SIM swappers have adapted their attacks to steal a target’s phone number by porting it into a new eSIM card, a digital SIM stored in a rewritable chip present on many recent smartphone models.
SMS 2FA needs to die. It’s infuriating that a lot of banks still rely on sms.
I can’t use my shitty banks shitty app because I refuse to use Googles shitty android skin. So I have to use shitty SMS because they don’t support any other authentication
Man, that’s shitty.
Hear, hear!
I’ve always been under the impression that in order to steal a phone number you have to social engineer it from the company or have physical access to the Sim card in the first place. Is that not the case?
From the text:
Now, attackers breach a user’s mobile account with stolen, brute-forced, or leaked credentials and initiate porting the victim’s number to another device on their own. They can do this by generating a QR code through the hijacked mobile account that can be used to activate a new eSIM. They then scan it with their device, essentially hijacking the number.
No need for social engineering.