SIM Hijackers Arrested After Stealing Millions From US Celebrities

Ten men part of a criminal gang involved in series of SIM swapping attacks targeting high-profile victims in the United States were arrested in the UK, Malta, and Belgium.

SIM swap fraud (also known as SIM hijacking) allows scammers to take control of a target’s phone number either via social engineering or by bribing mobile operator employees to port it to a SIM controlled by the fraudster.

Subsequently, the attacker will be the one receiving all messages and calls delivered to the victim, which allows for easily bypassing SMS-based multi-factor authentication (MFA), stealing user credentials, and taking control of the victims’ online service accounts.

Afterward, criminals can log into their victims’ bank accounts to steal money and even change account passwords and locking the victims out of their own accounts.

Last year, Europol arrested suspects part of two other SIM swapping criminal gangs who stole millions from their victims, in collaboration with local law enforcement agencies from Spain, Austria, and Romania.

Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service

Network of SIM hijackers dismantled

Following successful SIM hijacking attacks, the eight men arrested in England and Scotland accessed the victims’ phone numbers and take control of their apps or accounts by changing the passwords. 

“This enabled them to steal money, cryptocurrencies and personal information, including contacts synced with online accounts,” Europol said.

“They also hijacked social media accounts to post content and send messages masquerading as the victim.”

They have been targeting “numerous victims throughout 2020, including well-known influencers, sports stars, musicians, and their families,” the UK National Crime Agency (NCA) added.

The SIM hijackers are believed to have stolen more than $100 million in cryptocurrency during 2020, from thousands of victims including sports stars, Internet influencers, musicians, and their families.

The criminal network uncovered after a year-long joint operation with agents from the UK NCA, the US Secret Service, Homeland Security Investigations, the FBI, and the Santa Clara California District Attorney’s Office.

Defending against SIM swapping attacks

Europol has also shared measures you can take to block SIM hijackers from stealing your credentials and locking you out of your accounts.

To stay ahead of any SIM swapping attempts, Europol recommends that you:

• Keep your devices’ software up to date
• Do not click on links or download attachments that come with unexpected emails
• Do not reply to suspicious emails or engage over the phone with callers that request your personal information 
• Limit the amount of personal data you share online 
• Try to use two-factor authentication for your online services, rather than having an authentication code sent over SMS
• When possible, do not associate your phone number with sensitive online accounts
• Set up your own PIN to restrict access to the SIM card. Do not share this PIN with anyone. 

You should also immediately contact your provider and the bank if you spot any suspicious activity on your bank account whenever you lose mobile connectivity where you normally have no issues.

Also Read: How To Prevent WhatsApp Hack: 7 Best Practices

Depending on what your provider and bank say, you might have to quickly change your online account passwords to avoid further compromise if scammers ported your number to an attacker-controlled device.

The FBI issued a SIM swapping alert with guidance on defending against such attacks following an increase in the number of SIM jacking attacks.

The FTC also provides info on how to keep personal information secure online and on how to secure personal information on your phone.