SIM card duplication by specialised cybercriminal groups has serious consequences, according to specialist Entelgy Innotec Security.

Consequences are varying, from theft of the victim's credentials and information, to the transfer of bank funds, loan requests and even business consequences.

SIM Swapping is a cyber threat that predominantly affects end users of mobile devices and has become a form of fraud whereby a cybercriminal obtains a duplicate SIM card associated with an individual's phone line, carrying out impersonation activities. 

This allows them to steal money from their online banking application, among other possibilities.

"Taking into account the simplicity with which this type of cyber threat is carried out and its high probability of success, it has been observed that sophisticated cybercriminals are beginning to incorporate SIM Swapping techniques in their campaigns and the first traces of activity directed towards business environments are beginning to be observed," says Raquel Puebla, cybersecurity analyst at Entelgy Innotec Security.

For a SIM Swapping campaign to be successful, several stages must take place. We discover them with the help of the Entelgy Innotec Security professional:

1. Information gathering. First, the cybercriminal gathers information on the potential victim to be targeted by the fraudulent action. He will use information from open sources and, most especially, from the individual's social networks (name, surname, telephone number, address, etc.).

2. Obtaining credentials. SIM swapping makes it possible to obtain the codes that are usually used as a second authentication factor. To do this, the credentials of the service of interest to the attacker must first be obtained, for which phishing, pharming or spoofing activities can be carried out.

3. Spoofing. The cybercriminal contacts the telephone provider of the individual he is trying to defraud, pretending to be the owner of the SIM card to be duplicated. Social engineering tactics are also used for this purpose by claiming, among other things, that the SIM card has been lost or stolen.

4. Deactivation of the original SIM. Usually, when the duplicate SIM occurs and the second card is activated, the one that was being legitimately used is deactivated and your mobile device is left without coverage, allowing a malicious third party to gain control over the duplicate phone number. In a small percentage of situations the attacker requests the activation of a multiSIM service, in which case both the attacker's card and the legitimate owner's card will work, making detection and remediation of the spoofing much more difficult.

5. Scams. Following the above actions, the attacker carries out all sorts of scams and frauds that affect the individual who is being impersonated. It is common for cybercriminals to focus on gaining access to online banking services and subsequently making transfers from the victim's funds, and even taking out loans in the victim's name without his or her actual authorization.

6. One-time passwords. To successfully complete the above procedure, attackers request the sending of a one-time password (OTP code) via SMS messaging, which is usually used by financial institutions as a two-factor authentication. Having access to the duplicate SIM card, the attackers can view the message, which in theory should only be transmitted to the holder of the line, using it to access the individual's bank account.

7. Social network credentials. Among other possibilities, it is also common for the SIM Swapping cyberattack to conclude with the obtaining of the user's email account access credentials or those corresponding to their social network profiles.