Cyber Crime

US citizens lost more than $68M to SIM swap attacks in 2021, FBI warns

The Federal Bureau of Investigation (FBI) warns of an escalation in SIM swap attacks that caused millions of losses.

The Federal Bureau of Investigation (FBI) observed an escalation in SIM swap attacks aimed at stealing millions from the victims by hijacking their mobile phone numbers.

The FBI reported that US citizens have lost more than $68 million to SIM swapping attacks in 2021, the number of complaints since 2018 and associated losses have increased almost fivefold.

In 2018, the FBI Internet Crime Complaint Center (IC3) received complaints for 1,611 SIM swapping attacks, while the number of complaints in the period between 2018 e 2002 was 320 causing a total of losses of $12 million.

“The Federal Bureau of Investigation is issuing this announcement to inform mobile carriers and the public of the increasing use of Subscriber Identity Module (SIM) swapping by criminals to steal money from fiat and virtual currency accounts.” reads the Publish Service Announcement published by the IC3. “From January 2018 to December 2020, the FBI Internet Crime Complaint Center (IC3) received 320 complaints related to SIM swapping incidents with adjusted losses of approximately $12 million. In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of more than $68 million.”

Crooks conduct SIM swapping attacks to take control of victims’ phone numbers tricking the mobile operator employees into porting them to SIMs under the control of the fraudsters. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. The criminals could hijack social media accounts and bypass 2FA services based on SMS used by online services, including financial ones.  

The FBI recommends individuals take the following precautions:

  • Do not advertise information about financial assets, including ownership or investment of cryptocurrency, on social media websites and forums.
  • Do not provide your mobile number account information over the phone to representatives that request your account password or pin. Verify the call by dialing the customer service line of your mobile carrier.
  • Avoid posting personal information online, such as mobile phone number, address, or other personal identifying information.
  • Use a variation of unique passwords to access online accounts.
  • Be aware of any changes in SMS-based connectivity.
  • Use strong multi-factor authentication methods such as biometrics, physical security tokens, or standalone authentication applications to access online accounts.
  • Do not store passwords, usernames, or other information for easy login on mobile device applications.

The FBI recommends mobile carriers take the following precautions:

  • Educate employees and conduct training sessions on SIM swapping.
  • Carefully inspect incoming email addresses containing official correspondence for slight changes that can make fraudulent addresses appear legitimate and resemble actual clients’ names.
  • Set strict security protocols enabling employees to effectively verify customer credentials before changing their numbers to a new device.
  • Authenticate calls from third party authorized retailers requesting

In February 2021, eight men were arrested in England and Scotland as part of a year-long international investigation into a series of SIM swapping attacks targeting high-profile victims in the United States.The investigation, coordinated by Europol, involved law enforcement authorities from the United Kingdom, United States, Belgium, Malta and Canada.

Europol investigators revealed that the cybercrime organization stole more than $100 million worth of cryptocurrency using SIM Swapping attacks.

The National Crime Agency revealed that the SIM swapping attacks targeted numerous victims throughout 2020, including well-known influencers, sports stars, musicians, and their families.

In February 2021, the telecommunications provider T-Mobile disclosed a data breach after it became aware that some of its customers were allegedly victims of SIM swap attacks. An unknown attacker gained access to customers’ account information, including personal info and personal identification numbers (PINs), T-Mobile already notified the impacted customers.

Below are the FBI’s recommendations for individuals:

  • Do not advertise information about financial assets, including ownership or investment of cryptocurrency, on social media websites and forums.
  • Do not provide your mobile number account information over the phone to representatives that request your account password or pin. Verify the call by dialing the customer service line of your mobile carrier.
  • Avoid posting personal information online, such as mobile phone number, address, or other personal identifying information.
  • Use a variation of unique passwords to access online accounts.
  • Be aware of any changes in SMS-based connectivity.
  • Use strong multi-factor authentication methods such as biometrics, physical security tokens, or standalone authentication applications to access online accounts.
  • Do not store passwords, usernames, or other information for easy login on mobile device applications.

and mobile carriers:

  • Educate employees and conduct training sessions on SIM swapping.
  • Carefully inspect incoming email addresses containing official correspondence for slight changes that can make fraudulent addresses appear legitimate and resemble actual clients’ names.
  • Set strict security protocols enabling employees to effectively verify customer credentials before changing their numbers to a new device.
  • Authenticate calls from third party authorized retailers requesting

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, SIM SWAP)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

Russia-linked Turla APT allegedly used two new backdoors, named Lunar malware and LunarMail, to target…

6 hours ago

City of Wichita disclosed a data breach after the recent ransomware attack

The City of Wichita disclosed a data breach after the ransomware attack that hit the…

15 hours ago

CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog

CISA adds two D-Link DIR-600 and DIR-605 router vulnerabilities to its Known Exploited Vulnerabilities catalog. The…

17 hours ago

CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog

CISA adds two Chrome zero-day vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity…

19 hours ago

North Korea-linked Kimsuky APT attack targets victims via Messenger

North Korea-linked Kimsuky APT group employs rogue Facebook accounts to target victims via Messenger and deliver malware.…

21 hours ago

Electronic prescription provider MediSecure impacted by a ransomware attack

Electronic prescription provider MediSecure in Australia suffered a ransomware attack likely originate from a third-party…

1 day ago

This website uses cookies.