The SIM-Swapping gang worked together and stole over USD 100 million in cryptocurrencies from thousands of victims.
Europol has announced arresting 10 hackers involved in large scale SIM-swapping attacks targeting high-profile celebrities in the United States – Two hackers among ten were arrested earlier from Belgium and Malta.
Their targets included top social media personalities/influencers, musicians, and sports stars. The attack also targeted the friends and families of these celebrities.
What is a SIM-Swapping attack?
SIM-swapping is also known as SIM Hijacking. It is a kind of identity theft in which an attacker manages to create a new SIM card of any number fraudulently and use it for personal gains, without the knowledge or consent of the original user of the phone number.
To get the duplicate SIM card, the attacker usually calls the telecom firm and convinces their customer support service (or use insider contact as happened in 2019) for being the actual owner of the phone number by providing the target’s personal information. Thus, the telecom firm ports the phone number to a new SIM card that is received by the attacker.
What was accessed and stolen
The hackers used SIM-swapping attacks against their victims and gained illegal access to targeted phones. This allowed the culprits to steal over USD 100 million in cryptocurrencies from thousands of victims.
Additionally, the hackers worked together by taking control of apps installed on victims’ smartphones, accessing synced accounts, change passwords, and post malicious content on their social media accounts.
This international sweep follows a year-long investigation jointly conducted by law enforcement authorities from the United Kingdom, United States, Belgium, Malta, and Canada, with international activity coordinated by Europol, the agency said in a press release.
Protection against SIM-Swapping attacks
Remember, SIM-Swapping can be prevented if you add a PIN code to your smartphone account. But, the process of doing so is different for every carrier, so you need to contact the related carrier in order to do it. You may also set up a verbal password to further complicate the verification process.