Hackers hijack eSim to gain access to online banking

Specialists from FACCT have discovered attempts to steal mobile numbers from Russian users to gain access to their online banking. Number theft occurs through the substitution or recovery of eSIMs – built-in digital cards that perform the functions of a physical SIM card in some modern smartphones.

Researchers say that since the fall of 2023, they have recorded more than a hundred attempts to log into clients’ personal accounts in online services at just one financial organization.

To gain access to someone else’s mobile number, attackers use the function of replacing or recovering the digital SIM card: they transfer the victim’s phone to their own device with eSIM.

To intercept a number using eSIM profiles, fraudsters need a smartphone that supports connecting an eSIM profile, a compromised victim’s account in the personal account of the telecom operator or a popular state service.

It is noted that abroad, cybercriminals have been using a similar method of theft for no less than a year, while in Russia, the first attempts were recorded in the fall of 2023.

Previously, for account theft, attackers (with the help of accomplices on the operator’s side) tried to reissue a SIM card without the subscriber’s knowledge, but operators and banks introduced strict measures to counter this type of fraud. Therefore, in the new scheme, to obtain a QR code or activation code for the SM-DP+ address (which in eSIM is responsible for generating and protecting profiles), attackers themselves create a request on the operator’s website or application to transfer the number from a physical card to eSIM. Once the attacker completes this process, the user can no longer use their SIM card and loses access to the number.

Having gained access to the victim’s mobile phone number, cybercriminals can obtain access codes for two-factor authentication to various services, including banks and messengers, which opens up a myriad of possibilities for criminals to implement their schemes. There are many variations of the scheme, but most of the fraudsters are interested in online banking services. Confirmation code messages that will be sent to the number will allow them to withdraw all the victim’s money from their account, apply for loans,” commented Dmitry Dudkov, a specialist in the Fraud Protection department at FACCT.

To protect against such threats, specialists recommend following simple recommendations:

  • Use complex passwords—unique for each service and device, and change them quarterly;
  • Enable two-factor authentication wherever possible, and never share this code with anyone over the phone, or enter it on third-party resources;
  • Monitor SMS messages carefully about blocking, reissuing, or transferring the SIM card.
0 / 5

Your page rank:

Subscribe: YouTube page opens in new windowLinkedin page opens in new windowTelegram page opens in new window

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment