A spike in SIM Swapping attacks has lead to 2FA defeat and account takeover in many situations, resulting in the loss of millions this year. The attacks have increased by several hundred percent in just one year. SIM swapping occurs when attackers dupe mobile carriers into switching a target’s phone services to an attacker-controlled phone. Federal government agencies are warning that the attacks have lead to millions in losses for consumers who found their bank accounts drained and other accounts taken over by malicious actors.
SIMs are small chips inside mobile phones that allow the carrier to identify and register subscriber devices. SIM swapping attacks are often committed while the attacker conduct a social engineering scheme, convincing customer service agents to change over the victims’ services. Once the service is redirected, the attackers have access to the victims’ calls, texts, voicemails, saved profile data, and apps or sites that require two-factor authentication.
