Experts Report Attempts to Steal Phone Numbers Using eSIM

Cybersecurity experts have detected attempts by criminals to steal mobile phone numbers using eSIM technology (an embedded digital card that replaces a physical SIM card in some smartphones) in order to gain access to Russians’ online banking accounts, according to specialists from F.A.C.C.T., a developer of anti-cybercrime technologies, as reported by RBC.

Fraudsters are transferring victims’ phone numbers from their physical SIM cards to their own devices with eSIM. To obtain the QR code or SM-DP+ activation code (which is responsible for generating and securing eSIM profiles), attackers submit a request on the mobile operator’s website or app to transfer the number from a physical SIM to an eSIM. Once this process is complete, the victim loses access to their mobile number and can no longer use their SIM card.

Dmitry Dudkov, a specialist from F.A.C.C.T.’s Fraud Protection Department, explained: “Once cybercriminals gain access to a victim’s mobile phone number, they can obtain access codes and two-factor authentication for various services, including banks and messengers, opening up many opportunities for criminal schemes.”

According to F.A.C.C.T., since fall 2023, there have been over 100 recorded attempts to log into clients’ personal accounts in online services at just one financial institution.

Additionally, experts warn that if a mobile number is stolen, criminals can access the victim’s messages and send requests to their contacts asking to borrow money.

How to Protect Yourself

• Use strong, unique passwords for your mobile operator’s apps.
• Enable two-factor authentication wherever possible.
• Carefully monitor SMS messages from your mobile service provider for any suspicious activity.