Just recently, it was revealed that Vitalik Buterin, the co-founder of Ethereum, was a victim of a SIM-swapping fraud. The cybercriminals gained control of his phone number through SIM swapping, after which they gained access to his 4.9 million follower Twitter account.
This hacking resulted in the theft of $691,000 from his Twitter followers. But could it have been prevented? Could the same happen to you?
You may be thinking, “As an Ethereum co-founder, he’s a much bigger target for hackers than I am”. But this really hasn’t been the case since SIM swapping started — in fact, anyone with any money in their account is a target.
In one of the first public SIM swap frauds in 2015, £1,500 vanished from Emma Franks’ bank account. Just last year, the average amount of money stolen via SIM swapping in the UK was around £2,500.
You no longer have to be a celebrity or a millionaire to be interesting to cyber criminals, bringing huge risks to any businesses that rely on SMS OTP verification of their users. But the good news is that your business can get around this threat and protect your users and your revenue.
Let’s start from the very beginning.
What is SIM Swapping?
SIM swapping, also known as SIM card swapping or SIM hijacking, is a type of cyberattack in which a malicious actor takes control of a victim’s mobile phone number by tricking or convincing the victim’s mobile carrier to transfer the phone number to a new SIM card.
Once they have control of your phone number, the criminal will typically take advantage of SMS OTP-based two-factor authentication to take over your accounts. Usually, they’d already have done a lot of damage before the user has even noticed something’s wrong with their SIM card.
This cybercrime strategy is also one of the most lucrative, with an 80% success rate, and this is also reflected in its surging popularity.
FBI has actually warned of a surge in SIM swapping schemes that inflicted $68 million in losses last year which constitutes a significant increase from $12 million in 2020.
How it works
How do the perpetrators succeed in tricking your mobile operator into issuing them a new SIM card with your phone number? Most often, this is where all those data breaches come into play.
Going through this leaked data, they’d usually need to obtain personal information such as first and last name, social security number, ID number, etc. Think along the lines of the questions you’re usually asked to confirm your identity, and how hard it would be for a cybercriminal to find that data online.
Then, once they successfully trick your mobile network operator and gain control of your phone number, they get to take advantage of SMS OTP-based two-factor authentication. Most often, they will need to know your username and password as well, but those are much easier to break than you may think.
Upon login, they will receive your code via SMS and take over your account before you even realize anything is going on. And what would even be some signs that your SIM was swapped?
Signs you’re a victim of a SIM Swap Attack
1. Your calls or texts can’t go through
If you can’t make calls, send texts, or access your mobile data, similarly to when you have no network signal, it could be a sign that someone has gained control of your SIM card.
However, don’t panic — this may also just be an issue on the mobile network operator side, like a temporary service outage.
2. You receive suspicious activity alerts
You know when you log into your account on a new device, and you receive that email notifying you of suspicious activity? You can consider that a red flag as well, especially if you receive a number of those emails for a number of accounts.
3. You can’t access your accounts
When a cybercriminal takes control of your account, the first thing they’ll do is change your password and lock you out of the account. If you suddenly can’t access yours, it’s a telltale sign that someone is trying to take over.
4. You receive unauthorized transaction notifications
As usual, your bank account and other fintech apps will be the main target for cybercriminals. If your account has sent out any unauthorized transactions and you receive notification about them, know that it may have happened because of SIM swapping. The first you do should be to call up your bank and have your accounts blocked.
Ways to Fight SIM Swapping: SIM Swap Detection
We don’t give up without a fight, right? Especially not when our businesses are on the line due to financial losses a SIM swapping hack could incur.
Did you know that AT&T has faced a $220 million lawsuit over stolen cryptocurrency due to a successful SIM-swapping attack? It’s why it’s crucial SIM swapping detection tools are implemented by businesses globally to protect against it.
Enter IPification SIM Swap Detection, just one in our arsenal of mobile identity and fraud prevention solutions.
At the very beginning, IPification assigns each user with a unique mobile ID key made up of SIM card AND device data, and it verifies the user’s identity against that complete mobile ID key. But when a new SIM card with the same phone number is detected, app developers can choose to interrupt any authentication or authorization request, thereby preventing any further damage.
Only after the user confirms, on request from the mobile app developer, that they are indeed using a new SIM card can they authenticate their identity and verify transactions.
Because SIM swapping is currently trending upwards, we have decided to offer IPification SIM swap detection as a standalone solution that mobile network operators can implement in two ways: either through IPification authentication wherein the user has to authenticate via their Mobile ID key, or through the operators’ SIM Swap API, a server-to-server API.
Mobile app developers can then integrate it into their apps and protect their businesses and their users. It’s simple yet very effective!
Want to talk it over? Let’s schedule a call.
