SIM Swapping

Eight alleged members of the SIM swapping hacker group were arrested recently by the Spanish National Police for stealing money by compromising the bank accounts of their victims.

The primary aim of these threat actors:-

  • Target their victims with phishing attacks.
  • Then obtain their personal information.
  • And then, to steal money, they proceed to rob all the online banking accounts.

At phone stores, the threat actors convince the employees to transmit the potential phone numbers of their victims to SIM cards that are under the custody of the hackers.

Data Targeted

Here the attacker poses themself as legitimate organizations like Bank or any other financial organizations to steal personal and confidential data of the victim by executing the phishing attack through:-

  • SMS
  • Email
  • Instant messaging applications

While under the curtain of personal data, the hackers steal the following details of their victims:-

  • Passwords
  • Credit card numbers
  • Copies of ID documents
  • Debit card numbers
  • Contacts
  • Hack the social media accounts
  • Bypass 2FA services based on SMS
  • Copies of the DNI

Stealthy move

The threat actors use the stolen photocopies of victims’ IDs through which they mimic the physical appearance of their targeted victims. After that, the attackers persuade the employees of phone stores to replicate the phone number of the targeted victim to the new SIM card.

With this stealthy move, the threat actors get access to the primary weapon through which they can easily hack several important and confidential data of their victim.

Here’s what the Spanish National Police stated:-

“There are eight detainees based in Catalonia and acting throughout Spain who, through malicious messages and posing as a bank, obtained personal information and bank details to access the accounts of the victims whose identity they usurped through the falsification of official documents.”

To make the attack more complicated, the attackers make a few transactions in the name of their victims by using the online accounts of various banks across Europe.

Moreover, the National Police of Spain has asserted that they have arrested eight suspects in total, among them seven were arrested by the police in Barcelona and one in Seville.

Not only that, even they have also claimed that as part of their operation, they have blocked twelve bank accounts as well.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.