X-Industry

SIM Swapping

Posted by Jim McKee on March 18, 2025 at 8:00am

13519530295?profile=RESIZE_400xA surge in SIM-swapping fraud across the Middle East has exposed new tactics cybercriminals use to exploit victims. According to a new report by Group-IB, fraudsters increasingly leverage phishing websites and social engineering to bypass security measures, allowing them to hijack mobile numbers and access sensitive accounts.

Investigations have shown that attackers first obtain personal details, such as national IDs and banking information, through fraudulent websites that mimic legitimate services. They then use this data to request a SIM swap or port-out, effectively transferring control of the victim’s phone number to the fraudster.

See: https://redskyalliance.org/xindustry/sim-swapping-attacks

Once in control, criminals intercept SMS-based two-factor authentication (2FA) codes, enabling them to carry out unauthorized financial transactions. One key finding from recent fraud cases is the rise of phishing websites specifically designed to imitate high-demand services. Fake domains target industries such as car insurance, domestic worker hiring, and government services.

By exploiting regional trends, attackers increase their chances of deceiving victims into entering sensitive information. A recent case study highlighted how a phishing website impersonating an insurance provider led to multiple complaints of SIM deactivations.
Further analysis revealed a more extensive network of fraudulent domains linked to a single administrator designed to harvest personal data. Many of these domains used bulk registration tactics and Typosquatting to evade detection.

Financial losses from SIM swapping fraud continue to rise. Group IB reports that 39% of cases involved multiple unauthorized transactions. Losses ranged from $270 to $5,400, though some incidents exceeded $160,000. Attackers have been found using compromised SIMs to reset banking credentials, transfer funds to mule accounts, and conduct fraudulent payments through digital wallets.
To counteract these threats, financial institutions and individuals must take proactive measures.

For Banks and Telecom Providers:

  • Freeze high-risk actions when a SIM swap is detected and requires additional identity verification
  • Use behavioral analysis to detect suspicious logins and transactions
  • Improve real-time intelligence sharing between banks, telecom providers, and regulators

For Individuals:

  • Replace SMS-based 2FA with authenticator apps like Google Authenticator or Duo.
  • Be cautious of phishing websites and unsolicited messages requesting personal information.
  • Report any unexpected SIM deactivation or unauthorized account access immediately.

Despite ongoing efforts to curb SIM-swapping fraud, criminals continue to refine their methods. Without stronger security measures and greater awareness, victims remain at risk of financial and identity theft.

 

This article is shared at no charge and is for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com

• Reporting: https://www.redskyalliance.org/
• Website: https://www.redskyalliance.com/
• LinkedIn: https://www.linkedin.com/company/64265941

Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122

Views: 61
Tags: tr-25-074-006, sim fraud, group-ib, mimic legitimate services
E-mail me when people leave their comments –
Follow

You need to be a member of Red Sky Alliance to add comments!