Pierluigi Paganini February 11, 2021

A total of eight criminals have been arrested on 9 February as a result of an international police operation into a series of SIM swapping attacks. 

Eight men were arrested in England and Scotland as part of a year-long international investigation into a series of SIM swapping attacks targeting high-profile victims in the United States.

The investigation, coordinated by Europol, involved law enforcement authorities from the United Kingdom, United States, Belgium, Malta and Canada.

Europol investigators revealed that the cybercrime organization stole more than $100 million worth of cryptocurrency using SIM Swapping attacks.

The National Crime Agency revealed that the SIM swapping attacks targeted numerous victims throughout 2020, including well-known influencers, sports stars, musicians, and their families.

“NCA Cyber Crime officers, working with agents from the US Secret Service, Homeland Security Investigations, the FBI and the Santa Clara California District Attorney’s Office, uncovered a network of criminals in the UK working together to access victims’ phone numbers and take control of their apps or accounts by changing the passwords.” reads the announcement published by the NCA.

“This enabled them to steal money, bitcoin and personal information, including contacts synced with online accounts. They also hijacked social media accounts to post content and send messages masquerading as the victim.”

Crooks conducted SIM swapping attacks to steal money, cryptocurrencies and personal information, including contacts synced with online accounts. The criminals also hijacked social media accounts to post content and send messages posing as the victim.  

“These arrests follow earlier ones in Malta (1) and Belgium (1) of other members belonging to the same criminal network,” reads the press release published by Europol. “This type of fraud is known as ‘sim swapping’ and it was identified as a key trend on the rise in the latest Europol Internet Organised Crime Threat Assessment. It involves cybercriminals taking over use of a victim’s phone number by essentially deactivating their SIM and porting the allocated number over to a SIM belonging to a member of the criminal network.”

Once crooks obtained access to the victim’s phone number, they would reset passwords and bypass two-factor authentication on the victim’s accounts.

Europol experts warn that every mobile user can potentially fall victim to SIM swapping attacks, below a list of recommendations to help them avoid these attacks:  

• Keep your devices’ software up to date
• Do not reply to suspicious emails or engage over the phone with callers that request your personal information 
• Limit the amount of personal data you share online 
• Try to use two-factor authentication for your online services, rather than having an authentication code sent over SMS
• When possible, do not associate your phone number with sensitive online accounts

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Pierluigi Paganini

(SecurityAffairs – hacking, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]