Posted on March 16, 2020 at 2:33 PM
In a recent move, Europol managed to arrest as many as 26 individuals connected with the theft of over $3.9 million (€3.5 million) through SIM swapping attacks. Europol collaborated on the case with Romanian and Spanish national police, and the authorities arrested 12 people and in Spain, and another 14 in Romania during the joint operation.
How does the attack work?
SIM swapping attacks are becoming more and more of a trend among criminals in recent years, and one of the greatest threats to telecom operators and mobile users.
The hacks are highly popular, and just as damaging, and they rely on social engineering tricks that hackers use to trick phone carriers into transferring the victims’ cell services to a new SIM card that hackers themselves own and control.
After managing that, hackers can access any incoming calls or text messages that would otherwise go to their victims, and that also includes one-time verification codes that websites tend to send to users’ phone numbers as part of 2FA (Two-Factor Authentication).
Tricking telecoms’ employees into transferring the victims’ call services to a SIM swapped device is done by impersonating the true user. Hackers simply impersonate the victim and request that the service sends reset links for the account password, or authentication code.
With the SIM-swapped device in the hackers’ possession, the code would arrive to them, and reset the victim’s login credentials for their online account. After that, they can simply access it at any time with no need for further authorization.
As mentioned, such attacks are usually quite successful, even if the accounts themselves are secured by SMS-based two-factor authentication. This procedure is simple and quick, and it allows hackers to perform financial or data theft simply by stealing their victims’ OTP codes.
Details about two groups
As for the parties that were arrested in Spain, they are believed to be members of a hacking ring that has performed more than 100 attacks of this kind. In the process, they stole between $6,700 and $153,518 (€6,000 – €137,000) per attack from their victims’ bank accounts.
The hackers used malicious Trojans to steal the banking credentials from their victims, but they also used duplicate SIM cards for contacting the victims’ mobile service providers, and provide fake documents. Once they convinced mobile service providers, they would then make fraudulent transfers from the victims’ accounts by making use of the mentioned authentication codes to confirm the transfers.
As for the hackers arrested in Romania, they managed to steal over $560,285 (€500,000) by targeting unsuspecting Austrians. From what is known, this group user rather similar tactics to steal the users’ funds from cardless ATMs.
This is far from being the first time that such threats were reported and eventually tackled by the law enforcement. In November 2019, two men from Massachusetts were also arrested for similar attacks, which they used to hijack their victims’ social media accounts. They also managed to steal over half a million dollars in cryptocurrency.
How to protect yourself?
Despite the successful arrest of the criminals, it is unlikely that these attacks will cease, which is why it is important for consumers to learn how to keep themselves safe. Some of the preventive measures that can and should be taken immediately include setting up a PIN, so that they could limit who can access their SIM card.
Another thing to do is to delink their phone numbers from their online accounts. Instead of using SMS to perform 2FA, users should consider using security keys or authenticator apps.
Finally, those who suspect that they might be victims of SIM swapping should immediately contact their service provider and notify them of their doubts. Meanwhile, they should also monitor their bank accounts and keep an eye out for any suspicious transactions.
Even if there are no suspicious transactions, it is recommended to change their passwords, just to be safe.