Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • Monitoring & Management
    • N-central Automate. Tackle complex networks. Get remote monitoring and management built for efficiency and scale.
    • RMM Start fast. Grow at your own pace. Try this powerful but easy remote monitoring and management solution.
    • Backup
    • Backup Get data protection for servers, workstations, applications, documents, and Microsoft 365 from one dashboard.
    • Security
    • EDR Defend against ransomware, zero-day attacks, and evolving threats with endpoint detection and response.
    • Mail Assure Leverage mail protection and archiving to keep your users safe from email threats and downtime.
    • Passportal Adopt and enforce best practices for password and documentation management with ease.
    • Tools & Services
    • MSP Manager Increase helpdesk efficiency with a robust PSA, ticketing, reporting, and billing management solution.
    • Take Control Help support customers and their devices with remote support tools designed to be fast and powerful.
    • View All
  • Solutions

    Solutions

    • Security Protect your customers and expand your business by offering layered security services without the complexity.
    • Monitoring Choose the right remote monitoring and management solution to meet you where you are and grow with you.
    • Operational Efficiency Boost profits by improving efficiency via automation, resources and training, and time-saving products.
    • IT Departments Keep your organization productive by easily managing IT from a single, easy-to-use, web-based dashboard.
    • Remote Monitoring Solutions Comparison Compare SolarWinds RMM and N-central side by side. Sign up to talk to a specialist to find the right fit.
    • View All
  • Resources
    • Download
    • Resource Library
    • Product Information
    • Free Tools
    • Learn
    • MSP Institute Webinar Series
    • Daily Live Demos
    • MSP Advice Project
    • Ask the N-central Experts
    • Upcoming Webcasts
    • Connect
    • Blog
    • Security Resource Center
    • Events
    • RMM Foundations Training
  • About
    • Company
    • About Us
    • Leadership
    • Careers
    • News & Press
    • Awards & Recognition
    • Support & Policies
    • Customer Success
    • Customer Support
    • Legal
    • Security
    • Get in Touch
    • Contact
    • Get a Quote
    • Worldwide Sales & Support
  • IT Departments
  • Contact Sales
    • Contact Sales
    • General Inquiry
    • Get a Quote
    • Worldwide Sales & Support
    • Talk to Specialist
    • Security Solutions
    • Monitoring Solutions
    • Operational Efficiency
  • Try Now
    • Monitoring & Management
    • N-central
    • RMM
    • Backup
    • Security
    • EDR
    • Mail Assure
    • Passportal
    • Tools & Services
    • MSP Manager
    • Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Security SIM Swapping: What to Know about This Disturbing Cyberattack
Sim Swapping Image
Security

SIM Swapping: What to Know about This Disturbing Cyberattack

By Marco Muto
7 May, 2019

You’re sitting at your desk, and you decide to make a phone call. You’re choosing what to eat for lunch. You pick up your phone and decide you’re going to text a coworker to see where to go. Unfortunately, you don’t have a signal on your phone. You notice your phone displays an error stating there’s no SIM card. 

This could be a minor error with your phone’s software—or it could be the beginning of an extremely damaging cyberattack known as SIM swapping. At this point, a cybercriminal could be breaking into your bank account, email account, or online storage. And if you have access to critical systems for your business, such as a corporate bank account or access to the corporate social media accounts, the cybercriminal could easily start to ruin your business.

Managed services providers (MSPs) and managed security services providers (MSSPs) in charge of their customers’ security need to know how to deal with these attacks. While you can’t completely eliminate the threat, there are steps you can (and should) take to stay safe. But first, it helps to understand how these attacks occur. 

Anatomy of SIM swapping

SIM cards store basic information about the subscriber, such as their phone number, carrier information, billing information, and in some cases, address books and contacts (note that this isn’t the case with some phones). Phone providers offer the ability to swap SIM cards for convenience—if a customer loses their phone or if their phone was stolen, this allows the original owner of the phone to recover their phone number and transfer the service to a new device. However, cybercriminals can attempt to impersonate a phone owner, transfer their number to a new SIM card, then use this to break into personal accounts like banking or social media. 

SIM swapping often starts with the cybercriminal doing some reconnaissance to discover personal information they can use in the attack. A lot of the information they’ll need is publicly available, like the victim’s name, home address, and phone number. They can often get social security numbers or account user names by gaining information from previous mass data breaches. However, they may also try email and text phishing scams to get even more info. 

Once they have enough personal information, they call the cell phone service provider, claim to be you, and ask them to transfer your phone number to a new SIM card. Since the criminals have already done some upfront recon work, they can answer security questions well enough to successfully fool the support line for your phone provider. Not all SIM swap attacks involve impersonation, though—sometimes an employee for the phone provider will initiate the swap. 

