Mr SIM Swap Gone Phishing

Mr. SIM Swap: Gone Phishing

6th ANNUAL ACFE AFRICA CONFERENCE

14 October 2013

Adv Jacqueline Fick

Executive: Forensic Services

2

• Introduction

• Phishing Defined

• SIM Swap Defined

• Relationship Between Phishing and SIM Swaps

• Some Interesting Statistics

• Case Study

• Investigation Methodology

• Outsmart the Criminals

• Closing Remarks

AGENDA

Mr SIM Swap: Gone Phishing

Introduction


4

INTRODUCTION

• An underground cybercrime economy and cyber black market exists where

the cybercriminal can buy, sell, barter or trade criminal skills, tools and your

private information: you can buy identities, credit card information, botnet kits

to name but a few.

• Several years ago, hackers hacked computers. Now, criminals hack

computers and are more like offline crime syndicates, such as the Mafia or

urban gangs.

• Fraud, extortion and identity theft have been around for centuries, the

internet just makes it easier.


5

INTRODUCTION (continued)

• Despite constant warnings and awareness campaigns, people still respond to

phishing/smishing attacks and provide sensitive information by phone or

email.

• By acquiring basic personal information through phishing, a criminal can

commandeer the cell phone account of an unknowing victim – intercepting or

initiating calls and intercepting SMSes and passwords sent by the victim’s

bank to authorise transactions on internet banking.

• Statistics have shown that SIM swapping is on the rise.


Phishing Defined


7

• Phishing is a technique used to gain personal information for purposes of

identity theft, using fraudulent e-mail messages that appear to come from

legitimate businesses. These authentic-looking messages are designed to fool

recipients into divulging personal data such as account numbers and

passwords, credit card numbers and other personal information.

• Phishers also use spam, fake web sites, computer malware and other

techniques to trick people into divulging sensitive information.

• It is easier to hack a user than a computer.

• Once the phishers have captured enough information from a victim, they either

use the stolen information to defraud a victim, or sell it on the black market for a

profit.

PHISHING DEFINED


8

• Honeynet Project

− The Honeynet Project is a non-profit, research organisation which aims to

improve the security of the Internet at no cost to the public by providing tools

and information on cyber security threats.

− Research shows that the average time spent in a cyber investigation was

approximately 34 hours per person to investigate an incident that took an

intruder about half an hour. That's about a 60:1 ratio!

(http://www.honeynet.org/challenge/results/)

PHISHING DEFINED (continued)


SIM Swap Defined


10

SIM SWAP DEFINED

• SIM swap fraud is a type of spear phishing (i.e. targeted) attack.

• It is committed when a fraudster convinces a victim’s mobile network operator

to transfer a victim’s cellular number (MSISDN) to a SIM in the possession of

the fraudster.

• Details are obtained through phishing/smishing, social engineering

techniques. SIM swap attacks are effectively an extension of phishing

attacks, key loggers, etc. which are generally based on organised groups.

• The fraudster can then receive any incoming calls and text messages,

including banking one-time-passcodes (OTPs) that are sent to the victim’s

phone.


Relationship between SIM Swaps and

Phishing


12

• In most instances SIM swap fraud works hand-in-hand with phishing/smishing

(SMS phishing).

• SIM swapping is also described as the second phase of a phishing scam.

• When banks introduced measures such as OTPs that are delivered via SMS, it

was to combat phishing attacks and other malware. The fraudsters then moved

to performing SIM swaps to get hold of the OTPs.

• Whilst the attacks are highly targeted, the targeting is simply based on a set of

users who have been phished or key-logged and whose banking credentials are

already in the hands of the fraudsters.

• This type of attack poses financial and reputational risks.

RELATIONSHIP BETWEEN SIM SWAPS AND PHISHING


Some Interesting Statistics


14

SOME INTERESTING STATISTICS


The month of August marks a much

anticipated return to school for both

parents and students, but it appears that

the subject of education is just as

popular in the cybercrime underground

this time of year. RSA has observed an

increased supply of cybercrime courses,

lessons, counselling and tutoring offered

to fraudsters in rather official-looking

models, mimicking the activity of

legitimate schooling.

