SIM swapping is a method that is used by hackers constantly to bypass things such as 2FA. They do this by finding out personal information about their victim. Usually through a phishing email that gets the victim to enter important information. Once SIM swap has happened, all text messages and emails will be going to the phone that the hackers used to SIM swap. This means that the hacker can possibly enter someones username and password to their bank account. The 2FA code now does not go to the users phone but to the hackers phone.
This type of attack is all based of a SIM card which is a small card that contains a chip. This chip is pretty much what makes your phone work. It allows text messages and emails to send and allows for the user to also receive them. Without it, you can only take pictures and access the internet with wifi.
The most common method of SIM swapping is when hackers call the victims carrier. The carrier is a wireless service provider that allows cellular connectivity services to subscribers (Rogers, AT&T) Before they call the victims carrier, they will gather as much personal information about them as they can. Phishing emails disguised as the victims carrier can make users enter information as important as their social security number. Scammers can also include links infected with malware that record keystrokes. This normally allows for a smoother social engineering process when calling the carrier. Once they have called, scammers will pretend to be their victim and could say that “they have” damaged their SIM card. They can then ask to activate a new sim card which ports on the scammers phone instead of the victims. Then all messages and emails will be going to the scammers phone.
The most common and easiest ways to detect if you have been SIM swapped are…
1. You can not send of receive texts
2. Notification that activity has been detected somewhere else
3. Inability to access accounts
4. Unauthorized transactions