SIM Swapping: a common yet underestimated threat

The resurgence of SIM Swapping

Since its rise in popularity during the early 2010s, SIM Swapping has remained a significant security threat—yet often underestimated. The attack gained widespread attention following the hacking of Twitter CEO Jack Dorsey’s account in 2019, highlighting how vulnerable even high-profile targets can be.

Recently, the scale of this threat has surged. In the UK, CIFAS reported a staggering 1,055 million increase in SIM Swap incidents between 2023 and 2024¹. Each attack can cause severe financial damage, especially to vulnerable populations over 60, with losses reaching €6.3 million in 2024, according to the FBI’s 2024 IC3 report².

What is SIM Swapping? 

A SIM Swap involves an attacker impersonating a victim to trick mobile operators into transferring the victim’s phone number to a SIM card controlled by the attacker. Here’s how it typically unfolds:

1. Personal Data Collection

Attackers gather personal information—such as birth date, address, email, and customer ID—by exploiting social media, data leaks, or other sources.

2. Social Engineering

Using this data, the attacker contacts the mobile carrier’s customer service, claiming to have lost their phone and requesting a new SIM card. They often answer security questions or provide personal details to convince the representative.

3. The Swap

The carrier transfers the victim’s phone number to the attacker-controlled SIM card.

4. Account Takeover

Once the swap is complete, the attacker’s SIM receives all calls, texts, and SMS-based OTPs. This access enables them to reset passwords, bypass multi-factor authentication, and gain control over online accounts—such as email, banking, and social media.

The impact on consumers

Consumers are the ultimate victims of SIM Swapping. Attackers often use this access to:

• Take control of online accounts through password resets
• Hijack social media profiles
• Empty bank accounts via online transfers
• Commit identity theft

While consumers are the targets, call centers of mobile operators are frequently exploited as the weak link in the chain, making them a critical point of vulnerability.

How to protect your users with Network APIs

Traditional security measures are increasingly insufficient against evolving threats like SIM Swapping. The solution? Leverage network data directly within your applications.

By integrating standardized APIs, your app can connect seamlessly to mobile carrier networks across different providers and countries—thanks to initiatives like CAMARA (an open-source project) and GSMA Open Gateway. These standards now cover approximately 80% of the global market.

Why does this matter? This approach allows your application to interact directly with the network layer, providing real-time insights and verification capabilities that significantly bolster security without compromising user experience.

Benefits of using Network APIs

• Silent verification of number status and registration
• Detection of suspicious SIM activities
• Real-time monitoring of device presence and location
• Proactive fraud alerts and checks

Discover our solutions

Orange offers comprehensive packages built around these standardized APIs to help you safeguard your users from SIM Swap and related threats:

• Number status and registration verification
• Suspicious SIM activity detection
• Device presence monitoring in specific areas
• Real-time data analysis for fraud detection

And many more tailored solutions to meet your needs.

Take action today

Protect your users from the rising tide of SIM Swap attacks. Contact us to learn how our innovative solutions can help you enhance security, reduce fraud, and build trust with your customers.

Let’s discuss your pilot project and explore how these APIs can be integrated into your platform.