{"id":4317,"date":"2022-02-15T17:49:27","date_gmt":"2022-02-15T17:49:27","guid":{"rendered":"https:\/\/fortgale.com\/news\/?p=4317"},"modified":"2026-06-08T09:44:22","modified_gmt":"2026-06-08T09:44:22","slug":"sim-swap-conti-correnti","status":"publish","type":"post","link":"https:\/\/fortgale.com\/blog\/emerging-threats\/sim-swap-conti-correnti\/","title":{"rendered":"SIM-Swapping Attacks to Access Bank Accounts"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">In a <a href=\"https:\/\/www.policia.es\/_es\/comunicacion_prensa_detalle.php?ID=11102#\" target=\"_blank\" rel=\"noreferrer noopener\">press release<\/a>, Spanish authorities announced the arrest of a criminal group of 8 individuals who carried out <strong>SIM-Swapping<\/strong> attacks to access the bank accounts of unsuspecting victims.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>SIM-Swapping<\/strong> is an attack technique that enables criminals to seize control of a victim&#8217;s phone number. The captured number is then used to intercept SMS-based 2FA codes (<code>T1111<\/code> \u2014 Two-Factor Authentication Interception), granting access to online banking portals and any service relying on SMS authentication.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"attack-overview\">Attack Overview<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">SIM-Swapping has evolved steadily over the years, with documented losses affecting both bank accounts and cryptocurrency wallets.<br>According to the <strong>FBI<\/strong>, from <strong>2018-01<\/strong> to <strong>2020-12<\/strong>, 320 complaints related to this attack type were filed, with estimated losses of approximately <strong>12 million USD<\/strong>. In <strong>2021<\/strong> alone, complaints rose to <strong>1 611<\/strong>, with losses exceeding <strong>68 million USD<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"the-spain-case\">The Spain Case<\/h2>\n\n\n\n<figure class=\"wp-block-embed aligncenter is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"es\" dir=\"ltr\">\ud83d\udea98 detenidos por defraudar a personas de toda <a href=\"https:\/\/x.com\/hashtag\/Espa%C3%B1a?src=hash&amp;ref_src=twsrc%5Etfw\">#Espa\u00f1a<\/a> mediante el <a href=\"https:\/\/x.com\/hashtag\/SimSwapping?src=hash&amp;ref_src=twsrc%5Etfw\">#SimSwapping<\/a> <br><br>Obten\u00edan informaci\u00f3n de sus v\u00edctimas mediante mensajes maliciosos y enga\u00f1aban a empleados de tiendas de telefon\u00eda para duplicar las tarjetas SIM y as\u00ed vaciar sus cuentas bancarias<a href=\"https:\/\/x.com\/hashtag\/SomosTuPolic%C3%ADa?src=hash&amp;ref_src=twsrc%5Etfw\">#SomosTuPolic\u00eda<\/a> <a href=\"https:\/\/t.co\/tKfZfOFckI\">pic.twitter.com\/tKfZfOFckI<\/a><\/p>&mdash; Polic\u00eda Nacional (@policia) <a href=\"https:\/\/x.com\/policia\/status\/1491714811146629121?ref_src=twsrc%5Etfw\">February 10, 2022<\/a><\/blockquote><script async src=\"https:\/\/platform.x.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">The press release states:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>&#8220;<em>They deceived mobile phone store employees to obtain SIM card duplicates and, in this way, gained access to bank security confirmation messages&#8230; They were then able to operate the victims&#8217; online banking and access accounts to drain them after receiving security confirmation messages from the banks.<\/em>&#8220;<\/p><\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"technical-detail\">Technical Detail<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The criminals socially engineered employees of the victims&#8217; mobile carriers into porting the legitimate SIM to a new SIM card assigned to the fraudster (<code>T1078<\/code> \u2014 Valid Accounts, <code>T1199<\/code> \u2014 Trusted Relationship abuse at the carrier level). With control of the phone number, the group executed email account resets, which in turn allowed password resets on banking and other online accounts. SMS-based 2FA confirmations were intercepted to authorise transactions.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Authorities noted: &#8220;<em>Victims lost network signal on their phones because, upon activating the duplicate SIM, the original was immediately deactivated \u2014 leaving the line in the hands of the suspects&#8230; The fraudsters received the bank messages with the codes required to authorise transactions, using online banking services from multiple European countries.<\/em>&#8220;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">An unexpected loss of cellular signal on a single device \u2014 while other devices on the same carrier remain unaffected \u2014 is a primary indicator of an active SIM-Swap. The response window is narrow: accounts are typically reset and funds drained before the victim can contact their carrier.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Phishing-resistant MFA methods \u2014 authenticator apps and hardware security keys (FIDO2) \u2014 eliminate SMS interception as an attack surface and are the recommended mitigations against this class of account-takeover.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In a press release, Spanish authorities announced the arrest of a criminal group of 8 individuals who carried out SIM-Swapping attacks to access the bank accounts of unsuspecting victims. SIM-Swapping is an attack technique that enables criminals to seize control of a victim&#8217;s phone number. The captured number is then used to intercept SMS-based 2FA &#8230; <a title=\"SIM-Swapping Attacks to Access Bank Accounts\" class=\"read-more\" href=\"https:\/\/fortgale.com\/blog\/emerging-threats\/sim-swap-conti-correnti\/\" aria-label=\"Read more about SIM-Swapping Attacks to Access Bank Accounts\">Read more<\/a><\/p>\n","protected":false},"author":7,"featured_media":4333,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[3102,3109,3103,3107,3105,3108,1537,3104,3106],"class_list":["post-4317","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-emerging-threats","tag-2fa-bypass","tag-account-takeover","tag-banking-fraud","tag-fbi","tag-fraud","tag-mobile-security","tag-sim-swapping-it","tag-social-engineering","tag-spain"],"_links":{"self":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/4317","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/comments?post=4317"}],"version-history":[{"count":12,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/4317\/revisions"}],"predecessor-version":[{"id":9814,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/4317\/revisions\/9814"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/media\/4333"}],"wp:attachment":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/media?parent=4317"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/categories?post=4317"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/tags?post=4317"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}