Some of the biggest US mobile carriers are still failing to protect their customers from so-called ‘SIM-swap attacks’, as new research exploring the phenomenon outlines just how easy it is for criminals to take control of a victim’s phone number.
A SIM-swap attack – or ‘SIM-jacking’ – is a type of account takeover fraud where attackers impersonate victims to hijack their phone number.
With mobile numbers often used as a form two-factor authentication (2FA), or to retrieve lost web account passwords, SIM-swap attacks pave the way for criminals to access the victim’s email and bank account, cryptocurrency wallet, social media, and more.
Growing reports of SIM-swap attacks occurring in the wild include a tech engineer who lost more than $100,000 after criminals ported his SIM card to another device and drained his Coinbase account.