United States.- The Federal Bureau of Investigation issued this announcement to inform wireless carriers and the public about the increasing use of subscriber identity module (SIM) swapping by criminals to steal money from mobile accounts. fiduciary and virtual currency.
From January 2018 through December 2020, the FBI’s Internet Crime Complaint Center (IC3) received 320 complaints related to SIM swapping incidents with adjusted losses of approximately $12 million.
In 2021, IC3 received 1,611 SIM swap complaints with adjusted losses of more than $68 million.
Read More: Joe Biden Promotes a Cleaner Industrial Sector to Reduce Emissions and Revitalize American Manufacturing
How does it work
SIM swapping is a malicious technique where criminals target mobile carriers to gain access to victims’ bank accounts, virtual currency accounts, and other sensitive information.
Criminal actors primarily carry out SIM swapping schemes using social engineering techniques, insider threats, or phishing. Social engineering involves a criminal actor posing as a victim and tricking the mobile operator into changing the victim’s mobile phone number to a SIM card in the criminal’s possession.
Criminals using insider threats to carry out SIM swapping schemes pay an employee of a mobile operator to switch a victim’s mobile number to a SIM card in the criminal’s possession.
Criminals often use phishing techniques to trick employees into downloading malware that is used to hack the systems of mobile operators that perform SIM swaps.
Once the SIM card is swapped, the victim’s calls, text messages, and other data are diverted to the offender’s device. This access allows criminals to send ‘Forgot Password’ or ‘Account Recovery’ requests to the victim’s email and other online accounts associated with the victim’s mobile phone number.
Using SMS-based two-factor authentication, mobile app providers send a link or one-time passcode via text message to the victim’s number, now owned by the criminal, to access accounts .
The criminal uses the codes to log in and reset passwords, gaining control of online accounts associated with the victim’s phone profile.
How to protect yourself
The FBI recommends that people take the following precautions:
- Do not post information about financial assets, including cryptocurrency ownership or investment, on social media websites and forums.
- Do not provide your mobile number account information over the phone to representatives who request your account password or pin. Verify the call by dialing your mobile operator’s customer service line.
- Avoid posting personal information online, such as mobile phone number, address, or other personally identifiable information.
- Use a variation of unique passwords to access online accounts.
- Be aware of any changes in SMS-based connectivity.
- Use strong multi-factor authentication methods such as biometrics, physical security tokens, or stand-alone authenticator apps to access online accounts.
- Do not store passwords, usernames or other information to easily log in to mobile device applications.
Read more: “All problems must be solved through diplomacy”, UN talks with Russia and Ukraine
The FBI advises mobile carriers to take the following precautions:
- Educate employees and conduct training sessions on SIM swapping.
- Carefully inspect incoming email addresses containing official correspondence for minor changes that could make fraudulent addresses appear legitimate and resemble real customer names.
- Establish strict security protocols that allow employees to effectively verify customer credentials before switching their numbers to a new device.
- Authenticate calls from authorized third-party retailers requesting customer information.
Ángel del Villar reacts to the FBI search