Simjacking is Still a Problem, British Food Writer Lost £5,000

MonroeBritish food writer Jack Monroe lost £5,000 due to a simjacking attack, the BBC reports. In a series of tweets, Monroe said someone had taken over her phone number and used the access to steal months worth of earnings from her bank account. She added that her payment card details and PayPal information were apparently stolen during an online transaction.

Simjacking occurs when an attacker calls a mobile operator and impersonates a target in order to trick the operator into porting the target’s phone number to the attacker’s device. The attacker can then exploit anything the number grants them access to, and can bypass SMS-based two-factor authentication. In Monroe’s case, the attacker was able to trick the operator into switching the phone number by providing Monroe’s birth date, which is available on Wikipedia.

It’s worth noting that Monroe did have precautions in place. She stressed that she is “absurdly paranoid about security,” and says she uses two-factor authentication on everything, along with unique, complex passwords. Simjacking can bypass these safeguards however, since it doesn’t target the victim directly and takes advantage of a human employee at a mobile phone company.

As technical defenses improve, social engineering attacks will increase. Even if your organization has the most advanced defenses in place, your security posture is still severely lacking if one of your employees can be tricked into giving the attacker what they want. New-school security awareness training can ensure that your employees have the skills to resist these attacks. The BBC has the story:

Request Your Security Awareness Training Quote

products-KB4SAT6-2Old-school awareness training does not hack it anymore. Your email filters have a ~10% failure rate; you need a strong human firewall as your last line of defense. KnowBe4 is your platform for new-school security awareness training. We help you keep your users on their toes with security top of mind. You simply have got to start training and phishing your users ASAP. If you don't, the bad guys will. Find out how affordable this is for your organization and be pleasantly surprised.

Get A Quote Now

Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Domain Spoof Test Contest

Get the latest about social engineering

Subscribe to CyberheistNews