack should:  

  • Initial the corporate reporting protocols and incident response plan 
  • Contact your cyber insurance broker to initiate your coverage and services cyber insurance provides 
  • Contact your mobile service provider immediately to regain control of your phone number  
  • Access your online accounts and change your passwords 
  • Contact financial institutions to alert your accounts for suspicious login attempts and/or transactions
  • Report the activity to the FBI's Internet Crime Complaint Center

How to Prevent a SIM-swap Attack

To mitigate the risk of a SIM-swap attack, executives should implement the following: 

  • Stop using text message-based authentication methods to access online accounts or applications. Instead use robust multi-factor authentication methods such as biometrics, physical security tokens, or standalone authentication applications like DUO, Okta or Google Authenticator to access online accounts. These methods ensure that even when a SIM-swap has occurred, the attacker cannot access any accounts or applications. 
  • Do not store passwords, usernames, or other information for easy login on mobile device applications or in internet browsers. This makes accessing credentials far more difficult for an attacker.  
  • Retaining a threat intelligence service provider to addresses three primary areas of concern: preventing threat actors from exploiting executive reputation and influence through social media impersonations, account takeovers, and phishing attacks; detecting and removing exposed personal identifiable information (PII) or compromised credentials from the dark web market places; and monitoring malicious activity on the dark web as it relates to the executive and his or her family members.

As SIM-swapping attacks continue to rise, executives must be vigilant and proactive in safeguarding their personal and professional data. By understanding the mechanics of SIM-swapping and implementing robust security measures, executives can mitigate the risk of falling victim to these sophisticated cyber threats. 



Table of Contents