As per the report, the incidents of SIM swapping have increased globally
Hackers are said to breach eSIM security to port a number to their device
eSIM users can use 2FA and authenticator apps to improve security
Hackers are reportedly porting numbers to access victim’s online banking services to steal their money
Photo Credit: Unsplash/ Brett Jordan
SIM swapping crimes are on the rise globally, according to a new report. These crimes are primarily committed using eSIM (Embedded Subscriber Identity Modules) users. eSIMs are digitally stored SIM cards which are embedded into a device using a software. Hackers are now reportedly exploiting vulnerabilities within this technology to brute force into the victim's phone account to port the number to their own device. The findings also revealed that the bad actors are mainly interested in victim's online banking accounts and other financial services.
The information comes from the Russian cybersecurity firm FACCT, a spin-off of Group IB. In its report, it highlighted that it has recorded “more than a hundred attempts to enter clients' personal accounts in online services from just one financial organisation.” It also stated that cybercriminals have been using this method globally for at least a year.
Modus operandi of the cybercrime is straightforward. Earlier, the criminals would deploy social engineering strategies or use insiders at telecom companies to illegally port numbers to their devices. However, the report states that now the hackers have resorted to exploiting the vulnerabilities within eSIM. While it did not explain the technicalities, the process includes accessing the phone account credentials of a victim by either stealing them, getting access to leaked details through data breach incidents, or brute-forcing their way into the victim's account.
Once the SIM swappers gain the credentials, they generate QR codes through the hijacked phone account which can be used to port the device directly, circumventing the usual procedure. The report also added that the criminals were only focused on committing financial fraud by accessing the victim's online banking accounts, crypto wallets, and more.
“Having gained access to the victim's mobile phone number, cybercriminals can obtain access codes, two-factor authentication for various services, including banks, instant messengers, which opens up a lot of opportunities for attackers to implement criminal schemes,” said Dmitry Dudkov, Fraud Protection Department Specialist at FACCT.
FACCT also urged eSIM users to improve the security of their phone account by using two-factor authentication and keeping a complex password which includes a randomised alphanumeric series and special characters. For added security, users can opt for authenticator apps.
Is the Samsung Galaxy Z Flip 5 the best foldable phone you can buy in India right now? We discuss the company's new clamshell-style foldable handset on the latest episode of Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
Alphabet to Buy Wiz for $32 Billion in Its Biggest Deal to Boost Cloud Security19 March 2025
Search
![Gadgets 360 With Technical Guruji: Ask TG [ March 22, 2025]](https://c.ndtvimg.com/2024-12/5s52e4k_-ask-tg_640x480_14_December_24.jpg?downsize=180:*)
