- Professional Risks Insurance
- Professional Indemnity
- Solicitors’ Professional Indemnity
- Surveyors’ Professional Indemnity Insurance
- Design & Construct PI
- Exclusive PI for Investment Agents
- Cyber Insurance
- Management Liability
- Directors’ & Officers’ Liability
- Crime & Employee Fidelity
- Financial Institutions
- Charities’ & Trustees’ Liability
- Employment Practices Liability
- Private Clients
- Farms & Estates
- Commercial Clients
- Wholesale Insurance Broking
- Claims
- About
- Contact
- Log in
Log in
About us
Latest Insurance News
7.04.25
SIM-swapping Attacks Explained
Cyber-risks and Liabilities update – SIM attacks
It’s important for organisations to keep up to speed with current trends from the criminal fraternity in cyber related crimes. One of the flavours of the month in cyber-threats, is known as SIM-swapping attacks. Here we look at how to prevent and respond to them.
In recent years, a growing number of organisations have implemented stronger cyber-security measures, including multifactor authentication (MFA). This method requires a user to present two or more unique credentials, such as a password and an additional security code, to verify their identity and log into their company account. With MFA, cyber-criminals are restricted from infiltrating organisations’ IT infrastructures upon stealing users’ passwords, as they lack the extra credentials required for access.
Although this cyber-security tactic has proven useful for many organisations, some cyber-criminals have figured out a way to exploit MFA through users’ subscriber identity module (SIM) cards. These cards are an essential component of any mobile phone, as they unlock a host of information and services (e.g. the user’s contacts and texting and calling capabilities). By transferring their SIM card to another phone, a user can automatically shift their existing mobile profile to the new device.
Unfortunately, some cyber-criminals have begun tricking mobile carriers into transferring users’ profiles to SIM cards on their own devices, thus giving them unauthorised access to users’ mobile phone activities. Because the additional security codes required for MFA are often sent via text, cyber-criminals with fraudulent SIM cards can complete users’ extra account verification steps with ease and go on to infiltrate company networks, data and funds.
How SIM-swapping Attacks Works
A SIM-swapping attack generally consists of the following steps:
- Gathering the user’s personal information—First, a cyber-criminal collects a variety of personal details about their target, such as their name, date of birth, contact information and employment history. The cyber-criminal likely gathers these details by reviewing the user’s online profiles or tricking them into sharing this information via deceptive messages, malicious links or other social engineering tactics.
- Manipulating the mobile carrier—After gathering their target’s personal details, the cyber-criminal leverages this information to persuade the user’s mobile carrier to conduct the SIM swap. This may occur in one of two ways: The cyber-criminal contacts the carrier while pretending to be the target and asks that the user’s phone number and mobile profile be transferred to a new SIM card, or the cyber-criminal utilises social engineering tactics to hack into the target’s mobile profile and connect the user’s phone number to a different SIM card by themself, bypassing the carrier altogether. From there, the cyber-criminal receives the user’s texts, calls and other mobile phone services on their own device.
Exploiting MFA—Following the SIM swap, the cyber-criminal is able to intercept their target’s MFA-related requests. For example, the cyber-criminal may receive a text containing an additional security code, also called a one-time passcode, on their SIM-swapped device, which allows them to log into the user’s company account successfully.
- Compromising company information and assets—Upon exploiting MFA and logging into their target’s account, the cyber-criminal is able to compromise company data and resources in various ways. This may include causing network disruptions, damaging or exposing sensitive information, and stealing company funds or intellectual property. These actions could have lasting impacts on the affected user and organisation, resulting in large-scale losses.
- Reversing the swap—In some cases, the target and affected organisation can detect the SIM-swapping attack immediately or shortly after it occurs. However, if this isn’t the case, the cyber-criminal may contact the mobile carrier or resort to their own hacking methods to reverse the SIM swap. Depending on how quickly the cyber-criminal accomplishes this, they may be able to avoid alerting the user that the swap took place and allow the attack to go unnoticed for some time. SIM-swapping attacks are usually carried out by external cyber-criminals, but they could also stem from insider threats, such as disgruntled employees or vendors. Sometimes, an insider threat may even collaborate with an external cyber-criminal in exchange for payment by giving them the in- formation needed (e.g. the target’s personal details or the company’s MFA requirements) to move forward with a SIM-swapping attack.
