Topics Device Intelligence What Is Device Intelligence? Feature Platform What Is Feature Engineering? Fraud Defenses Crowdsourced Abuse Reporting Device Fingerprinting Email Reputation Service IP Reputation Service SR 11-7 Compliance Supervised Machine Learning Two-Factor Authentication (2FA) Unsupervised Machine Learning Fraud Tactics Bot Attacks Call Center Scams Credential Stuffing Data Breaches Device Emulators GPS Spoofing P2P VPN Networks Phishing Attacks SIM Swap Fraud URL Shortener Spam Web Scraping Fraud Types App Install Fraud Application Fraud Bust-Out Fraud Buyer-Seller Collusion Content Abuse Loan Stacking Synthetic Identity Theft Knowledge Graph What Is Knowledge Graph? Unsupervised ML What Is Unsupervised Machine Learning? SIM Swap Fraud What is SIM Swap Fraud? As far as fraud techniques go, SIM swap fraud itself is not a particularly complicated type of attack. It is a simple form of account takeover fraud that involves deceiving a service provider into transferring an existing phone number to a new phone. The success of the technique largely depends on the fraudster’s ability to convincingly impersonate the legitimate owner of the existing number. Fraudsters rely on many strategies to obtain the information needed to pull of impersonations of this kind, including buying stolen data on the dark web, phishing attacks, and social engineering, in which bad actors directly contact potential victims to try and trick them into providing private information. Once a fraudster manages to get the number transferred, they’ll potentially have access to any account that relies on that phone number for access, including authorization codes that are part of Two-Factor Authentication processes. While the actual act of swapping the number is a comparatively simple one, many steps go into a successful attack. What Should Companies Know about SIM Swapping? Despite having been a known attack type for quite some time, SIM swapping is still considered very dangerous, and it regularly reappears in the news courtesy of high-profile use cases. For example, Jack Dorsey, the CEO and Co-Founder of Twitter, recently had this Twitter account hacked, and as reported by The Verge, it was a SIM swap attack that made it possible. The after-effects of a SIM swap attack can be devastating. Matthew Miller, a contributing writer to ZDNet, and the co-host, with ZDNet’s Kevin Tofel, of the MobileTechRoundup podcast, was a victim of a SIM swap attack, and as he detailed in a post for ZDNet, it was a terrifying experience. Miller wrote that “they hijacked my T-Mobile service, then they stole my Google and Twitter accounts and charged my bank with a $25,000 Bitcoin purchase.” Protecting Against Coordinated Attacks With DataVisor The hack of Jack Dorsey’s Twitter account was the work of a group of hackers who refer to themselves as the “Chuckling Squad.” The Dorsey hack was, in fact, only one of many similar high-profile account takeovers that have targeted social media influencers. Large-scale, coordinated efforts like this are a hallmark of modern digital fraud. To succeed, malicious actors need to operate at scale—success rates on an account-by-account basis are low, and financial returns for a single attack are also often quite low as well. However, in scaling up—often through the use of bots—fraudsters can commit highly choreographed attacks across hundreds of thousands of accounts, thereby increasing their odds of success, and upping their potential illegal profits. Fortunately, with a comprehensive fraud management system such as those offered by DataVisor, it is possible to uncover these types of coordinated activities, by revealing patterns and connections across accounts. From the moment data is leaked in a breach, to its sale on the dark web, to its use by a fraudster in a SIM swap attack, bad actors leave a trail, and this digital footprint, no matter how cleverly obfuscated, can be exposed with the power of unsupervised machine learning, the integration of global intelligence, and holistic data analysis that enables organizations to view accounts simultaneously, as opposed to in isolation.