2 min read

FBI Warns of Massive Increase in SIM Swapping Attacks

Silviu STAHIE

February 10, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
FBI Warns of Massive Increase in SIM Swapping Attacks

The Federal Bureau of Investigation has warned of a surge in Subscriber Identity Module (SIM) swapping schemes that inflicted $68 million in losses last year, a considerable increase from $12 million in 2020.

Most people are aware of the various dangers lurking in the dark corners of the online world, such as malware or phishing schemes. When criminals succeed with any of these attacks, it usually involves a victim who mistakenly clicks on a link or installs a malicious app. SIM swapping attacks, though, can take place with no input from the victim, making them all the more dangerous.

In most SIM swapping attacks, criminals manage to persuade mobile phone operators to switch a number to a new SIM card, granting them access to victims' bank accounts, virtual currency accounts, and other sensitive information by compromising the multi-factor authentication.

"Criminal actors primarily conduct SIM swap schemes using social engineering, insider threat, or phishing techniques," says the FBI. "Social engineering involves a criminal actor impersonating a victim and tricking the mobile carrier into switching the victim's mobile number to a SIM card in the criminal's possession."

When calls, texts and other types of data are redirected to the new phone, criminals can take control by sending “Forgot Password” or “Account Recovery” requests to the victims’ email or online accounts. All steps in these SIM schemes skip the victim, who often finds out when it's too late.

FIB also issued the following recommendations:

· Do not advertise information about financial assets, including ownership or investment of cryptocurrency, on social media websites and forums.
· Do not provide your mobile number account information over the phone to representatives who request your account password or PIN. Verify the call by dialing the customer service line of your mobile carrier.
· Avoid posting personal information online, such as mobile phone numbers, addresses, or other personal identifying information.
· Use a variety of unique passwords to access online accounts.
· Be aware of any changes in SMS-based connectivity.
· Use strong multi-factor authentication methods such as biometrics, physical security tokens, or standalone authentication applications to access online accounts.
· Do not store passwords, usernames, or other information for easy login on mobile device applications.

While mobile carriers have implemented many security measures that help them identify the caller as the owner of the numbers, social engineering is sometimes enough for criminals to find out what they need. The FBI also advises companies to take some preventive measures:

· Educate employees and conduct training sessions on SIM swapping.
· Carefully inspect incoming email addresses containing official correspondence for slight changes that can make fraudulent addresses appear legitimate and resemble actual clients' names.
· Set strict security protocols enabling employees to effectively verify customer credentials before changing their numbers to a new device.
· Authenticate calls from the third-party authorized retailers requesting customer information.

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

FTC warns LGBTQ+ community of extortion scams targeting them on dating apps FTC warns LGBTQ+ community of extortion scams targeting them on dating apps
Graham CLULEY

July 01, 2022

2 min read
OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you? OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you?
Radu CRAHMALIUC

June 30, 2022

3 min read
Dealing with Cyberbullying as Adults and Children through Communication - School Presentation Inside Dealing with Cyberbullying as Adults and Children through Communication - School Presentation Inside
Silviu STAHIE

June 30, 2022

2 min read