SIM swap fraud is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification, where the second factor or step is an SMS or a call placed to a mobile telephone.
The fraud centres around exploiting a mobile phone operator’s ability to seamlessly port a telephone number to a new SIM. This feature is normally used when a customer has lost or had their phone stolen. Attacks like these are now widespread, with cybercriminals using them not only to steal credentials and capture OTPs (one-time passwords) sent via SMS but also to cause financial damage to victims.
If someone steals your phone number, you’ll face a lot of problems, especially because most of modern two-factor authentication systems are based on SMSs that can be intercepted using this technique.
Criminals can hijack your accounts one by one by having a password reset sent to your phone. They can trick automated systems – like your bank – into thinking they’re you when they call customer service. And worse, they can use your hijacked number to break into your work email and documents. And these attacks are possible because our financial life revolves around mobile apps that we use to send money, pay bills, etc.
Mobile payments are now huge in developing countries, especially in Africa and Latin America. Mobile phone-based money transfers allow users to access financing and micro-financing services, and to easily deposit, withdraw and pay for goods and services with a mobile device. In some cases, almost half the value of some African countries’ GDP goes through mobile phones.
But nowadays these mobile payments are suffering a wave of attacks and people are losing their money – all powered by SIM swap fraud conducted on a major scale.
For the full report click here
Cyberattacks: Preparing For The Inevitable
It is generally accepted that it is when, not if, large organisations will be the target of malicious cyberattacks. The importance of being prepared has been laid out in a blog post Sweat In Peace, Don't Bleed In War, written by Meredydd Hughes, a former UK chief constable with substantial crisis management experience.read more
Varonis Blog Highlights 110 Cybersecurity Statistics
Cybersecurity company Varonis has issued its predictions for the forthcoming year with a blog post entitled 110 Cybersecurity Statics For 2020. The blog states that cybersecurity issues are becoming a day-to-day struggle for businesses. Recent trends and cybersecurity statistics reveal a huge increase in hacked and breached data from sources that are increasingly common in the workplace, like mobile and IoT devices.read more
UK To Go On The Cyber Offensive
The UK Government is about to launch a new proactive and offensive cybersecurity team that will wage cyberwarfare against hostile nation-states and online crime organisations. It would be naive to believe that the UK has not launched cyberattacks against third parties, but the killing of Qassem Soleimani has brought this out into the open.read more
Are You Ready For Iranian Revenge Cyberattacks?
Following the killing of Qassem Suleimani no-one can be sure of what military action Iran will take, but experts agree that its cyberattacks will increase against countries and governments it sees as hostile.read more