Next time your phone rings and the caller ID says it’s your bank, telecom company or employer’s IT department, it might be someone else.
That’s because little-discussed types of SIM cards offer the ability to spoof any number, can be encrypted and in some cases allows the user’s voice to be altered and cloaked. Such SIM cards are , and they can make social engineering attacks like those that struck easier to execute.
A SIM (Subscriber Identity Module) card is essentially what stores information about a phone’s user, including country, service provider and a unique idea that matches it to its owner.
While spoofing a phone number is an old trick, these SIMs offer a streamlined way to do it. They underscore the wide array of vulnerabilities companies and individuals face when trying to protect against social engineering attacks.
Twitter was the , in which a person posing as a company insider (often supposedly from the IT department) calls a real employee to extract information. That attack, which led to the takeover of 130 accounts, including high-profile ones such as Elon Musk and Kanye West, to scam their followers out of $120,000 worth of , has brought increased attention to the practice. Tools like these SIMs are one way for attackers to try and stay ahead of suspecting companies.