The sweep comes almost a year after Europol led an operation to dismantle two SIM swap criminal groups that stole €3.5 million ($3.9 million) by orchestrating a wave of more than 100 attacks targeting victims in Austria, emptying their bank accounts through their phone numbers.
What a No-Carrier Phone Could Look Like
Typically achieved with the help of a corrupt insider or using social engineering lures, SIM swapping refers to the technique adopted by cybercriminals to persuade phone carriers into porting their victims' cell services to a SIM card under their control.
The SIM swap then grants attackers access to incoming phone calls, text messages, and one-time verification codes (or one-time passwords) that various websites send via SMS messages as part of the two-factor authentication (2FA) process.
Once in control of the target's mobile phone, the authorities noted that the criminals accessed personal information, including contacts synced with online accounts, and stole money, with cryptocurrency losses exceeding $100 million in 2020."They also hijacked social media accounts to post content and send messages masquerading as the victim," the U.S. Secret Service said. The arrested suspects face charges for offences under the Computer Misuse Act, as well as fraud and money laundering. They are also expected to be extradited to the U.S. for prosecution.
To avoid SIM swapping attacks, it's recommended that users keep their device's software up to date, limit data-sharing online, and enable 2FA via apps instead of having an authentication code sent over SMS.
"When possible, do not associate your phone number with sensitive online accounts," Europol cautioned.
Found this article interesting? Follow THN on , Twitter and LinkedIn to read more exclusive content we post.