True story: SIM swapping, from no coverage to no money in the bank
It was a Tuesday at 5:15, Alberto’s alarm clock rang. He had to go on a business trip because he is responsible for purchasing in a small company. After packing his laptop and cell phone into his backpack, essential work tools when traveling so much, he headed to the airport. In the taxi, his corporate phone lost coverage, and there was no data connection. He didn’t give it any more thought.
When he arrived at the airport, the situation was still the same, so he decided to use the Wi-Fi network available to customers at the airport, even though he knew that it is not advisable to connect to public networks without taking the necessary precautions.
When he logged on, Alberto’s phone
Began receiving notifications from the bank’s app about purchases and transfers made with his corporate card. Seeing all this, he reached for his wallet and began searching for his bank card. It was there, in its place.
– I have my bank card here, how is this possible? – Alberto asked himself.
Within minutes the boarding gate closed, Alberto was without coverage, and other people were making purchases in his name and with his money.
– I can’t catch this flight, I have to solve this somehow – he told himself
Before leaving the airport, he blocked the card from the bank’s app using the Wi-Fi connection. Even without coverage, Alberto decided to go to a branch of his bank to wait for an explanation of what had happened. When he arrived, he was told that all these transactions had been made via the Internet with his bank card.
– What about SMS verification for online payments? – he asked.
After that reflection he realizes one thing: he has no coverage, that is where the problem lies.
What happened?
Alberto decides to contact his telephone company to see what is happening with his phone. To his surprise, they tell him that he pricing tables has requested a duplicate card, so it is logical that the one in his phone is disabled.
–
What is going on here?
I have not requested a duplicate! I don’t understand anything – he says surprised.
Alberto has been a victim of SIM swapping . This technique consists of obtaining a duplicate SIM card by impersonating the owner. To do this, they first snbd host obtain the personal data they need. This way, the cybercriminal can carry out operations in our name that require verification via SMS, such as online purchases.
How could this happen?
The cybercriminal had obtained Alberto’s details (ID, address, card number, etc.) using social engineering techniques, and he had not even noticed. It happened a few days ago via an SMS he supposedly received from his bank . With this adb directory information, the attackers requested a duplicate SIM card from the telephone company. Once they had obtained it and inserted it into a mobile device, they had gained access to all of Alberto’s verification messages. In addition, they had his card details and were able to make purchases with it.