FBI stated that cybercriminals are leveraging SIM swapping attacks to steal millions from U.S. citizens. The agency recently disclosed the increase in SIM swapping accounts to compromise victims’ virtual currency accounts and steal money. From January 2018 to December 2020, the FBI Internet Crime Complaint Center (IC3) received 320 complaints related to SIM swapping incidents with adjusted losses of approximately $12 million. In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of more than $68 million.
By Rudra Srinivas, Senior Feature Writer, CISO MAG
What’s a SIM Swapping Attack?
A SIM Swapping attack is one of the simplest ways cybercriminals bypass users’ 2FA protection. In a SIM swap attack, the attacker calls service providers and tricks them into changing a victim’s phone number to an attacker-controlled SIM card. This allows the attacker to reset passwords and access victims’ sensitive data.
How to Prevent SIM Swapping Attacks
The FBI recommended users follow certain security precautions to avoid SIM swapping threats. These include:
- Do not advertise information about financial assets, including ownership or investment of cryptocurrency, on social media websites and forums.
- Do not provide your mobile number account information over the phone to representatives who request your account password or pin. Verify the call by dialing the customer service line of your mobile carrier.
- Avoid posting personal information online, such as mobile phone numbers, addresses, or other personally-identifying information.
- Use a variety of unique passwords to access online accounts.
- Be aware of any changes in SMS-based connectivity.
- Use strong multi-factor authentication methods such as biometrics, physical security tokens, or standalone authentication applications to access online accounts.
- Do not store passwords, usernames, or other information for easy login on mobile device applications.
Precautions for Mobile Carriers
- Educate employees and conduct training sessions on SIM swapping.
- Carefully inspect incoming email addresses containing official correspondence for slight changes that make fraudulent addresses appear legitimate and resemble actual clients’ names.
- Set strict security protocols enabling employees to effectively verify customer credentials before changing their numbers to a new device.
- Authenticate calls from the third-party authorized retailers requesting customer information.
If you suspect that you are a victim of SIM swapping:
- Contact your mobile carrier immediately to regain control of your phone number.
- Access your online accounts and change your passwords.
- Contact your financial institutions to place an alert on your accounts for suspicious login attempts and/or transactions.
- Report information concerning all suspicious activity to your local law enforcement agency or your local FBI field office (contact information can be found at www.fbi.gov/contact-us/field-offices.)
- Report the activity to the FBI’s Internet Crime Complaint Center at www.ic3.gov.