SMS swaps
SMS swapping has become quite common in the banking industry. First, the attacker steals a victim’s private phone number, along with the phone’s Security ID. Then the attacker calls the SIM card call center claiming they lost their phone, have bought a new SIM card and now need to get their old number back. Using the Security ID and other private information, possibly gathered from snooping on social media accounts, they convince the telecommunication support person to perform the phone swap.
This scam can even evade security protections. Most banking institutions that offer multi-factor authentication (MFA) to protect online banking sessions and applications rely on SMS-based MFA instead of using mobile tokens. Once hackers steal people’s phone numbers, they have access to these SMS messages. That means they can access the victim’s account even if it has SMS-based MFA in place.