In March 2020, Europol announced that it had arrested more than two dozen people suspected of draining bank accounts by hijacking victims’ phone numbers via SIM-swap fraud. The cross-border investigation lasted eight months with a collaboration between the Romanian National Police (Poliția Română) and the Austrian Criminal Intelligence Service (Bundeskriminalamt), with the support of Europol, leading to the arrest of 14 members of a crime gang who emptied bank accounts in Austria by gaining control over their victims’ phone numbers.
The modus operandi was simple. Once having gained control over a victim’s phone number, the criminals would then use stolen banking credentials to log onto a mobile banking application to generate a withdrawal transaction, which they then validated with a one-time password sent by the bank via SMS, allowing them to withdraw money at cardless ATMs. It is estimated that this gang managed to steal over half a million pounds from unsuspecting bank account owners.
This case, alongside another Europol investigation in January 2020 where suspects across Spain believed to be part of a hacking ring that stole over £3 million in a series of SIM-swapping attacks, has highlighted the growing frequency of this latest attack vector.
As SIM swapping requires substantial effort and costs from attackers, we are seeing high net worth individuals and people in positions of corporate, government, or social influence increasingly being targeted.
Understanding the cyber-criminals’ attack method
So, what is the likely attack formula and how do you know if you have been attacked? Attacks normally utilize blackmailing, bribing, or socially engineering a cell phone service provider employee to leverage their access to customer inf ..
Support the originator by clicking the read the rest link below.
