:quality(75)/cloudfront-us-east-1.images.arcpublishing.com/elcomercio/BBNQJJJEXJEVPKBWNA6N25Z2GA.jpeg)
Unlike conventional physical SIM cards, eSIMs are chips embedded in the device that allow users to activate services digitally. By logging into an app or scanning a QR code, users can easily switch between carriers and devices without having to physically swap out their SIM card. While this technology is more modern than traditional methods, it does not prevent cybercriminals from exploiting vulnerabilities. In fact, these criminals are constantly updating their methods to obtain access codes and two-factor authentication for services like banking and messaging, creating opportunities for scams to be carried out.
One of the biggest risks associated with eSIM technology is the potential for cybercriminals to steal users’ mobile accounts using stolen, coerced or leaked credentials through social engineering or phishing attacks. Once they have obtained a victim’s QR code, they can effectively hijack their number by cloning it onto their own device. This can lead to serious security breaches and put victims at risk of identity theft and other crimes.
In 2023, there was a rise in SIM swapping incidents that took advantage of the transition to eSIM technology. These attacks targeted personal accounts in online services such as financial institutions after eSIM cloning. Victims of eSIM swapping faced serious security and privacy risks as a result of these attacks.
To protect against phone number theft and eSIM swapping, ESET specialists recommend being cautious with phishing scams such as suspicious emails and messages. It is important to stay vigilant and avoid interactions with unfamiliar or suspicious contacts in order to mitigate these threats. Additionally, they recommend using strong passwords and enabling two-factor authentication on all accounts whenever possible.
