The Federal Bureau of Investigation (FBI) has issued a cybersecurity alert for Subscriber Identity Module (SIM) swap schemes used by cybercriminals to steal millions from US victims.
According to the report, the FBI Internet Crime Complaint Center (IC3) received 320 complaints regarding SIM swapping incidents that resulted in losses of nearly $12 million from early 2018 to late 2020.
Moreover, SIM-swapping incidents as tracked by IC3 ballooned to 1,611 and more than $68 million in losses.
SIM swapping often involves bad actors using social engineering methods to impersonate a victim and then tricking a mobile carrier into switching the victim’s mobile phone number to the criminal’s own SIM card.
“Once the SIM is swapped, the victim’s calls, texts, and other data are diverted to the criminal’s device. This access allows criminals to send ‘Forgot Password’ or ‘Account Recovery’ requests to the victim’s email and other online accounts associated with the victim’s mobile telephone number,” the FBI wrote in the public service announcement.
“Using SMS-based two-factor authentication, mobile application providers send a link or one-time passcode via text to the victim’s number, now owned by the criminal, to access accounts. The criminal uses the codes to login and reset passwords, gaining control of online accounts associated with the victim’s phone profile.”
The FBI also provided some good safeguards to protect yourself from SIM swap attacks as well as recommendations for mobile carriers.