[The Epoch Times, February 18, 2022]By manipulating yourmobile phonenumber and use this to enter yourBank accountsconducttheftcases are surging.
In 2021, the FBI said in a public service announcement (PSA) that a “SIM swap attackThe number of complaints of “(SIM swapping) scams soared to 1,611. In the three-year period from January 2018 to December 2020, the number was 320.
Such cases caused $12 million in damages over the three-year period between January 2018 and December 2020. And in 2021, the damage soared to $68 million.
“SIM swap attack“Not an ordinary online scam, but a complex, multi-stage scam,theftcriminal activities.
Criminals first collect your phone number and as much personal information as possible before carrying out a “SIM swapping attack.”They could then potentially transfer yourmobile phoneThe numbers are reassigned to the SIM cards controlled by the criminals.
For example, they will call the cell phone operator on your behalf, claiming that you have lost your phone and need to transfer the original number to this new SIM. Criminals will then perform a password reset on your mobile phone account, allowing them to reset your account login credentials and use those credentials to access the victim’s account.
Here are some of the specific steps the FBI released:
“Once the SIM card is successfully exchanged, the victim’s phone calls, text messages and other data are transferred to the criminal’s mobile device. In this way, the criminal can send a ‘forgot password’ or ‘recovery account’ request to Victim’s email and other online accounts associated with the victim’s mobile phone number. Using SMS-based two-factor authentication, the mobile application provider texts a link or a one-time password to the victim’s mobile phone number. Criminals These passwords were used to log into the victim’s account and reset the password, thereby taking control of the online account associated with the victim’s mobile phone data.”
After criminals take control of your phone number and account, they can bypass SMS-based multi-factor authentication (MFA), steal user credentials, and log into the victim’sBank accountsand steal funds, or hijack their online accounts by changing passwords.
According to the FBI, criminals use social engineering, phishing or insider threats to carry out SIM-swap attacks. While social engineering and phishing are well-established techniques for defrauding victims, lesser-known is the issue of insider threats, the practice of mobile phone operators’ employees illegally switching cell phone numbers to criminals’ SIM cards.
In October 2021, the U.S. Department of Justice sentenced a phone company sales representative for SIM swapping with insider threats. In this case, the cell phone operator’s sales representative has access to the company’s customer’s account and then switches the phone number tied to the customer’s SIM card to another SIM card.
High-profile SIM swap case
In 2021, the Department of Justice announced a case. Criminals have used SIM swapping attacks to steal more than $530,000 worth of cryptocurrency.
According to the European Union Agency for Law Enforcement Cooperation, or EUROPOL, they arrested criminals last year who used “SIM swapping attacks” to steal more than $100 million.
protect yourself
Here are some tips from the FBI on how to protect yourself:
– Do not promote information about your own financial assets, including ownership or investment in cryptocurrencies, on social media sites and forums.
– Do not give any of your information over the phone to a customer representative who asks for your account information or password. Call your mobile phone operator’s customer service line to verify that they have such a request.
– Use different passwords to log in to different online accounts. Do not reuse passwords.
– Use more effective two-factor authentication methods such as biometrics, physical security tokens or separate authentication applications to access online accounts.
Responsible editor: Ye Ziwei#