A new scam based on SIM swapping attempts to recover your phone number using the eSIM. We explain how it works and how to avoid it.
Source: Markus Winkler on Unsplash
L’eSIM is at the heart of a new SIM swap scam. Two technical terms that you may not be familiar with. We take this opportunity to take stock.
What is an eSIM?
eSIM (or virtual SIM): this stands for on-board SIM. An eSIM is a standard digital SIM card that allows you to use a mobile plan from your operator without having to use a physical SIM card. All French mobile operators, Free, Orange, Bouygues Telecom or SFR now offer eSIMs. However, you need a compatible smartphone, or a connected watch.
What is SIM swap?
The concept of SIM swapping is a term that refers to the act of “stealing” a mobile phone number. The objective of the hackers is then to transfer your number from your SIM card to a SIM card in their possession.
It is not a complicated and out of reach technique. Often, hackers contact your operator’s customer service to pretend to be you. They can claim the loss of a phone, a theft or a malfunction. They can also directly bribe an employee of a mobile operator.
To manipulate mobile operators, they use personal information such as your date of birth, your address… information that can be found on the web, but also in stolen databases found on the dark web. or even on open access forums.
Once the number has been transferred, this allows hackers to receive your SMS and your calls, and of course to unlock access to certain services with double authentication.
Why is it a problem here
A new scam attempts to retrieve your phone number via an eSIM. This scam starts with an SMS that refers to a domain name esim-fr-support.fr, whose interface mimics the SFR site. The objective is to encourage you to communicate your SFR accesses of your mobile subscription.
A few hours after the fake form was filled out, the telephone line was then deactivated. This recovery of the telephone number then makes it possible to launch various scams, such as a spam campaign linked around the Crit’Air sticker or even premium rate calls. The whole scam is illustrated on this site.
How to avoid SIM swapping?
The best thing is to avoid posting personal information on the web. It’s easy to say and maybe already too late, but it’s always important to be aware of it. Avoid showing your date of birth, or confusing the issue by entering the wrong dates of birth. Prefer activation of double authentication with an authentication application, without going through a phone number.
Fraudulent SMS are unfortunately very numerous and target almost everyone, because a large number of people are not sufficiently aware of these dangers. Here are some practical tips… Read more
To follow us, we invite you to download our Android and iOS app. You can read our articles, files, and watch our latest YouTube videos.
We would like to say thanks to the writer of this post for this amazing content
