It appears that at least the United States has started taking the threat of Sim Swapping attacks very seriously.
Starting with the country's first-ever conviction for 'SIM Swapping' this February, U.S. Department of Justice has since then announced charges against several individuals for involving in the scheme to siphon millions of dollars in cryptocurrency from victims.
In the latest incident, the U.S. authorities on Thursday arrested two more alleged cybercriminals from Massachusetts, charging them with stealing $550,000 in cryptocurrency from at least 10 victims using SIM swapping between November 2015 and May 2018.
SIM Swapping, or SIM hijacking, is a technique that typically involves the social engineering of a target's mobile phone provider.
An attacker makes a phony call posing as their targets and convinces the mobile phone provider to port the target's phone number to a SIM card belonging to the attacker.
Once successful, the attacker can then obtain one-time passwords, verification codes, and two-factor authentication received on the target's phone in order to reset passwords for and gain access to target's social media, email, bank, and cryptocurrency accounts.
Hackers Also Targeted Executives of Cryptocurrency Companies
According to the indictment, the two defendants — Eric Meiggs (20) and Declan Harrington (21) — not just only targeted users with high-value cryptocurrency accounts, but also targeted executives of cryptocurrency companies in an attempt to make a significant profit.
Besides this, the two defendants have also been charged for taking over social media accounts of their victims, including two who "had high value or 'O.G.' (slang for 'Original Gangster') social media account names."
The duo has been charged in an 11-count indictment, with:
- one count of conspiracy to commit wire fraud,
- eight counts of wire fraud,
- one count of computer fraud and abuse, and
- one count of aggravated identity theft.
If convicted on the charge of conspiracy to commit wire fraud, each defendant faces a maximum penalty of 20 years in prison. Meanwhile, the aggravated identity theft charge carries a maximum sentence of 2 years in prison.
How to Protect Yourself from Sim Swapping
In the wake of several Sim Swapping incidents, the U.S. Federal Trade Commission (FTC) in October issued a proper list of guidelines that users can follow to protect themselves against SIM swapping attacks:
- Don't reply to calls, emails, or text messages that request personal information.
- Limit the personal information you share online.
- Set up a PIN or password on your cellular account.
- Consider using stronger authentication on accounts with sensitive personal or financial information.
And in case you become a target of a SIM swap scam, you can take some effective measures like:
- Contact your cellular service provider immediately to report fraud and take control of your phone number back and immediately change your account passwords.
- Check your credit card, bank, and other financial accounts for any unauthorized charges and report to the respective company if you find any.