SIM-swapping attacks, many aimed at crypto accounts, are on the rise

The Federal Bureau of Investigation received more than 1,600 SIM-swap complaints in 2021, the agency said

Cyber thieves targeting crypto and traditional bank accounts stepped up their illegal activities last year, resulting in a significant increase in the number of reported SIM-card crimes.

The Federal Bureau of Investigation received more than 1,600 SIM-swap complaints in 2021, the agency said, resulting in estimated losses of as much as $68 million. In the three years prior, the FBI received a combined 320 complaints, totaling an estimated $12 million in losses, it said.

The jump is due in part to cyber thieves finding a way around the increased security of multifactor authentication protections that rely on a text message or code sent to a customer’s phone to confirm their identity.

The criminals target people with valuable online accounts, particularly crypto, said Allison Nixon, chief research officer at Unit 221B, a boutique cyber and tech security firm based in New York City.

CRYPTOCURRENCY EXPERT SAYS US SHOULD WATCH WHAT CANADIAN GOVERNMENT IS DOING TO PROTESTERS: 'NO ONE IS SAFE'

Attackers also go after social-media accounts with large followings that could be held ransom for their return, as well as any kind of sensitive personal information, Ms. Nixon said.

Uber has launched Uber Rent with Valet in Washington, D.C. The service allows users to rent a car and have it delivered to their front door.  (iStock / iStock)

The FBI’s warning to small investors comes as federal law-enforcement officials beef up their efforts to track digital currencies that fund many criminal networks. On Thursday, the Justice Department launched a unit dedicated to tracing and potentially seizing illicit crypto as part of a broader push to disrupt cybercriminals.

Cyber thieves use a variety of tactics to trick mobile carriers into moving a customer’s SIM card to a new phone that they control. Once the SIM is swapped, the victim’s calls, texts and other data go to the criminal’s device, allowing them to reset passwords and respond to login verifications, the FBI said.

AS RUSSIAN CYBERATTACK LOOMS, CYBERSPACE IS ‘21ST CENTURY BATTLEGROUND’: EXPERTS

Cyber thieves can be in and out before the victim knows what’s happening, said Ms. Nixon.

"They always move faster than the victim," she said.

The cryptocurrency arm of Jump Trading said on Thursday it had restored more than $320 million to crypto platform Wormhole after the decentralized finance site was hit with one of the largest crypto heists on record. REUTERS/Dado Ruvic/Illustration (REUTERS/Dado Ruvic/Illustration / Reuters)

Mobile carriers are trying to find ways to fight the fraud, according to the Cellular Telecommunications and Internet Association, a trade group that represents the wireless industry.

"While each provider’s tools and practices are different, the industry employs a variety of tactics to stop SIM swap fraud," CTIA says on its website, which dedicates a section to prevention tips.

FBI FORMING CRYPTO ENFORCEMENT TEAM

Some of the best practices include setting up hard-to-guess pin codes and adding additional protections such as email approval or verbal approval as well as text authentication before a cell number is ported to a new phone.

Eric Cole, founder and chief executive of Secure Anchor Consulting, a cybersecurity firm, said the surge in reported crimes is linked in part to the 2021 cryptocurrency boom.

Once a thief gets control of a victim’s phone, they can empty an account in 90 seconds and the victim likely won’t even realize it has happened, he said.

"I’ve seen $15 million to $20 million stolen in a single SIM swap, because the sole source of protection was multifactor authentication," Mr. Cole said.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

He knows of at least 30 such crimes that have occurred in the past six months, he said. Together, the victims lost about $320 million, according to Mr. Cole. He knows of one victim who lost $43 million from a crypto account.

"And that’s probably just a small piece of a much larger pie," he said of the thefts.