Understanding How SIM Swapping Attacks Have Grown to Help Cybercriminals Monetize Their Activities


SIM swapping is a type of account takeover fraud that relies on phone-based authentication such as two-factor authentication and two-step verification.
Lately, the scammers are making heavy use of Remote Desktop Protocol (RDP) software to launch SIM swapping attacks.

A recent study by Princeton University has revealed that five major US wireless carriers - AT&T, T-Mobile, Verizon, Tracfone, and US Mobile - are susceptible to SIM swap scams. These attacks can jeopardize the bank accounts and personal details of customers with phone numbers from these carrier providers.


The infamous SIM swapping had also grabbed the spotlight following the recent hack of Twitter CEO Jack Dorsey’s account on his own platform. Securelist researchers, in their study from 2019, have indicated that SIM swap fraud is now huge in developing countries, especially in Africa and Latin America. With several mobile numbers often using 2FA to verify their accounts, SIM-swap attacks pave the way for criminals to access the victim’s email and bank account, cryptocurrency wallet, social media and more.


What is a SIM swap?


SIM swap is a type of account takeover fraud that relies on phone-based authentication such as two-factor authentication and two-step verification.


How does it work?


A SIM swap scam, also known as SIM splitting, simjacking, sim hijacking or port-out scamming, is a fraud that occurs when scammers take advantage of a weakness in two-factor authentication and verification in which the second step is a text message or call to your mobile phone number.


Usually, a basic SIM-card swapping work when scammers call a mobile carrier, impersonating the actual owner and claiming to have lost or damaged their SIM card. They then try ..