A Fictitious Tale of How Vonage SIM Swap API Saved a Wedding
最后更新 September 10, 2024

This blog is inspired by the Netflix TV show Bridgerton, bringing a modern twist to a grand wedding in Barcelona, Spain, where Vonage’s SIM Swap API is currently available. Amidst the celebration, a digital threat emerged, and the story unfolds with Vonage's SIM Swap API playing a crucial role in preventing disaster.

The Story

Dearest gentle readers,

There is nothing quite like a wedding in Barcelona, Spain, with a flawless ceremony, exquisite floral arrangements, and a joyous celebration. But beneath the surface, a silent skirmish unfolded, a battle fought not with swords and barbs but with Vonage’s Network APIs: SIM Swap API.

We turn our discerning eye towards the nuptials of Miss Penny Wetherington the daughter of the esteemed telecommunication APIs provider, Vonage, and Lord Corbin Bridgemont, the talented son of the very technology that connects the world - 5G networks, Ericsson. Little did anyone suspect the digital threat that nearly derailed this grand affair.

Our heroine in this narrative is not the blushing bride but the ever-resourceful Miss Kathryn Baker, the cake shop owner of Petals and Pastries, whose meticulous attention to detail is as legendary as her composure.

As one crucial task remained for this talented baker, she waited for an update from the most well-known wedding planner amongst the people of the ton, known for her flawless execution of dream weddings: Miss Violet Planner. Miss Planner was an esteemed customer for several years and had created a profile on the Petals and Pastries website to communicate her orders for countless happy couples in the past. Without fail, Miss Planner always reached out with a confirmation and sent the final payment exactly one week before the wedding. However, one week before the wedding came, and no payment was received.

She saw that a verification code had been requested to be sent to Miss Planner’s phone number. This seemed like odd behavior from this story’s planner, so she called her.

Imagine the disarray, dear readers, when Miss Baker dialed her trusted planner, and an unfamiliar voice answered. She noted a slight dissonance as this was not the warm, friendly voice of Miss Planner. However, the quick-witted professional, Miss Baker, launched into asking the stranger for the specifics of the couple’s dream cake. The stranger replied, giving details that were a far cry from the cake envisioned. The stranger then asked for the verification code to be sent to their phone number and for Miss Baker to read off the credit card number they used for the deposit to “make sure” they had used the correct one. This behavior was an even further cry from Miss Planner’s thoroughness than the cake they described.

Has Miss Planner fallen victim to a SIM Swap attack? In other words, has someone tricked her phone provider into moving her phone number into their SIM card?

An infographic illustrating the steps of a successful SIM Swap scam. First, the scammer obtains personal information about the victim through phishing or the dark web. Next, the scammer contacts the telecom provider and requests a number transfer. The telecom provider then transfers the number to the scammer's SIM card. As a result, the scammer starts receiving the victim's SMS and phone calls, enabling them to easily bypass two-factor authentication (2FA). Finally, the scammer steals money from the victim, culminating in a scene of chaos symbolized by flames.Example of a SIM Swap ProcessMiss Baker’s website was built using Vonage’s SIM Swap API (a form of Network API Authentication), so she opened the website application from her end and looked up Miss Planner’s phone number in the SIM Swap checker. This allowed her to answer two questions:

  1. Has a SIM Swap occurred in the last n hours? (check)

  2. When did the last SIM Swap occur? (retrieve-date)

The SIM Swap API doesn’t care what device the SIM Card is in. Its role is to detect if the phone number or International Mobile Subscriber Identity (IMSI) has had a recent SIM pairing change. This authentication process for SIM Swap is referred to as Backend Authentication which involves two POST requests.

Aside from this questionable phone call, her website revealed a disturbing truth: a recent nefarious attempt had been made on Miss Planner's phone number, signifying a SIM Swap!

Screenshot of lookup results with “Lookup Successful” in a large green text box, Phone number with phone number text blocked out for privacy, Period “Last 10 days,” /check “Swapped” and “/retrieve-date 18.07.2024.”Successful SIM Swap LookupThe hijacker had gained unauthorized access to her phone number, luring unsuspecting clients and collecting their personal information!

Fueled by righteous fury, Miss Baker refused to send the verification code and hung up on the hijacker. She couldn’t call or text Miss Planner because the call and text would go to the hijacker’s phone. She also couldn’t email her because the hijacker had likely taken over that account, too. She then decided to reach out to Miss Planner’s husband to inform him of the fraudulent incident, urging him to let her know about the successful SIM Swap, so she can report the scam to her phone provider.

Once they took care of that, all was well; the order was confirmed, and the cake was paid for.

The wedding day, thankfully, arrived bathed in sunshine and devoid of any cyber disruptions, a fitting culmination of Miss Baker’s tireless efforts. Aside from contributing to the seamless execution of yet another dream wedding, Miss Baker basked in a different kind of satisfaction – the quiet victory of having thwarted a cyber villain.

If you would like to try out this feature that saved this glorious wedding day, Vonage has a Network API Sandbox you can use after you’ve created a Vonage developer account.

And as for Lady Whisperloud, well, she remains ever watchful of sugary scams and security swindlers.

Yours truly,

Lady Whisperloud

Join the Ton

If you enjoyed this article and would like to become a member of the ton, you can join our developer community on Slack and follow us on X, formerly known as Twitter. Have you any comments, both fair and poor, on this article, feel free to share them and tag me. It would be my pleasure hearing from you.

Additional Resources

Diana PhamDeveloper Advocate

Diana is a developer advocate at Vonage. She likes eating fresh oysters.

Ready to start building?

Experience seamless connectivity, real-time messaging, and crystal-clear voice and video calls-all at your fingertips.

Subscribe to Our Developer Newsletter

Subscribe to our monthly newsletter to receive our latest updates on tutorials, releases, and events. No spam.