They access the code that the bank sends by SMS to buy online. They use “cheap mules” and offer bribes to telephone employees
The crisis ofcoronavirus and the confinement forces citizens to make purchases and manage the bank through the internet. A situation that has not gone unnoticed by criminals, who are focusing their activity in this environment, according to the experts in computer crimes of the Civil Guard. In a “risk analysis” document titled “Cybercrime: Attacks on 2FA SIM Swapping“sent on April 30 to all the headquarters, which El Periódico de Catalunya has accessed, they report that they have detected”new trends and modus operandi “among the scammers and alerta new fraud when using themobile phoneto make payments and transfers online.
The fraud “it is committed in two steps“warns theCivil Guard. First, an already classic method that has grown during confinement: cybercriminalsThey steal personal data to access your online banking. They try “sending phishing emails“, a method in which the trickster even imitates official corporate logos or images of the bank. In this message, they kindly request that personal data be provided with some excuse.
Hard to spot
But specialists from the Civil Guard have identified another more sophisticated and difficult to detect maneuver: they launch computer attacks thatthey camouflage themselves after mobile applications “outside the banking field, such as the flashlight or the telephone calculator”. Thus, they explain, “when the user uses this apparently innocuous application, a hidden code is installed on the phone that scans the device for installed banking applications.” In this way, “when the user starts it, an identical page will be executed just above this one under the control of the cyber criminal, in which the user himself will insert his credentials”.
Once the scammer has obtained the victim’s bank details, he will still have to overcome yet another barrier: circumventing the security protocol established by all online banking. When a client makes any economic transaction on the internet,your entity sends you a code by SMSto be entered into the device to validate the operation. However, the Civil Guard has detected that “there are already criminals who know how to access that code illegitimately.” And that despite the fact that the bank changes that numerical key with each transaction. This threat is known as“attack on double verification factor or 2FA”.
Duplicate the SIM card
With the help of “economic mules“or intermediaries who collaborate with the criminal organization,” duplicate the SIM card “of a mobile phone and transfer the number to another device that is under the control of the network, a phenomenon known as“SIM Swapping”. Once this is done, they can “freely access the messages with the verification code received and thus make a non-consensual transaction,” warns the Civil Guard document.
Their cybersecurity experts have discovered the ingenious strategies these criminals often use toget a duplicate SIM card.Sometimes in a more artisanal way: “They contact the operator of the telephone companyimpersonating the user with some excuse such as loss, card breakage or theft, suggesting that you need to keep the same phone number. “
On other occasions, “they deliver a false authorization in a physical store in which the cardholder supposedly gives permission to make a duplicate.” There are also those who try “trick the clerk with a simple photocopy of the ID of the phone holderarguing any excuse for which he has not been able to go personally. “The Civil Guard has even detected” attempts to bribe employees “of telephony to collaborate with the criminal organization.
Although specialists clarify: “The ease of achieving the consummation of the scam will depend, on the one hand, on the security policy of the telecommunications company and, on the other, on the zeal of the person in charge of carrying out this management.