SIM Swapping (SIM hijacking or SIM hacking) is rapidly becoming the biggest threat to mobile service providers and mobile users alike. Through this technique, a fraudster can obtain the original SIM card of the victim’s number by trapping the operator and perform all kinds of frauds such as performing transactions or distributing malware along with stealing sensitive private and financial data of the user.
In 2018 and 2019, there was a sudden surge in SIM swapping attacks, for instance, authorities in California arrested a man for carrying out a SIM Swapping attack and stealing millions of dollars from the victim after hacking their SIM card.
However, Europol has certainly identified the seriousness of this threat and Operation Quinientos Dusim and Operation Smart Cash are proof of this. Reportedly, law enforcement agencies across Europe, primarily from Romania, Spain, and Austria with the support of Europol have arrested a large number of SIM swappers operating in Europe.
Under Operation Quinientos Dusim, Policía Nacional (Spanish National Police), Guardia Civil (Spanish Civil Guard), and Europol’s European Cybercrime Centre investigators collectively targeted suspected SIM swappers in Spain, who were supposedly members of a large-scale hacking group.
This group had stolen more than €3 million through SIM swapping attacks. During the operation, 12 suspects were arrested from Benidorm, 1 from Valladolid, and 5 from Granada.
Under the Operation Smart Cash, law enforcement authorities in Austria and Romania arrested 14 suspected members of another gang involved in SIM swapping. The group comprises of individuals aged between 22 and 52 who hail from Romania, Italy, Colombia, and Spain. This group has so far conducted 100 attacks and stolen between €6,000 and €137,000 from different bank accounts of victims.
The SIM swappers utilized a relatively straightforward technique to fulfill their malicious tasks. They obtained the online banking credentials of their victims using hacking tools like banking Trojan. After obtaining the credentials, they contacted the victim’s mobile service provider and requested a duplicate SIM card of the same number the victim was using by providing fake documents.
This enabled them to carry out transactions since 2FA authentication requires the user to enter a security code sent to the mobile phone number, which the attacker could easily access. Attackers could transfer money from the victim’s accounts conveniently as they had the security code, and the entire process was complete within 2 hours only, which is why the victim couldn’t even detect anything.
The money was then transferred between money mule accounts. Austrian and Romanian SIM swappers employed the same technique but the used ATMs to withdraw cash using a mobile app instead of a payment card.
“Fraudsters are always coming up with new ways to steal money from the accounts of unsuspecting victims. Although seemingly innocuous, SIM swapping robs victims of more than just their phones: SIM highjackers can empty your bank account in a matter of hours. Law enforcement is gearing up against this threat, with coordinated actions happening across Europe,” said Fernando Ruiz, acting Head of Europol’s European Cybercrime Centre.
Remember, SIM swapping can be prevented if you add a PIN code to your smartphone account. But, the process of doing so is different for every carrier, so you need to contact the related carrier in order to do it. You may also set up a verbal password to further complicate the verification process.