Phone scams are one of the main security threats for any user, being constantly reinvented to adapt to new circumstances and more easily deceive victims. In addition to the sophistication of attackers, poor security measures on digital devices and platforms are another risk factor for millions of people.
Cybersecurity specialists detail the detection of a new attack method based on the aforementioned weaknesses. This is a new identity theft attack that would allow threat actors to take control of the victim’s phone number, making a copy of the compromised SIM card in the middle of a call.
The most serious part of the matter is that the hijacking of the telephone number does not raise suspicions of malicious activity, since the only indication of an attack is the interruption of the telephone call.
After cybercriminals compromise the victim’s confidential information, they choose the most vulnerable people to complete the fraud, which will be carried out from the victim’s online banking app installed on an unauthorized device.
To access the victim’s banking app, hackers simply enter the compromised information to complete the authentication process, using the copy of the SIM card in order to request that sensitive information, including the phone number, be sent to the new device. At this point the victim will have already lost full control of their own phone number, as there cannot be two active SIM cards simultaneously and with the same number.
In this way, threat actors have full access to the victim’s banking application, from where they can make transfers, pay for illegitimate services and even use these cards for other fraudulent activities. While this happens, victims will have their attention focused on recovering their phone number, which can be even more problematic because, for the phone company, the SIM change process was done legitimately.
Finally, if hackers decide to use the compromised bank accounts to pay for services or withdraw money from an ATM, they will do so with their faces covered in case users have already detected any signs of malicious activity.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.