Following an increase in SIM-jacking over the recent months, Europol announces the arrest of at least more than two dozen suspects of bank accounts by hijacking the phone numbers of some unfortunate users through SIM-swap fraud following months of cross-border investigations.
Police across Europe have been preparing to disassemble criminal networks that are said to have been responsible for these attacks for a long time now.
SIM swaps work since phone numbers are in connection to the phone's SIM card and ‘SIM’ short for subscriber identity module, a special system-on-a-chip card that safely stores the cryptographic secret that distinguishes the user's phone number to the network.
Most mobile phone shops out there can issue and activate substitution or replacement SIM cards quickly, causing the old SIM to go dead and the new SIM card to assume control via the phone number just as the telephonic identity.
It had so happened in October in the United States that the FBI cautioned that 'bad guys' were getting around certain kinds of two-factor authentication (2FA).
The easiest, smoothest and thusly the most widely recognized approach to sneak past 2FA is SIM-swap fraud, where an attacker persuades a mobile system to port a target's mobile number or plants malware on a victim's phone, along these lines permitting them to intercept 2FA security codes sent by means of SMS text.
The easiest, smoothest and thusly the most widely recognized approach to sneak past 2FA is SIM-swap fraud, where an attacker persuades a mobile system to port a target's mobile number or plants malware on a victim's phone, along these lines permitting them to intercept 2FA security codes sent by means of SMS text.
However whether the hackers are breaking into 'regular old bank accounts' or Bitcoin accounts, the crime is clearly incredibly expensive for the victims who observe helplessly as their accounts drain.
Here are some safety measures recommended for the users to consider and forestall such mishappenings-
- Watch out for phishing emails or fake websites that crooks use to acquire your usernames and passwords in the first place.
- Avoid obvious answers to account security questions.
- Use an on-access (real-time) anti-virus and keep it up-to-date
- Be suspicious if your phone drops back to “emergency calls only” unexpectedly.
- Consider switching from SMS-based 2FA codes to codes generated by an authenticator app.