SIM swap fraud is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification, where the second factor or step is an SMS or a call placed to a mobile telephone.
The fraud centres around exploiting a mobile phone operator’s ability to seamlessly port a telephone number to a new SIM. This feature is normally used when a customer has lost or had their phone stolen. Attacks like these are now widespread, with cybercriminals using them not only to steal credentials and capture OTPs (one-time passwords) sent via SMS but also to cause financial damage to victims.
If someone steals your phone number, you’ll face a lot of problems, especially because most of modern two-factor authentication systems are based on SMSs that can be intercepted using this technique.
Criminals can hijack your accounts one by one by having a password reset sent to your phone. They can trick automated systems – like your bank – into thinking they’re you when they call customer service. And worse, they can use your hijacked number to break into your work email and documents. And these attacks are possible because our financial life revolves around mobile apps that we use to send money, pay bills, etc.
Mobile payments are now huge in developing countries, especially in Africa and Latin America. Mobile phone-based money transfers allow users to access financing and micro-financing services, and to easily deposit, withdraw and pay for goods and services with a mobile device. In some cases, almost half the value of some African countries’ GDP goes through mobile phones.
But nowadays these mobile payments are suffering a wave of attacks and people are losing their money – all powered by SIM swap fraud conducted on a major scale.
For the full report click here
TrendMicro Midyear Cybersecurity Assessment
The first six months of 2019 saw organisations dealing with a broad range of incoming threats and, more urgently, tackling threats that had already gained a foothold in their systems, according to the midyear trend assessment carried out by TrendMicro.read more
DOS And DDOS - What's The difference
Online knowledge base Wikipedia suffered an outage at the weekend following a Distributed Denial Of Service (DDOS) attack. The company released a statement: "Wikipedia was hit with a malicious attack that has taken it offline in several countries for intermittent periods. The attack is ongoing and our Site Reliability Engineering team is working hard to stop it and restore access to the site."read more
Hackers Targeting Office 365 A Growing Threat
The UK's National Cyber Security Centre has published its incident trends report for October 2018 and April 2019 and it is not good news for Office 365 users. The report states that cloud services, and Office 365 in particular, have become the primary target observed in recent months.read more
New Canon Survey Reveals Critical Gaps in Companies' Cybersecurity Agendas
While digital transformation helps companies work smarter, there is a risk that the ongoing digitization may unlock a host of security vulnerabilities that can cost companies money, time, intellectual property, and customer trust. In its latest Office of the Future survey, released today by Canon USA.read more