SIM-swapping attacks, many aimed at crypto accounts, are on the rise
The Federal Bureau of Investigation received more than 1,600 SIM-swap complaints in 2021, the agency said
Cyber thieves targeting crypto and traditional bank accounts stepped up their illegal activities last year, resulting in a significant increase in the number of reported SIM-card crimes.
The Federal Bureau of Investigation received more than 1,600 SIM-swap complaints in 2021, the agency said, resulting in estimated losses of as much as $68 million. In the three years prior, the FBI received a combined 320 complaints, totaling an estimated $12 million in losses, it said.
The jump is due in part to cyber thieves finding a way around the increased security of multifactor authentication protections that rely on a text message or code sent to a customer’s phone to confirm their identity.
The criminals target people with valuable online accounts, particularly crypto, said Allison Nixon, chief research officer at Unit 221B, a boutique cyber and tech security firm based in New York City.
Attackers also go after social-media accounts with large followings that could be held ransom for their return, as well as any kind of sensitive personal information, Ms. Nixon said.
The FBI’s warning to small investors comes as federal law-enforcement officials beef up their efforts to track digital currencies that fund many criminal networks. On Thursday, the Justice Department launched a unit dedicated to tracing and potentially seizing illicit crypto as part of a broader push to disrupt cybercriminals.
Cyber thieves use a variety of tactics to trick mobile carriers into moving a customer’s SIM card to a new phone that they control. Once the SIM is swapped, the victim’s calls, texts and other data go to the criminal’s device, allowing them to reset passwords and respond to login verifications, the FBI said.
AS RUSSIAN CYBERATTACK LOOMS, CYBERSPACE IS ‘21ST CENTURY BATTLEGROUND’: EXPERTS
Cyber thieves can be in and out before the victim knows what’s happening, said Ms. Nixon.
"They always move faster than the victim," she said.
Mobile carriers are trying to find ways to fight the fraud, according to the Cellular Telecommunications and Internet Association, a trade group that represents the wireless industry.
"While each provider’s tools and practices are different, the industry employs a variety of tactics to stop SIM swap fraud," CTIA says on its website, which dedicates a section to prevention tips.
FBI FORMING CRYPTO ENFORCEMENT TEAM
Some of the best practices include setting up hard-to-guess pin codes and adding additional protections such as email approval or verbal approval as well as text authentication before a cell number is ported to a new phone.
Eric Cole, founder and chief executive of Secure Anchor Consulting, a cybersecurity firm, said the surge in reported crimes is linked in part to the 2021 cryptocurrency boom.
Once a thief gets control of a victim’s phone, they can empty an account in 90 seconds and the victim likely won’t even realize it has happened, he said.
"I’ve seen $15 million to $20 million stolen in a single SIM swap, because the sole source of protection was multifactor authentication," Mr. Cole said.
GET FOX BUSINESS ON THE GO BY CLICKING HERE
He knows of at least 30 such crimes that have occurred in the past six months, he said. Together, the victims lost about $320 million, according to Mr. Cole. He knows of one victim who lost $43 million from a crypto account.
"And that’s probably just a small piece of a much larger pie," he said of the thefts.