SIM swapping is an attack vector in which cybercriminals hijack an individual’s mobile phone number to compromise their target’s online identity. This attack requires substantial effort (and sometimes cost) from attackers. Therefore, high-net-worth individuals or those in positions of corporate, governmental, or social influence are typically the targets of SIM swapping. Executives, celebrities, politicians, and investors have been the victims of high-profile compromises since SIM swapping surged to prominence in 2018.
Scope of Threat
A cybercriminal with access to a target’s phone number can perform SMS (text) password resets for critical accounts held by the target such as:
How it Happens
The attacker typically gains access to the target’s mobile phone number by:
Disambiguation: SIM Swapping & Phone Number Porting
Criminal groups that specialize in SIM swapping attacks have increasingly shifted their efforts towards phone number porting. “Porting” is when a mobile device number is moved to another cell phone carrier. This technique allows an attacker access to the compromised phone number for days, whereas SIM swapping is typically resolved within hours. While more difficult to achieve, porting gives the attacker more time to conduct their fraudulent activities.