Researchers warn that criminals are using eSIMs to hijack phone numbers and access bank accounts


F.A.C.C.T., a Russian cybersecurity firm, has warned about the use of eSIM technology by SIM swappers to steal phone numbers and bypass security measures, according to Bleeping Computers. The firm has detected over a hundred attempts to access personal accounts at a single financial organisation since fall 2023, indicating a growing threat.

What is eSIM
eSIMs are digital SIM cards stored on mobile device chips that offer the same functionality as physical SIM cards, but with the added advantage of remote reprogramming. Users can add an eSIM to their device by scanning a QR code provided by their service provider. This technology has become popular among smartphone manufacturers as it eliminates the need for a physical SIM card slot and enables cellular connectivity on small wearables.

Cybercriminals adapt to exploit eSIM vulnerabilities
SIM swappers have adapted their attacks to exploit eSIM technology. Since fall 2023, F.A.C.C.T.’s Fraud Protection analysts have recorded over a hundred attempts to access personal accounts of clients in online services at one financial organisation. Attackers breach users’ mobile accounts using stolen, brute-forced, or leaked credentials and initiate the porting of victims’ numbers to their own devices by generating QR codes through the hijacked accounts. This process effectively hijacks the victim’s phone number while deactivating the legitimate owner’s eSIM or physical SIM card.

Once criminals gain access to a victim’s mobile phone number, they can obtain access codes and two-factor authentication for various services, including banks and messaging apps. Cybercriminals can also use the stolen phone numbers to access SIM-linked accounts in various messenger apps, enabling them to impersonate the victim and trick others into sending money.

Protecting against eSIM-swapping attacks
To defend against eSIM-swapping attacks, researchers recommend using complex and unique passwords for cellular service provider accounts and enabling two-factor authentication when available. For high-value accounts, such as e-banking and cryptocurrency wallets, users should consider additional security measures like physical keys or authenticator apps.


The rise of eSIM technology has inadvertently provided SIM swappers with new avenues for exploitation. It is crucial for both individuals and organisations to stay informed about emerging risks and take proactive steps to mitigate them. BleepingComputer’s report on F.A.C.C.T.’s findings serves as a wake-up call for users to prioritize the security of their mobile accounts and highlights the importance of staying ahead of cybercriminals’ ever-changing tactics.


Source link

4 thoughts on “Researchers warn that criminals are using eSIMs to hijack phone numbers and access bank accounts

Leave a Reply

Your email address will not be published. Required fields are marked *