(RSA Online Fraud Report, September 2013)

15

• RSA Online Fraud Reports show that South Africa does not fall within the top ten

countries hosting phishing attacks, but features high on the list of top ten

countries by attack volume.

• According to RSA Online Fraud Resource Center, 6 % of the global phishing

attack volume for the first half of 2013 was against South Africa.

• According to the South African Banking Risk Information Centre (Sabric), the

number of SIM swap incidents was under a 100 in 2011, but has jumped to more

than a 1000 in 2012.

SOME INTERESTING STATISTICS (continued)


Case Study


E & J Phisheries

With us you are never off the hook...

17

After a long and successful career as the CEO of CiT Heist Enterprises , Mr.

Snoek started his own business – E & J Phisheries (E & J).

Several of his previous employees joined him in the new venture and business

was booming. Their key market was the financial industry and they had an

aggressive marketing strategy to identify potential customers within this sector.

The trusted CIO of E & J, Mr. Jack le Hack, continuously strived to develop and

identify new IT products that he could deliver to potential clients. These included

both hardware and software options with the sole purpose of making clients part

with their hard-earned cash and increasing the revenue stream of E & J.

CASE STUDY

E & J Phisheries


18

But “competition” increased in the market and the financial industry partnered with

the mobile industry to offer innovate products that seriously impaired E & J’s

bottom line.

Internet banking became increasingly popular and to keep the market tight a client

would now receive an one-time-pin (OTP) to create new beneficiaries and other

transactions. This had a serious impact on Mr. Snoek’s cash flow.

To keep up with the latest market trend, Mr. Jack le Hack strategised with his team

and identified other uses for the (legitimate) SIM swap process used by mobile

operators. Putting yourself in your client’s shoes was taken to a whole new level:

E & J was back in the game and could now enable clients to part with their money

again without minimum effort on the client’s side.

With the help of previous business associates and other willing investors, E & J

quickly re-invested their client’s funds to ensure a maximum return on investment.

CASE STUDY (continued)

E & J Phisheries


19

With the help of previous business associates and other willing investors, E & J

quickly re-invested their clients’ funds to ensure a maximum return on investment.

But a new cartel appeared on the horizon, posing a significant threat to the

operations of E & J.

The banks, mobile operators and other agencies joined forces, and their anti-

competitive behaviour soon drove Mr. Snoek to drink. His business strategies

could still be effective if the different role players did not unite their forces against

him.

Sadly, the future of E & J Phisheries looks bleak….

CASE study (continued)

E & J Phisheries


Investigation Methodology


21

• The curricula vitae of the role players – profiling and analysis

• Syndicate activities?

• Can one agency investigate alone?

• Benefits of partnerships

• Fragile evidence

• Racketeering prosecutions?

• An opportunity missed by Mr. Snoek – premium rated services

INVESTIGATION METHODOLOGY


Outsmart the Criminals


23

• Never click on a link from an unknown source – be it on your computer or cell

phone.

• Never share personal or financial information via email or SMS.

• Inform your mobile operator and/or bank of suspicious emails and SMSes.

• Check your account regularly for fraudulent or unauthorised access and

transactions.

• Password security and social engineering.

• Keep anti-virus software up to date.

• Keep your cell phone information safe.

OUTSMART THE CRIMINALS


24

• Register for SMS messaging services and keep your phone with you.

• Do not switch your phone off if you, for example, receive several annoying calls.

If you have no network reception, contact your mobile operator immediately from

an alternative number.

OUTSMART THE CRIMINALS (continued)


Closing Remarks


26

• Whilst the financial loss of the actual fraud can be significant to the victim, the

loss of consumer faith and reputational risk can also be significant to mobile

operators and banks alike.

• Avoid becoming a phishing/SIM swap victim by keeping your personal

information safe.

• Report suspicious activity immediately.

• Be vigilant: keep abreast of latest cyber crime trends and information from your

mobile operator and bank.

CLOSING REMARKS


Thank you!


Documents

Mr SIM Swap Gone Phishing