eSIM technology has revolutionized mobile communication by eliminating the need for physical SIM cards. Instead of swapping out a card, users can activate their service digitally by logging into an app or scanning a QR code. However, this modern technique does not prevent cybercriminals from targeting users and attempting to access their accounts.
Once a theft occurs, cybercriminals can exploit the stolen information to gain access to various services, such as banking and messaging, leading to potential scams. Cybersecurity company ESET reports that cybercriminals can use stolen or forced credentials to break into user accounts and obtain the QR code needed to activate the eSIM on their own device, effectively stealing the victim’s phone number.
In 2023, Russian cybersecurity company FACCT found an increase in SIM swapping as cybercriminals took advantage of the transition to eSIM technology. They targeted financial institutions after cloning eSIMs, with over a hundred attempts recorded in a single institution to access customers’ personal accounts. Being a victim of eSIM swapping can have serious consequences for security and privacy, including unauthorized access to personal accounts and potential financial losses. To protect against phone number theft, ESET specialists recommend being cautious of phishing scams, as SIM swapping often relies on deceptive emails and messages.