Sophisticated scams that hijack your mobile phone and gain access to money accounts are surging, the FBI said in an alert.
The number of "SIM swapping" complaints jumped to a whopping 1,611 in 2021 alone compared to 320 during the entire three-year period from January 2018-December 2020, the FBI said in a PSA. The losses skyrocketed to $68 million in 2021 compared to $12 million over the same three-year period.
A SIM swap is not your average cyber scam but is a sophisticated, multi-stage heist. When a swap occurs, criminals trick the wireless carrier into switching the SIM – a computer chip inside a mobile phone that contains an ID number unique to the phone's subscriber – to the criminal’s SIM.
AT&T TO END 3G SERVICE: WHAT YOU NEED TO KNOW
Attackers then perform password resets for the user’s mobile phone account, allowing them to reset the victim’s account log-in credentials and use those credentials to access the victim’s account without authorization.
Here’s how the FBI describes it:
"Once the SIM is swapped, the victim's calls, texts, and other data are diverted to the criminal's device. This access allows criminals to send 'Forgot Password' or 'Account Recovery' requests to the victim's email and other online accounts associated with the victim's mobile telephone number. Using SMS-based two-factor authentication, mobile application providers send a link or one-time passcode via text to the victim's number, now owned by the criminal, to access accounts. The criminal uses the codes to login and reset passwords, gaining control of online accounts associated with the victim's phone profile."
Criminals pull off SIM swap schemes using social engineering, phishing, or insider threat, the FBI said. While social engineering and phishing are well-established techniques that attempt to fool the victim, the insider threat is less known and involves a mobile carrier employee switching a mobile number to a criminal’s SIM card.
In October 2021, the Department of Justice sentenced a phone company sales representative for perpetrating an insider threat SIM swap. In that case, the sales representative had access to the accounts of the phone company’s customers, then switched the SIM card linked to a customer’s phone number to a different phone number.
BACK IN THE OFFICE? 5 WAYS TO USE YOUR WEBCAM OTHER THAN ZOOM MEETINGS
High-profile SIM swap cases
Last year, the Department of Justice announced a case where criminals stole, or attempted to steal, more than $530,000 in cryptocurrency, using a SIM swap.
One of the most notorious cases of SIM swapping was the arrest last year of several people connected with attacks involving theft of more than $100 million, according to the European Union Agency for Law Enforcement Cooperation or EUROPOL.
And there have been other high-profile cases over the last several years of criminals netting multiple millions of dollars.
Protect Yourself
Some tips the FBI suggests are:
CLICK HERE TO GET THE FOX NEWS APP
--Do not advertise information about financial assets, including ownership or investment of cryptocurrency, on social media websites and forums.
--Do not provide your mobile number account information over the phone to representatives that request your account password or pin. Verify the call by dialing the customer service line of your mobile carrier.
--Use a variation of unique passwords to access online accounts. Do not reuse passwords.
--Use strong multi-factor authentication methods such as biometrics, physical security tokens, or standalone authentication applications to access online accounts.