The SIM is the gateway to everything we store and is associated with a telephone number, so an attack on this information point is critical for the security and privacy of our data.

Eusebio Nieva


What is meant by SIM Swapping?

As we saw in a previous post, smartphones have become our “all-in-one” device. Not only is our camera, but is also our agenda and even our wallet. However, it should never be our safe deposit box.

On the contrary, the more attractive, the bigger its vulnerability. What began as a scam that barely affected 1,000 6 years ago, today is a global threat that can result in millionaire losses.

How are SIM Swapping attacks carried out?

SIM Swapping attacks, as the name implies, consist of duplicating the SIM card of a smartphone to access all the information stored on it.

When a cybercriminal manages to duplicate a SIM card:

  • He not only accesses the victim’s contacts.
  • But also, thanks to multifactor authentication, can access his social networks.
  • Whatsapp chats (to spread and a piece of malware and hijack other devices as well)
  • And even worse, he can obtain the access code to authorize certain banking operations through the verification codes sent by SMS. An with tha information, transfer funds or even request a loan.

This type of scam calls into question many things:

  • Multifactor authentication and SMS-based phone number verification are clearly not a reliable option. Banks, financial institutions and other entities should stop using these authentication methods and implement security solutions that really guarantee the safety of their users and their operations.
  • In many cities and countries, users must go to a physical store and identify themselves to get a duplicate of their SIM card. However, sometimes, it is enough to make a phone call to get it. Verification and control systems should be more thorough to make sure that only the legitimate users can make SIM duplicates.

If we consider that only in Spain, more than 30 devices are stolen every hour, we can get an idea of the magnitude of the risk that we face.

Beyond what our latest mobile model has cost us, what should really worry us is the information we store in them and how we protect it.

If your mobile phone stops having a signal, it does not let you call or connect to the Internet, immediately call your mobile operator and confirm with your bank that your account has not been fraudulently accessed.

Follow us on Twitter and LinkedIn to stay up on the latest updates