Today ASK YOUR FRAUD EXPERT post is dedicated to SimSwap attacks. Let’s ask our Fraud Expert how to manage them.
What is a SimSwap Attack?
A SimSwap is a type of ATO (Account Takeover) focuses on the weaknesses of the identification process that involves SIM card. In this case, the attacker uses various method to steal your phone number and associating it with its SIM card. That means he’ll receive all the information about account tied to your sim and he also would be able to access your data and financial information.
How does the attack develop?
SimSwap has three phases:
1. Your phone number is identified through an open source intelligence or phishing.
2. The attacker convinces the mobile phone operator to assign your number to a different SIM that he possesses. This could happen through a contact center or going in person to a shop and taking advantage of employees.
How do they get your personal information like date of birth, email or phone? Online. Did you ever think about how many times have you entered these data into platforms? A lot of times.
3. Then the attacker intercepts one of your SMS and takes control of the account.
What are the main targets?
The SimSwap mainly aims at online banking services, payment platforms, and social media.
Authentication methods or “account recovery” based on SMS or phone calls can easily be the object of these attacks, compromising the possibility of validating the user’s identity.
Protecting services from SimSwap means entrusting identity verification to strong customer authentication mechanisms not based on the possession of a SIM.
How to manage it?
XTN Cognitive Security Platform® allows you to protect your services from SimSwap attacks.