User Controls
An Apparently To Alert You Of A Sim-Swap Attack
-
2022-08-21 at 1:55 AM UTC
Originally posted by Sophie Burner phones seem to work for me. More to the point, phone stuff is not my field so i wanted to ask how swappers get the info they need to execute a sim swap. Are there particular targets that are high value or in demand as it were?
It doesn't take much info. Just a phone number and 'maybe' the name on the account. Usually they want an email address that they can access using this phone number via a One-Time-Passcode. Any other accounts they can access using this phone number would work.
They usually find out what mobile carrier is being used, call one of the local stores and social engineer a Rep into swapping that phones service to another phone. They call the mobile carrier directly and change it as well.
Once they have control of the phone number, they can then use it to reset passwords.
At my job, if we send someone a passcode to their phone, and they confirm it, they are authenticated to the highest. I work for a bank. -
2022-08-21 at 2:15 AM UTC
Originally posted by SBTlauien It doesn't take much info. Just a phone number and 'maybe' the name on the account. Usually they want an email address that they can access using this phone number via a One-Time-Passcode. Any other accounts they can access using this phone number would work.
They usually find out what mobile carrier is being used, call one of the local stores and social engineer a Rep into swapping that phones service to another phone. They call the mobile carrier directly and change it as well.
Once they have control of the phone number, they can then use it to reset passwords.
At my job, if we send someone a passcode to their phone, and they confirm it, they are authenticated to the highest. I work for a bank.
Got it. Find out how your number keeps popping up on their radar. Also this gave me an idea for the blue team. You could probably honeypot these people by strategically leaking certain numbers tied to a special operations center, basically a couple servers simulating the kind of access they are after. Stick and carrot them to keep them around long enough to see if and when they fuck up.