Technical Update vol. 29 no. 13 - Cybersecurity Insights: SIM-Swapping

As cybersecurity measures improve, cybercriminals continue adapting. One of the fastest-growing threats is SIM-swapping, a form of social engineering that allows attackers to take control of a victim’s phone number and access sensitive accounts. This can lead to financial theft, data breaches, and unauthorized access to company networks.

UNDERSTANDING SIM-SWAPPING ATTACKS

Attackers trick mobile carriers into transferring a victim’s phone number to a new SIM card, allowing them to intercept calls, text messages, and MFA codes. With this access, they can reset passwords, steal funds, and infiltrate company systems.

SIM-swapping attacks typically follow these steps:

1. Gathering Personal Information – Attackers collect details like name, birthdate, phone number, and employment history through phishing, social media, or data breaches.
2. Impersonating the Victim – Using stolen data, attackers contact the mobile carrier, posing as the account holder, to request a SIM transfer.
3. Bypassing MFA Protections – The attacker intercepts SMS-based authentication codes, allowing them to reset passwords and access sensitive accounts.
4. Accessing Company Data – With control over MFA, attackers can log into business networks, reroute transactions, and steal confidential information.

Detecting a SIM-swap attack early is key to minimizing damage. A sudden loss of mobile service, unexpected login attempts, or unauthorized transactions may signal an attack. Alerts from your mobile carrier about unapproved account changes or difficulty accessing accounts due to altered passwords or unrecognized MFA requests are also red flags. Identifying these signs quickly allows immediate action to secure accounts and prevent further harm.

HOW TO PROTECT AGAINST SIM-SWAPPING

Counties and individuals can take steps to prevent and mitigate SIM-swapping attacks:

1. Strengthen Account Security
   • Use strong, unique passwords for critical accounts.
   • Enable account activity alerts to detect suspicious login attempts.
2. Use Secure MFA Methods
   • Avoid SMS-based MFA; use authenticator apps, physical security keys, or biometric authentication instead.
3. Secure Your Mobile Account
   • Set a PIN or passcode with your carrier to prevent unauthorized SIM changes.
   • Enable additional security questions before making account modifications.
   • Regularly monitor your mobile carrier account for suspicious activity.
4. Educate Employees on Cybersecurity Best Practices
   • Train staff to recognize phishing attempts and avoid sharing personal information online.
   • Establish an incident response plan for addressing SIM-swapping attacks.

If you suspect a SIM-swap attack, act immediately. Contact your mobile carrier to report unauthorized changes and request an account freeze. Change passwords for critical accounts, prioritizing email, banking, and work-related logins. Notify financial institutions to prevent fraudulent transactions and limit financial loss. Report the incident to your IT team and cybersecurity professionals, and monitor your accounts for suspicious activity in the following weeks to mitigate lingering threats.

WHAT THIS MEANS FOR COUNTIES

Regular cybersecurity updates are vital to an effective security strategy. They help keep counties informed, vigilant, and prepared to respond to threats. CTSI recommends counties implement these essential cybersecurity controls to help manage their cyber exposures. This will safeguard and reduce digital vulnerabilities at the county level and assist in obtaining coverage with higher limits and lower premiums for CAPP. For more information, contact CTSI at (303) 861-0507.