Free SIM cards handed out on the street can be used to establish control over user accounts. Dmitry Pudov, Deputy General Director for Technologies and Development of the Angara Information Security Group, disclosed such a threat to the Prime Agency.
According to him, such cards are most likely issued for another person. “You cannot prove that this SIM card belongs to you. Accordingly, from the point of view of the law, you are not a subscriber and do not have any rights, ”the expert warned, urging never to accept such gifts, let alone use them.
Pudov recalled that currently, many Internet services use SMS messages as a way to restore access if the user has forgotten the password. As a result, if a person in such a situation uses a free card, he may lose access to the necessary sites.
Thus, scammers can reissue a SIM card, after which all calls and SMS will be sent to a new one. They will then try to take control of the victim's accounts by requesting a password reset via a phone number. Once they gain access, attackers can benefit from it in different ways. For example, they can monetize the traffic of a social network account, send friends a request to “urgently help with money,” or use a page to send phishing messages.
Pudov added that such an attack was previously actively used to intercept online banking confirmation codes to steal money. “Using banking Trojans or other hacking methods, the hackers obtained online banking credentials from victims and then a duplicate SIM card,” he explained.
In December 2020, Pavel Myasoedov, Director of Intellectual Reserve, spoke about ways to steal data from a SIM card. According to him, a fraudster can call the operator, introduce himself as the owner, report the loss of the SIM card and answer security questions, the answers to which he will find on the user's social networks. After that, the operator will disconnect the real SIM card, and the attacker will receive a new one with full access to the number and all the information that comes to him.
