“Fraudsters are always coming up with new ways to steal money from the accounts of unsuspecting victims.”
Europol has supported two separate law enforcement operations that have smashed and arrested members of a SIM card fraud ring that has stolen millions from bank accounts in the last two years.
SIM swap fraud involves a threat actor making a copy of a victim’s SIM card and using their own devices to intercept the incoming calls and message to that number.
In our digital age SMS messages are increasingly used to send one-time-password in order to authenticate users.
Financial institutions like banks uses these passwords to secure accounts, which are of course subsequently raided if a hacker can intercept the SMS.
The arrests made this month targeted a gang that had set up a process in which they would use fake identification to trick mobile operators into handing over duplicates of unsuspecting victims’ SIM cards. In a one-two-punch the hackers were pairing these SIMs with online banking credentials that they had obtained by infecting banks with credential stealing malware.
Europol notes that they then simply “proceeded to make fraudulent transfers from the victims’ accounts to money mule accounts used to hide their traces. All this was done in a very short period of time – between one or two hours – which is the time it would take for the victim to realise that his/her phone number was no longer working.”
Europol Helps Smash SIM Card Fraud
A second hacker ring was busted following an eight-month long operation that was conducted by the Romanian National Police and the Austrian Criminal intelligence Service, with the support of Europol.
The hacker group of 12 was made up of individuals from Italy, Romania, Colombia and Spain, with ages ranging from 22-52.
One of the simplest ways to avoid been caught in theft like this is to setup two-factor identification on online services, as having one authentication code sent to your SIM by SMS is just not enough protection, with SMS’s so easily intercepted.
Fernando Ruiz, acting Head of Europol’s European Cybercrime Centre commented: “Fraudsters are always coming up with new ways to steal money from the accounts of unsuspecting victims. Although seemingly innocuous, SIM swapping robs victims of more than just their phones: SIM hijackers can empty your bank account in a matter of hours. Law enforcement is gearing up against this threat, with coordinated actions happening across Europe.”