American law enforcement has declared war to
The suspects stole the funds from at least 10 victims using SIM
In May, the U.S. Department of Justice charged nine individuals connected to a hacking crew focused on identity theft and SIM swapping attacks.
In SIM swap frauds crooks are able to port the phone number of the victims to a new SIM card under their control.
A SIM swap fraud is a type of fraud that overwhelms the additional security measures introduced by organizations to protect their customers.
Attackers obtain victims’ information by launching a phishing campaign, or by purchasing them in the underground market.
Crooks use the information gathered on the victims in the attempt to impersonate them in front of a telco operator and ask it to provide a new SIM to replace the old one that was lost or stolen.
They can prove their identity by answering basic security questions and requesting the cancellation of the old SIM and the activation of a new one. Once obtained a new SIM, crooks can operate with the victim’s mobile account, intercepting or initiating calls, accessing SMSs (including authorizations codes sent by bank and cryptocurrency exchanges) and to authorize transactions.
“Two Massachusetts men were arrested today and charged in U.S. District Court in Boston with conducting an extensive scheme to take over victims’ social media accounts and steal their
According to the DoJ, the two defendants Eric Meiggs (20) and Declan Harrington (21) targeted users with high-value
The duo has also been charged for taking over social media accounts of their victims, including two who individuals that “had high value or ‘O.G.’ (slang for ‘Original Gangster’) social media account names.”
The duo has been charged with:
The defendants face a maximum penalty of 20 years in prison, the aggravated identity theft charge can add to the sentence additional 2 years in prison.
In March, the FBI issued a SIM swapping alert in response to the increasing cases of SIM jacking attacks.
In October, the U.S.
• Don’t reply to calls, emails, or text messages that request personal information. These could be phishing attempts by scammers looking to get personal information to access your cellular, bank, credit or other accounts. If you get a request for your account or personal information, contact the company using a phone number or website you know is real.
• Limit the personal information you share online. If possible, avoid posting your full name, address, or phone number on public sites. An identity thief could find that information and use it to answer the security questions required to verify your identity and log in to your accounts.
• Set up a PIN or password on your cellular account. This could help protect your account from unauthorized changes. Check your provider’s website for information on how to do this.
• Consider using stronger authentication on accounts with sensitive personal or financial information. If you do use MFA, keep in mind that text message verification may not stop a SIM card swap. If you’re concerned about SIM card swapping, use an authentication app or a security key.
(SecurityAffairs – SIM swapping, cybercrime)