arrow left facebook twitter linkedin medium menu play circle

Digital Fraud Wiki

SIM Swap Fraud

What is SIM Swap Fraud?

As far as fraud techniques go, SIM swap fraud itself is not a particularly complicated type of attack. It is a simple form of account takeover fraud that involves deceiving a service provider into transferring an existing phone number to a new phone. The success of the technique largely depends on the fraudster’s ability to convincingly impersonate the legitimate owner of the existing number. Fraudsters rely on many strategies to obtain the information needed to pull of impersonations of this kind, including buying stolen data on the dark web, phishing attacks, and social engineering, in which bad actors directly contact potential victims to try and trick them into providing private information. Once a fraudster manages to get the number transferred, they’ll potentially have access to any account that relies on that phone number for access, including authorization codes that are part of Two-Factor Authentication processes. While the actual act of swapping the number is a comparatively simple one, many steps go into a successful attack.

What Should Companies Know about SIM Swapping?

Despite having been a known attack type for quite some time, SIM swapping is still considered very dangerous, and it regularly reappears in the news courtesy of high-profile use cases. For example, Jack Dorsey, the CEO and Co-Founder of Twitter, recently had this Twitter account hacked, and as reported by The Verge, it was a SIM swap attack that made it possible. The after-effects of a SIM swap attack can be devastating. Matthew Miller, a contributing writer to ZDNet, and the co-host, with ZDNet’s Kevin Tofel, of the MobileTechRoundup podcast, was a victim of a SIM swap attack, and as he detailed in a post for ZDNet, it was a terrifying experience. Miller wrote that “they hijacked my T-Mobile service, then they stole my Google and Twitter accounts and charged my bank with a $25,000 Bitcoin purchase.”

Protecting Against Coordinated Attacks With DataVisor

The hack of Jack Dorsey’s Twitter account was the work of a group of hackers who refer to themselves as the “Chuckling Squad.” The Dorsey hack was, in fact, only one of many similar high-profile account takeovers that have targeted social media influencers. Large-scale, coordinated efforts like this are a hallmark of modern digital fraud. To succeed, malicious actors need to operate at scale—success rates on an account-by-account basis are low, and financial returns for a single attack are also often quite low as well. However, in scaling up—often through the use of bots—fraudsters can commit highly choreographed attacks across hundreds of thousands of accounts, thereby increasing their odds of success, and upping their potential illegal profits.

Fortunately, with a comprehensive fraud management system such as those offered by DataVisor, it is possible to uncover these types of coordinated activities, by revealing patterns and connections across accounts. From the moment data is leaked in a breach, to its sale on the dark web, to its use by a fraudster in a SIM swap attack, bad actors leave a trail, and this digital footprint, no matter how cleverly obfuscated, can be exposed with the power of unsupervised machine learning, the integration of global intelligence, and holistic data analysis that enables organizations to view accounts simultaneously, as opposed to in isolation.