Wednesday 16 September 2020, Poradnik bezpieczeństwa

SIM Swap attack. The victim lost almost PLN 400,000 from the account

Lost24

Scammers have managed to carry out a SIM Swap attack by obtaining SIM card number from the victim’s phone number. According to Polsat News, fraudsters hijacked victim’s online bank accounts and took out PLN 370,000 from them.


While talking on the phone, the connection was interrupted and the victim’s attempts to remove and insert the SIM card did not work. The victim visited the mobile network’s provided salon, where the SIM card was replaced with a new one. However, at this point the victim should have blocked the bank accounts as soon as possible, but was unaware of becoming a victim of a SIM Swap attack.


How did they manage to carry out the SIM Swap attack?
New SIM card was obtained by impersonating the victim at the mobile operator’s office. Fraudsters knew which bank the victim was using, they managed to reset the password thanks to hijacked text message’s and the victim’s customer login, and as a result money was withdrawn from the account using the instant transfer function. In addition, fraudsters an overdraft on the account for the amount of almost PLN 70,000.


The victim contacted the bank hoping to recover the money, but the bank would not accept the complaint, arguing that their systems have not been breached.
At the moment, the prosecutor’s office is searching for scammers.