SIM swapping or sometimes known as SIM swap scam is a kind of account takeover fraud that exploits a weakness of only those two-factor authentication systems which include text message (SMS) or call placed to a mobile telephone.
This fraud abuses the mobile phone service provider’s ability to assign a phone number to a device having a different SIM. This feature is commonly utilized when a client has lost their phone or is switching service to a new phone.
It all starts with the scammer gaining access to personal details about the victim via various methods that include phishing emails, socially engineering the victim, or even in some cases purchasing the details from cybercriminals.
Once those details are acquired, the scammer contacts the victim’s mobile phone service provider and convinces them to port the victim’s phone number to the fraudster’s SIM.
A recent Department of Justice (DOJ) case highlights how dangerous SIM swapping can really be. The case discloses what appears to be a plot of social media and mobile phone accounts hijack. According to the case report, the criminals plotted to take control of accounts and steal cryptocurrency using the illegal practice known as SIM swapping.
Massachusetts U.S. Attorney’s Office confirmed that they have captured one of the conspirators of this attack. Declan Harrington has already pleaded guilty to various offenses including conspiracy, wire scam, and identity theft.
Accordingly to the Department of Justice:
Harrington and co-conspirators targeted victims who they believed had large amounts of cryptocurrency and “high value” social media account names. The conspirators targeted at least 10 victims around the country and stole (or attempted to steal) more than $530,000 in cryptocurrency from these victims. One of the conspirators also took control of two of the victims’ social media accounts.
European Union Agency for Law Enforcement Cooperation or EUROPOL also commented on the recent case:
In a case earlier this year, several people were arrested in connection to attacks that stole more than $100 million, according to the Those attacks targeted thousands of victims in 2020, including internet influencers, sports stars, musicians, and their families.
The Federal Bureau of Investigation explains the last steps in a criminal SIM swap as follows:
Access accounts: Gain access to the victim’s accounts and identify digital currency keys, wallets, and accounts that may be stored in them. Defeat any SMS-based or mobile application-based two-factor authentication on any accounts with control of the victim’s phone number. Steal currency: Transfer the digital currency out of the victim’s account into accounts controlled by the attackers.
This past February, T-Mobile experienced a SIM swap attack, and in December last year, the company underwent another data breach that exposed its customers’ phone numbers and calls logs.
Cybersecurity attacks are on the rise with Mobile digital communication companies being on the top of the target list of hackers. With the growth in mobile networking technology such as 5G, our personal lives are becoming more convenient yet vulnerable too at the same time.
Without a doubt, this creates various complications as cybercriminals and scammers will always be ready to make you their next target.