Lapsus$ hackers took SIM-swapping attacks to the next level

[correlate]

Level 18
Thread author
Top Poster
Well-known
May 4, 2019
801
The U.S.A. government released a report after analyzing simple techniques, e.g. SIM swapping, used by the Lapsus$ extortion group to breach dozens of organizations with a strong security posture.
Reviewing the group's operations started in December last year following a long trail of incidents attributed to or claimed by Lapsus$ after leaking proprietary data from alleged victims.
Among high-profile companies impacted by Lapsus$ are Microsoft, Cisco, Okta, Nvidia, T-Mobile, Samsung, Uber, Vodafone, Ubisoft, and Globant.
 

Marko :)

Level 21
Verified
Top Poster
Well-known
Aug 12, 2015
1,024
Is SIM swapping still a problem in the US, Canada? It was never a problem here. Though, we did had cases long time ago when criminals would use lost/stolen ID cards and went to ISP stores to buy phones and sign a postpaid contracts; leaving victims with huge bills to pay. Fortunately, only a small number of people were scammed before ISPs started doing stricter checks.

Now, even when dealing with customer support, they'll ask a whole number of questions to confirm that it is really you in fact, before helping you with anything.
They ask for:
  • ID number
  • personal identification number
  • date of birth
  • subscriber ID (written on contract and every monthly bill)
  • phone/mobile number (which needs help)
  • the total of your last bill
... and sometimes even more.

In case you're contacting them via e-mail, they won't help you if the e-mail address wasn't previously verified (meaning you have to send them request to add your e-mail address in their base as the official way of contact). They won't even send you a new SIM card if you call them, you have to go to their store.

There are so many requirements it gets on my nerves sometimes; but all in the name of security.
 

[correlate]

Level 18
Thread author
Top Poster
Well-known
May 4, 2019
801
Is SIM swapping still a problem in the US, Canada? It was never a problem here. Though, we did had cases long time ago when criminals would use lost/stolen ID cards and went to ISP stores to buy phones and sign a postpaid contracts; leaving victims with huge bills to pay. Fortunately, only a small number of people were scammed before ISPs started doing stricter checks.

Now, even when dealing with customer support, they'll ask a whole number of questions to confirm that it is really you in fact, before helping you with anything.
They ask for:
  • ID number
  • personal identification number
  • date of birth
  • subscriber ID (written on contract and every monthly bill)
  • phone/mobile number (which needs help)
  • the total of your last bill
... and sometimes even more.

In case you're contacting them via e-mail, they won't help you if the e-mail address wasn't previously verified (meaning you have to send them request to add your e-mail address in their base as the official way of contact). They won't even send you a new SIM card if you call them, you have to go to their store.

There are so many requirements it gets on my nerves sometimes; but all in the name of security.
If it does not pose a great danger to the citizen in America
But citizens in Europe or Asia may be exposed to potential harm
 

Trident

Level 29
Verified
Top Poster
Well-known
Feb 7, 2023
1,809
If it does not pose a great danger to the citizen in America
But citizens in Europe or Asia may be exposed to potential harm
It’s a whole thing here in the UK to get a new SIM so I doubt it. They would ask you to do a Chip and PIN with a card that has previously been verified and they will ask plenty of security questions. Good luck to Lapsus.
 

Marko :)

Level 21
Verified
Top Poster
Well-known
Aug 12, 2015
1,024
It’s a whole thing here in the UK to get a new SIM so I doubt it. They would ask you to do a Chip and PIN with a card that has previously been verified and they will ask plenty of security questions. Good luck to Lapsus.
Yeah, with security in Europe we have, they have no chance with SIM swapping. Also, even if they started sending SIMs over the phone here (which they don't), I doubt they'll issue a new SIM card of someone with Croatian name speaking English. And good luck fooling them with Google Translate and Croatian accent. 😂
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top