Attackers have been bribing employees to modify data on the account without the proper account owner permission. In addition, there have been some reports that link retail store workers being recruited to hack accounts.
All of your calls and text messages will now be routed to the new SIM card, which is in the attacker’s possession. If the attacker can convince the customer service representative to activate the new SIM card, they now have access to your phone number.The attacker tries to convince the customer service rep to activate a new SIM card (one that the attacker currently has access to) by answering security questions based on the personal information from earlier.The attacker calls customer service (while impersonating you) and claims that their cell phone or SIM card has been lost or damaged.This can be from phishing, social media, malware, the dark web or anywhere your information might be leaked. Attacker obtains as much personal information as they can about you, in order to engage in social engineering.The SIM swapping process usually goes something like this: From there, any traffic inbound to that phone number (SMS messages, phone calls, etc) are sent to the new device that’s in the attacker’s control. It’s often done by simply tricking the carrier into thinking they are adding the new device for you, which allows them to activate a new phone using that phone number. This is typically done outside of your control, so even following security protocols will not prevent these type of attacks. The simplified explanation of what happens is: An attacker gains access to your phone number. In this post, we’re going to discuss exactly what a SIM Swap Attack is, how it happens and what you can do about it. There have been several cases of Instagram users get hacked and locked out of their account. How are they doing this? By basically taking control of a phone number, they are having the 2FA messages sent to a device on the phone number that they now control, thus getting around the Two-Factor authentication. Even with the added layer of security of Two-Factor Authentication (2FA), cybercriminals are still finding ways to hack into accounts.