“While [ SIM swaps are] a widely recognized security risk in America and philippines whatsapp number Europe, [they pose] a much more muted threat in African nations.” A bank in Mozambique can verify recent SIM swap activity with a cellular operator, a strategy that has “reduced SIM swap-based banking fraud to nearly 0 overnight.” That’s why Twilio is investing in solutions to help businesses defend against SIM swapping and account takeovers. The same research showed that while an SS7 attack is fast, it is costly and requires specific knowledge of SS7 protocols and access to an SS7 network. Recent reports of message forwarding services being abused to redirect messages to an attacker are concerning, but security researchers are actively exposing this abuse and have built tools to help detect this type of attack.
Most of these weaknesses could be exploited with targeted attacks, those where you have a specific victim in mind. “If your threat model is such that you are in the public eye (journalist, activist, etc.), then this is even more important for you - people in the public eye are more likely to be targeted by criminals,” tweeted expert Rachel Tobac . One important mitigation that businesses can – and should – offer their customers is the option to enable stronger authentication methods, especially for people who might be targets. Depending on the service, additional protections could be required, based on an account value threshold, such as financial balance or number of social media followers.