Hackers began stealing mobile phone numbers of Russian users to gain access to online banking transactions. Numbers are “captured” by replacing or restoring the eSIM, a built-in digital card that performs the functions of the physical SIM card in modern smartphones. socialbites.ca was informed about this by the press service of the company FAC.CT, which develops technologies to combat cybercrime.
Since the fall of 2023, FACCT’s Fraud Protection analysts have recorded more than a hundred attempts from a single financial institution to break into customers’ personal accounts in online services. Attackers use the digital SIM card replacement or restore function to gain access to the victim’s mobile phone number: they transfer the phone from the victim’s SIM card to their own device via eSIM. To hijack a number using eSIM profiles, fraudsters need an eSIM profile, a smartphone that supports connecting to the victim’s compromised account in a telecom operator’s personal account or a popular government service.
“Cyber criminals abroad have been using a similar “hijacking” method for at least a year. Previously, in order to hijack an account, attackers often tried to re-issue the SIM card without the subscriber’s knowledge, with the help of accomplices on the operator side, but operators and banks have taken strict measures against this type of fraud,” explained FAC.CT
In the new “hijacking” scheme, in order to obtain a QR code or activation code for the SM-DP+ address, which is responsible for creating and maintaining profiles in the eSIM, attackers create an application on the operator’s website or application to transfer a number from the physical card to the eSIM. Once the attacker completes this process, the user can no longer use the SIM card and loses access to the number.
“By gaining access to the victim’s mobile phone number, cybercriminals are able to obtain access codes and two-factor authentication for various services, including banks, instant messengers, which gives attackers many opportunities to implement their criminal plans,” added Dmitry Dudkov. An expert in FACCT’s Anti-Fraud department.
To protect against this threat, experts recommended that Russians use complex passwords in mobile operators’ applications, enable two-factor authentication, and also closely monitor SMS from mobile providers.
scammers before started Mass attacks on Russian vendors in marketplaces.