SIM Card Swap

An adversary could convince the mobile network operator (e.g. through social networking, forged identification, or insider attacks performed by trusted employees) to issue a new SIM card and associate it with an existing phone number and account.[1][2] The adversary could then obtain SMS messages or hijack phone calls intended for someone else.[3]

One use case is intercepting authentication messages or phone calls to obtain illicit access to online banking or other online accounts, as many online services allow account password resets by sending an authentication code over SMS to a phone number associated with the account.[4][5][6][7]

ID: T1451
Sub-techniques:  No sub-techniques
Tactic Type: Without Adversary Device Access
Tactic: Network Effects
Platforms: Android, iOS
Contributors: Karim Hasanen, @_karimhasanen
Version: 1.2
Created: 25 October 2017
Last Modified: 30 September 2021
Provided by LAYER 8


ID Mitigation Description
M1011 User Guidance

Users should be instructed to use forms of multifactor authentication not subject to being intercepted by a SIM card swap, where possible. More secure methods include application-based one-time passcodes (such as Google Authenticator), hardware tokens, and biometrics.