Cybercriminals are exploiting eSIM technology to steal phone numbers, leading to bank account breaches, warn cybersecurity researchers. (Pexels)

Researchers warn that cybercriminals are using eSIM technology to steal data and access bank accounts.

F.A.C.C.T., a prominent Russian cybersecurity company, has issued a strong caution about the malicious utilization of eSIM technology by criminals to steal phone numbers and gain entry to sensitive bank accounts. The concerning trend, highlighted by Bleeping Computers, underscores how eSIM, originally intended for ease of use, is now being manipulated for illicit purposes.

What is eSIM technology?

The eSIM, or electronic SIM card, represents the digital evolution of the physical SIM card, which resides in the chips of the mobile device and offers identical functions with the added benefit of remote programming capabilities. Users can seamlessly integrate the eSIM card into their devices by scanning the QR code provided by their service provider. The innovation, widely accepted by smartphone manufacturers, eliminates the need for traditional SIM card slots and facilitates mobile phone connection even in small wearable devices.

Adaptation Tactics of Cybercriminals

However, cybercriminals have proven adept at exploiting the inherent vulnerabilities of eSIM technology. Since the fall of 2023, analysts at F.A.C.C.T.’s Fraud Protection Division have detected attempts to breach personal accounts at a major financial institution. Using a technique known as SIM swapping, these attackers infiltrate users’ mobile accounts through a variety of methods, including stolen or brute force credentials. Later, they start porting victims’ numbers to their own devices by generating QR codes through compromised accounts. This malicious operation effectively takes control of the victim’s phone number while deactivating their genuine eSIM or physical SIM.

Access to sensitive information

Once criminals get hold of a victim’s cell phone number, they have unfettered access to a treasure trove of sensitive information, according to the report. This includes obtaining access codes and bypassing two-factor authentication procedures on a variety of services, from banking platforms to messaging apps. Using stolen phone numbers, cybercriminals can even manipulate SIM-linked accounts in messenger apps and assume the victim’s identity to commit fraudulent activities such as requesting illegal money transfers.

How to protect yourself from eSIM scams

As this insidious threat looms large, cybersecurity experts are advocating strict measures to protect against eSIM fraud:

1. Use strong, unique passwords for every app and update them regularly.

2. Enable two-factor authentication for all important accounts like email, banking apps, and social media, and don’t share these codes with anyone.

3. Be alert for any SMS related to SIM lock or transfer requests and verify their authenticity.

Also, follow basic security practices such as refraining from giving out personal information to unknown parties to reduce the risk of falling victim to eSIM scams.