At this point, they’ll receive all phone calls and text messages to the phone using the transferred SIM card. This is where the bad stuff starts happening. If they have your credentials and need 2FA to get into an account, they’ll receive the text messages and get in immediately (and don’t forget—with people often reusing passwords and credentials across accounts, getting someone’s password can be way too easy). They can also use password resets on accounts and receive temporary codes via SMS to change your accounts. 

After that, it depends on their goal. Some SIM swappers have stolen social media accounts, especially Instagram accounts, changed the personal info on the account to make it almost impossible for the original owner to recover, and sold the usernames to third parties. Some have broken into Instagram accounts of celebrities to leak personal photos. They could change your email account’s password, then start compromising other linked accounts such as bank accounts or online shopping accounts. They could do all of this and start extorting you for money. One SIM swapper successfully stole over $1 million USD in cryptocurrencies. 

Protecting your clients

These attacks are notoriously difficult to deal with. The weak link here is the phone provider, as they’re the ones allowing the SIM swap to occur. However, there are still precautions you can take. 

First, for any mobile device you’re in charge of managing, meet with the mobile service provider and have them require a designated person to physically enter the store with proper identification before making a SIM swap. You should do this on your personal devices, too. 

Second, remember that SIM swapping often kicks off another type of attack. Once someone has a customer’s mobile device, they will use that to break into other accounts. Wherever possible, consider using an authenticator app like Google Authenticator or Authy instead of SMS-based 2FA. Some services offer these options while others don’t. Additionally, you could consider using physical hardware tools for authentication, such as YubiKeys or other USB-based tools, which requires users to physically possess a separate authentication device to get into an account. 

Third, keep your own security house in order. Request that any employees for your MSP or MSSP follow these guidelines on personal devices. Imagine what could happen if a tech on your team fell victim and the attacker ended up with access to your email or RMM system. That could spell bad news for your customers as well (and your business as a whole).

Finally, user-awareness training can add an additional layer of security. Teach employees to be on guard against email or text-based phishing attempts or any unrequested 2FA messages they receive. This could be the start of the recon phase, where the criminal attempts to gain enough information to kick off a successful attack. Additionally, train employees to recognize the signs of a potential attack, such as an inability to send or receive calls or text messages or a message that their SIM card is missing. It’s worthwhile teaching them about authenticator apps like Google Authenticator so they’re aware of the flaws of current authentication schemes and know to protect accounts where stronger 2FA options are available. 

Keeping your accounts safe

SIM swapping has become increasingly common over the past few years. This attack doesn’t require sophisticated scripting—it often requires just a little bit of background information on the victim to launch a devastating attack. However, with some upfront preparation, you can hopefully prevent the attack—or at least minimize the damage. 

 

Additional reading

  • 4 Tips for Rock-Solid Mobile Security
  • How to Assess and Improve Your Office 365 Security Scorecard
  • Mobile Device Management—A threat to Employee Privacy?

 

Marco Muto, director, Business Development at SolarWinds

 

You might also like...
Security

February 2021 Patch Tuesday: Many “Exploitation More Likely” and an update to a Netlogon fix from last year

Security

What Do Auto Racing and EDR Have in Common?

Automation

What the Head Nerds Were Up to in 2020

Security

January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be

Security

December 2020 Patch Tuesday—A quiet(er) finish to a busy year in vulnerabilities

Security

Documentation Management API and Why It’s Important for the MSP Business

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • Three things I learned working for an MSP
  • Earning word-of-mouth referrals for your IT business
  • Backup automation part 1: Deploying backup devices
  • Ultimate Guide: MySQL Backup
  • Most common automation requests and how to solve them: Ep 2
Categories:
  • Security (240)
  • Tips & Advice (130)
  • Best Practices (97)
  • Backup & Disaster Recovery (96)
  • Managed Services (89)
  • The Head Nerds (82)
  • Business Growth (79)
  • IT Support (43)
  • Business (41)
  • Automation (40)
  • Operations (38)
  • Cybersecurity (37)
  • Mail (33)
  • Remote Management (30)
  • ITSM (26)
  • Networking (22)
  • Data (21)
  • Cloud Computing (21)
  • Marketing (15)
  • PSA (13)
  • Product (11)
  • Service Desk (6)
  • Services & Support (5)
  • Mobile (4)
  • Risk Intelligence (4)
  • GDPR (3)
  • Internet of Things (3)
  • Customer Service (3)
  • Research & Trends (2)
  • Training (2)
  • Business Risk (1)
  • LOGICcards (1)
  • Cybersecurity Awareness Month (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.