What Is SIM Swapping? - Check Point Software

What is SIM Swapping?

A subscriber identity module (SIM) card is the physical card that associates a cell phone number with a particular device. Phone numbers are linked to a particular SIM card, making it possible for users to change or upgrade phones simply by moving the card from one device to another.

In a SIM swapping attack, an attacker transfers a mobile phone account and phone number to a new SIM card. Since this new SIM card is under the attacker’s control, they can insert it into a device and send or receive SMS messages and phone calls directed to the victim.

A SIM swapping attack can have significant impacts on the security of the victim and their friends, families, and coworkers. Some of the potential impacts of a SIM swapping attack include:

• MFA Bypass: For accounts using SMS messages for MFA, SIM swapping provides the attacker with control over the second factor used for account access. If the attacker can guess the password associated with the account or have a reset link texted to them, they can take over the user’s account.
• Impersonation: Some organizations, such as financial institutions, use a trusted phone number to verify a user’s identity. For example, a new credit card may only be activated from a certain phone. A SIM swapping attack could allow the attacker to impersonate the victim, creating opportunities for fraud and theft.
• Smishing and Vishing: After a SIM swapping attack, the attacker can make calls or send texts from the victim’s number. This can be used in smishing and vishing attacks to trick coworkers into leaking sensitive information or opening malicious files.