A French woman has lived through a real ordeal. A hacker has successfully hacked his SIM card multiple times, intercepting the two-factor authentication text messages instead of the victim. Despite numerous attempts to stop the process, the hacker managed to steal € 17,000 from the owner’s account.
Do you know the SIM Swapping? This process consists for a hacker in transferring the phone number of a person to a SIM card in his possession. To do this, the hacker does not have 36 solutions. Either he manages to pass himself off as the victim to the operator’s customer services, or he bribes one of the employees.
Once the number has been retrieved, a hacker can receive double authentication SMS instead of the victim, necessary to access bank accounts or to validate payments. When the hacker is in the place, the victim loses his network and his 3G / 4G connection since the SIM card is deactivated.
Also read: Valak – this devastating malware steals your data in the easiest way possible
Difficult to defend against SIM Swapping
In both cases, it is difficult for the target to protect themselves. In this precise case, only the operator can react to prevent such manipulations, for example by spotting new suspicious SIM card requests. In the case of the victim we will call Sophie, the two successive operators who encountered the problem failed to thwart the hacker’s plans.
Indeed, according to her testimony collected by our colleagues from Cyberguerre (Numerama), the young woman had her number stolen for the first time when she was a SFR customer. After a line suspension, a new SIM card and another theft, she decides to terminate her contract to go to Orange.
However, after two weeks, Sophie suddenly loses access to the network on her smartphone. She contacts Orange after-sales service, who informs her that a new SIM card has been requested in store in Bordeaux. She lives in Paris. Fearing the return of this decidedly bitter hacker, she decides to immediately change her number and deactivate her line to protect herself. Problem, the new number will be sent by Orange by SMS.
Also read: Play Store – Quickly uninstall these 21 Android apps, they’re hiding malware!
He uses the number to validate three transfers of € 17,000
Gold, it’s the hacker who gets the SMS instead of Sophie, remember. As a result, he managed to pass himself off as her to the after-sales service, in order to cancel his request for termination and reactivate the line. It should be noted that Orange only asks for a name, a first name and a postal address to verify the identity of the customer at the end of the phone. After some research, Sophie understands why the pirate is trying so hard to keep his number.
The hacker managed to add three beneficiaries on Sophie’s company bank account and his companion, and validated three transfers of € 17,000. Either all of the company’s liquidity. Unfortunately, a transfer was made, the other two having been canceled after the bank contacted the young woman.
How did the hacker manage to validate this operation? SIM Swapping only allowed him to access the two-factor authentication SMS. To compromise the account, the hacker had to already be in possession of Sophie’s usernames and passwords. How did he steal them? Malware? A data breach from the bank? That’s the € 17,000 question.
Read also: QR Codes – beware, hackers use them to hack smartphones