A total of 8 criminals have been arrested on 9 February as a result of an international investigation into a series of SIM-swapping attacks targeting high-profile victims in the United States. These arrests follow earlier ones in Malta (1) and Belgium (1) of other members belonging to the same criminal network.
The attacks orchestrated by this criminal gang targeted thousands of victims throughout 2020, including famous internet influencers, sport stars, musicians and their families. The criminals are believed to have stolen from them over USD 100 million in cryptocurrencies after illegally gaining access to their phones.
This international sweep follows a year-long investigation jointly conducted by law enforcement authorities from the United Kingdom, United States, Belgium, Malta and Canada, with international activity coordinated by Europol.
A NETWORK OF SIM HIJACKERS
Initiated in the spring of 2020, the investigation uncovered how a network composed of a dozen criminals worked together to access the victims’ phone numbers and take control of their apps or accounts by changing the passwords.
This enabled them to steal money, cryptocurrencies and personal information, including contacts synced with online accounts. They also hijacked social media accounts to post content and send messages masquerading as the victim.
This type of fraud is known as ‘SIM-swapping’ and it was identified as a key trend on the rise in the latest Europol Internet Organised Crime Threat Assessment. It involves cybercriminals taking over the use of a victim’s phone number by essentially deactivating their SIM and porting the allocated number over to a SIM belonging to a member of the criminal network.
This is typically achieved by the criminals exploiting phone service providers to do the swap on their behalf, either via a corrupt insider or using social engineering techniques.
Europol’s European Cybercrime Centre (EC3) supported the case from the onset by providing the following:
- Organised operational meetings to coordinate the international activity;
- Facilitated the information exchange between all partners and cross-checked data sent in by the partners against Europol’s databases;
- Supporting the action day by setting up a Virtual Command Post to provide to the investigators in the field real time and secure exchange of information and analytical support.
DON’T BE THE NEXT VICTIM
It’s not just celebrities who are under attack. Anyone and everyone with a mobile phone can fall victim to SIM-swapping. Here are a few tips to help you stay one step ahead from the criminals after your personal information:
- Keep your devices’ software up to date
- Do not reply to suspicious emails or engage over the phone with callers that request your personal information
- Limit the amount of personal data you share online
- Try to use two-factor authentication for your online services, rather than having an authentication code sent over SMS
- When possible, do not associate your phone number with sensitive online accounts
Related article: AT&T sued after mobile ID theft leads to stolen cryptocurrency