2 min read

FBI Warns of Massive Increase in SIM Swapping Attacks

Silviu STAHIE

February 10, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
FBI Warns of Massive Increase in SIM Swapping Attacks

The Federal Bureau of Investigation has warned of a surge in Subscriber Identity Module (SIM) swapping schemes that inflicted $68 million in losses last year, a considerable increase from $12 million in 2020.

Most people are aware of the various dangers lurking in the dark corners of the online world, such as malware or phishing schemes. When criminals succeed with any of these attacks, it usually involves a victim who mistakenly clicks on a link or installs a malicious app. SIM swapping attacks, though, can take place with no input from the victim, making them all the more dangerous.

In most SIM swapping attacks, criminals manage to persuade mobile phone operators to switch a number to a new SIM card, granting them access to victims' bank accounts, virtual currency accounts, and other sensitive information by compromising the multi-factor authentication.

"Criminal actors primarily conduct SIM swap schemes using social engineering, insider threat, or phishing techniques," says the FBI. "Social engineering involves a criminal actor impersonating a victim and tricking the mobile carrier into switching the victim's mobile number to a SIM card in the criminal's possession."

When calls, texts and other types of data are redirected to the new phone, criminals can take control by sending “Forgot Password” or “Account Recovery” requests to the victims’ email or online accounts. All steps in these SIM schemes skip the victim, who often finds out when it's too late.

FIB also issued the following recommendations:

· Do not advertise information about financial assets, including ownership or investment of cryptocurrency, on social media websites and forums.
· Do not provide your mobile number account information over the phone to representatives who request your account password or PIN. Verify the call by dialing the customer service line of your mobile carrier.
· Avoid posting personal information online, such as mobile phone numbers, addresses, or other personal identifying information.
· Use a variety of unique passwords to access online accounts.
· Be aware of any changes in SMS-based connectivity.
· Use strong multi-factor authentication methods such as biometrics, physical security tokens, or standalone authentication applications to access online accounts.
· Do not store passwords, usernames, or other information for easy login on mobile device applications.

While mobile carriers have implemented many security measures that help them identify the caller as the owner of the numbers, social engineering is sometimes enough for criminals to find out what they need. The FBI also advises companies to take some preventive measures:

· Educate employees and conduct training sessions on SIM swapping.
· Carefully inspect incoming email addresses containing official correspondence for slight changes that can make fraudulent addresses appear legitimate and resemble actual clients' names.
· Set strict security protocols enabling employees to effectively verify customer credentials before changing their numbers to a new device.
· Authenticate calls from the third-party authorized retailers requesting customer information.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

2.2 Million Patients Affected by Data Breach in Pediatric Software Vendor 2.2 Million Patients Affected by Data Breach in Pediatric Software Vendor
Silviu STAHIE

December 07, 2022

1 min read
Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read