The Hacker News reported last week that celebrities had lost millions in a SIM swapping heist. U.S. authorities have arrested ten individuals accused of hijacking cell phones for high-profile Americans.
The bust was the culmination of a year-long investigation that included the U.S., the U.K., Belgium, Malta, and Canada.
The Hacker News said that, “The attacks orchestrated by this criminal gang targeted thousands of victims throughout 2020, including famous internet influencers, sports stars, musicians and their families,” Europol said in a statement. “The criminals are believed to have stolen from them over $100 million in cryptocurrencies after illegally gaining access to their phones.”
Eight of the suspects are between the ages of 18-26. Two of them were arrested in Malta and Belgium, and the rest were arrested in England and Scotland. Along with the arrests, Europol dismantled two SIM swapping operations that stole more than $3.9 million in 100 attacks covering the U.S. and Austria.
How it is Done
The way this works is that typically criminals coerce a cell phone carrier to swap out SIM cards with ones that are infected with malware and controllable by hackers. Using the new, infected SIM card, the hackers are able to listen in on calls, steal text messages, verification codes (with two-factor authentication), and websites for logins all over the web.
The criminals used this personal information to steal roughly $100 million in 2020. Along with the victims’ information, hackers were able to steal information about each victim’s contacts as well.
The Hacker News said,
“‘They also hijacked social media accounts to post content and send messages masquerading as the victim,’ the U.S. Secret Service said.”
The suspects will face Computer and Misuse Act charges and be prosecuted for fraud and money laundering. Officials expect these criminals to be extradited to the U.S.
What is SIM Swapping?
SIM swapping may be performed by physically replacing the SIM card in your phone or providing certain information to the phone carrier, which then loads it into the system.
In many cases, fraudsters perform SIM swapping to take over your phone number. They may call the carrier, use the information found online about you to trick them into believing it is you, and then transfer the service of your phone number to their phone.
With access to your phone number in hand, they can hack into all your accounts associated with your phone number. They can access your email, receive 2FA text messages and even gain access to your financial accounts to drain those as well. The most terrifying is if they get into these accounts, they could change the password locking you out. SIM swapping is a serious crime, and you should do all you can to avoid it at all costs.
How to Avoid SIM Swapping
Most phone carriers have built-in protections against this type of scam. Log onto your carrier and turn on any extra authentication such as 2FA or asking for the credit card on file to verify that it is you.
- Keep your device updated with the latest security patches and OS.
- Try not to associate your online accounts with your phone.
- Never share your information online.
- Set up 2FA through apps rather than SMS.
- Use super strong passcodes on all accounts.
- Never use personal information in passwords (since hackers already have a lot of that found online).
- Keep track of your cell phone at all times. It takes only seconds to replace a SIM card.
- Never use public Wi-Fi to access personal or sensitive financial accounts.