Criminal gang involved in a series of SIM swapping attacks targeting high-profile victims in the United States were arrested in England and Scotland.
The investigation was conducted by Europol in cooperation with the law enforcement authorities from the United Kingdom, United States, Belgium, Malta and Canada.
Europol investigators disclosed that the cybercrime organization stole over $100 million worth of cryptocurrency using SIM Swapping attacks.
The National Crime Agency (NCA) said that the SIM swapping attacks targeted several victims throughout last year which includes popular influencers, sports stars, musicians, and their families.
The report published by NCA states that NCA Cyber Crime officers working with officials from the US Secret Service, Homeland Security Investigations, the FBI and the Santa Clara California District Attorney’s Office, uncovered a network of criminals in the UK working together to access victims’ phone numbers and take control of their apps or accounts by changing the passwords.
The cyber crime gang managed to steal money, bitcoin and personal information, including contacts synced with online accounts. They also hijacked social media accounts to post content and send messages posing as the victim.
Eight men were arrested in England and Scotland followed by two more arrests in Malta and Belgium belonging to the same criminal network.
The sim swapping fraud has seen a rise in the latest Europol Internet Organised Crime Threat Assessment. This technique involves threat actors taking control of a victim’s phone number by deactivating their SIM and porting the allocated number over to a SIM belonging to the criminal.
After getting access to the victim’s phone number, the criminals would reset passwords and bypass two-factor authentication on the victim’s accounts.
Ever mobile user can become a victim to SIM swapping attacks at any time and Europol suggests some methods to avoid these attacks:
- Keep the device’s software up to date
- Do not reply to suspicious emails or engage over the phone with callers that request your personal information
- Limit the amount of personal data you share online
- Make use of two-factor authentication for your online services, rather than having an authentication code sent over SMS
- When possible, do not associate your phone number with sensitive online accounts.
Image Credits : Business Track