In the latest data theft news circles, ten hackers have been arrested around the world following a series of ‘sim swapping’ attacks targeted at high-profile victims in the United States.
The aim was to hijack phone numbers of famous musicians, sports stars and online influencers as well as family members which allowed them to steal over $100m in cryptocurrency from illegal access to their mobile devices.
The first arrest was made in Malta and quickly followed by another in Belgium, with the following arrests coming from a variety of countries.
What started as an international investigation in Spring of 2020 was a compiled effort by law enforcement agencies in the UK, US, Belgium, Canada and Malta, co-ordinated by Europol. All ten of the arrested individuals belonged to the same criminal organization, who worked together to access various victims phone numbers and control apps and accounts by change of passwords.
This allowed the criminals to steal money, cryptocurrencies and personal information from the victim as well as access contacts that were synced with online accounts. Social media accounts were also compromised with the criminals able to post content and messages posing as the victim.
Europol identified the type of fraud as Sim Swapping, which has become a growing trend around the world as identified in the Internet Organized Crime Threat Assessment.
Criminals take over control of a victims mobile phone number by deactivating the SIM and transporting the allocated number to another SIM belonging to a criminal network member. The exploiting of phone service providers allows them to do the swap on their behalf using either a corrupt insider or social engineering techniques.
What is more alarming is that this process is not limited to famous people, but every single person with a mobile device.
To combat this growing trend, advice has been given to those with mobile phones to constantly keep their security updated on their devices, not responding to suspicious messages, phone calls, emails or texts.
In the case of people calling and posing as institutions requesting information, ask for the party to communicate through writing to certify it is in fact them, disclosing no personal details at all. It is also recommended that personal information should not be shared online or severely limited. Two-factor authentication techniques should also be commonplace by this point to better protect yourself and your information.
For more information on data theft and the combating techniques in how to protect your data online, check out the latest events from Whitehall Media.