Watch out! SIM Swappers are now going after your eSIM and your money

You might remember what the deal is with SIM Swappers. These are the dudes or dudettes who saunter into the retail location of the wireless carrier that you use, pretend to be you, and ask for a new SIM card. Any excuse will do, and they could say that the dog ate the old one. So the thief gets a new SIM card for your account and inserts it into a burner phone they purchased just for this occasion. Within minutes, the thief has your apps on his burner phone and is changing the passwords to your financial apps and stealing your money.

Meanwhile, you've noticed that your phone no longer works and received a notification that a SIM card change has been approved for your line. If this ever happens to you and you did not request a new SIM card, call your carrier immediately to report this because time is now of the essence. 

According to Bleeping Computer, SIM Swappers are now using eSIMs on compatible phones to pull off their SIM swap rip-offs. First, let's tell you what an eSIM is. This is an Embedded Subscriber Identity Module that is embedded inside your phone and doesn't come out. Once you ask your carrier to activate an eSIM, they will send you a QR code by email that can be used to connect your phone to your network. It works exactly like a physical SIM card and authenticates your phone and identity on your wireless network.

Russian cybersecurity firm F.A.C.C.T. says that in the U.S. and worldwide, SIM Swappers are turning to eSIMs to steal phone numbers and get around the protections that some are counting on to protect their financial apps from getting broken into. A press release from F.A.C.C.T says, ""Since the fall of 2023, analysts from F.A.C.C.T.'s Fraud Protection have recorded more than a hundred attempts to access the personal accounts of clients in online services at just one financial organization."

The press release added, "To steal access to a mobile number, criminals use the function of replacing or restoring a digital SIM card: transferring the phone from the victim's 'SIM card' to their own device with an eSIM."

In the old days, the thieves using the ol' SIM Swap rip-off would pay off an insider at a wireless provider to hand over a physical SIM card to a thief without asking to verify the customer's information. Beeping Computer explains how this is easier to do these days thanks to eSIMs.

First, the thief breaches a user's mobile account using credentials that are stolen, obtained using brute forced, or leaked. The thief then ports the victim's credentials and initiates porting the victim's number to another device owned by the thief. This is done by using the victim's mobile account to request a QR code to activate an eSIM. The burner phone scans the code and that's all that is needed. The legit phone is deactivated.

Once a scammer has your eSIM running his phone, he can try to scam more money using your messages app by pretending to be you, telling friends and family members that you were the victim of a SIM Swap, and ask them for some money to tide you over.

To prevent this from taking place, experts suggest using complex and unique passwords for your cellular service account. And enable two-factor authentication (2FA) if possible. With 2FA, besides entering your password to sign into an app, you will have to provide a code that will be texted to your phone after you try to sign in. You will need to type in the correct code along with the right password in order to sign into the app.