It appears that at least the United States has started taking the threat of Sim Swapping attacks very seriously.
Starting with the country’s first-ever conviction for ‘SIM Swapping’ this February, U.S. Department of Justice has since then announced charges against several individuals for involving in the scheme to siphon millions of dollars in cryptocurrency from victims.
In the latest incident, the U.S. authorities on Thursday arrested two more alleged cybercriminals from Massachusetts, charging them with stealing $550,000 in cryptocurrency from at least 10 victims using SIM swapping between November 2015 and May 2018.
SIM Swapping, or SIM hijacking, is a technique that typically involves the social engineering of a target’s mobile phone provider.
An attacker makes a phony call posing as their targets and convinces the mobile phone provider to port the target’s phone number to a SIM card belonging to the attacker.
Once successful, the attacker can then obtain one-time passwords, verification codes, and two-factor authentication received on the target’s phone in order to reset passwords for and gain access to target’s social media, email, bank, and cryptocurrency accounts.