Any employee could be vulnerable to a SIM-swapping attack, but cyber-criminals may be more likely to target certain types of individuals, namely executives. These individuals are common targets because they often have a strong online presence, making it easier for cyber-criminals to gather their personal information. Furthermore, executives typically have the greatest access to critical company assets and may frequently engage in high-value transactions, thus attracting cyber-criminals who are looking to cause widespread damage or steal substantial funds. Regardless of who the target is, it’s vital for organisations to ensure all employees are prepared to protect against SIM-swapping attacks.
Prevention and Response Methods
The CMC’s technical committee will be chaired by the former CEO of the NCSC, Ciaran Martin.
Organisations can implement several methods to help prevent and respond to SIM-swapping attacks. Here are some best practices for organisations to consider:
- Ensure sufficient account security measures. Cyber-criminals need users’ passwords before they can deploy SIM-swapping attacks and exploit MFA. By requiring employees to create complex and unique passwords that are difficult to crack and change on a regular basis, organisations can stop cyber-criminals in their tracks. Additional account security measures that can help minimise SIM-swapping attacks include setting up account activity alerts, utilising strict access controls and leveraging a virtual private network.
- Leverage alternative MFA options. Because SIM-swapping attacks often rely on MFA-related requests being sent via text, organisations should explore other account verification options that cyber-criminals can’t access through a stolen mobile profile. Potential MFA alternatives include biometrics (i.e. face or fingerprint scanning), physical security tokens or standalone authentication applications.
- Protect personal details. Organisations should encourage employees to protect their personal details by keeping their social media accounts private and refraining from sharing this information over text or email, especially to unknown or suspicious recipients. This can make it harder for cyber-criminals to obtain the information needed to trick mobile carriers into conducting a SIM swap.
- Consult mobile carriers. As SIM-swapping attacks become more common, some mobile carriers have developed measures to help protect against them, such as requiring users to disclose a personal identification number or answer extra security questions before they can make profile changes or transfer mobile phone services to different devices. With this in mind, organisations should discuss these security offerings with their mobile carriers and follow any other guidance provided by their carriers to reduce the risk of SIM-swapping attacks.
- Educate employees. Organisations should train their employees on SIM-swapping attacks, detection and related incident reporting protocols. Key signs of these attacks that employees should be aware of include unanticipated mobile service outages, glitches and disruptions; suspicious account notifications; sudden account restrictions; and unauthorised network activities or transactions.
- Have a plan. Creating cyber-incident response plans can help organisations ensure necessary procedures are taken when cyber-attacks occur, thus keeping related damages to a minimum. These plans should be well-documented and practised regularly, and they should address a range of cyber-attack scenarios (including SIM-swapping incidents). Specific response measures for employers to consider when planning for SIM-swapping attacks include contacting the affected user’s mobile carrier, notifying financial institutions to temporarily freeze accounts and prevent the theft of company funds, and reporting the incident to relevant authorities.
- Secure ample insurance cover. Finally, employers should purchase adequate insurance to maintain much-needed financial protection against losses that may arise from SIM-swapping incidents. It’s best for organisations to consult insurance professionals to discuss their particular cover needs.
SIM-swapping – Conclusion
With SIM-swapping attacks a concerning trend, it’s crucial for organisations to fully comprehend these incidents and take proper steps to protect against them. In doing so, organisations can equip themselves with the knowledge and re-sources to mitigate related cyber-losses and successfully navigate today’s evolving digital threat landscape.
Contact us today for additional risk management guidance and insurance solutions.
Request More Information Form
Complete the details below and we will contact shortly.
The cyber-threat information provided by Zywave and contributed by Lisa Langley, Cert CII, Team Leader, Professional Risks, Cox Mahon Ltd.