SIM swappers have evolved their tactics to pilfer phone numbers by transferring them onto a new eSIM card, as reported by BleepingComputer.
These eSIMs, residing on the chip of mobile devices, function similarly to physical SIM cards but boast remote reprogramming capabilities.
Exploitation of eSIMs by Cybercriminals
Embedded Subscriber Identity Modules (eSIMs) function similarly to physical SIM cards but are digitally stored on mobile device chips. They can be reprogrammed remotely and facilitate various functionalities such as activation and deactivation through QR code scans provided by service providers.
The report also notes that F.A.C.C.T., a Russian cybersecurity firm, highlights a surge in eSIM exploitation by SIM swappers worldwide. By manipulating eSIM functionalities, criminals bypass security measures to gain control over phone numbers, leading to unauthorized access to sensitive accounts.
Modus Operandi of Attackers
Rather than relying on social engineering or insider assistance, attackers now exploit vulnerabilities in mobile accounts using stolen credentials. They initiate number porting to a new device by generating QR codes within hijacked accounts, effectively seizing control of the victim’s number.
Protective Measures
Additionally, the report highlights that once in possession of the victim’s number, cybercriminals exploit it for various fraudulent activities, including accessing banking services and messenger apps.
To mitigate such risks, users are advised to employ robust passwords, enable two-factor authentication, and consider additional security measures like physical keys or authenticator apps for critical accounts.
In conclusion, the rise of eSIM technology has inadvertently provided SIM swappers with new avenues for exploitation. As cyber threats evolve, users must stay vigilant, employing robust security practices to safeguard their digital assets and personal information.