"SIM Swap Attacks Making Two-Factor Authentication via Smartphones Obsolete"

Security researchers at PhishLabs further emphasized that SIM swap attacks are making SMS two-factor authentication (2FA) obsolete. A SIM swapping attack refers to the performance of social engineering to trick mobile carriers into transferring control over a legitimate user's mobile account to threat actors. In a blog post, the researchers highlighted a recent Princeton study in which 50 attempts were made to port a stolen number to a SIM card via North American prepaid telecom companies. The study found that in most cases, only one question asked by customer service needed to be answered correctly to authenticate successfully, despite failure to answer previous authentication questions. The success of such attacks can lead to the hijacking of victims' bank accounts. Researchers call for the use of device-based 2FA instead of number-based 2FA to reduce the threat of these attacks. This article continues to discuss SIM swap attacks and how organizations can protect themselves from these attacks.

SC Media reports "SIM Swap Attacks Making Two-Factor Authentication via Smartphones Obsolete"