Agents of the Federal Bureau of Investigation (FBI) published a report mentioning that its Internet Crime Complaint Center (IC3) has received more than 1,900 complaints related to the SIM swap attack variant.
This is a combination of phishing and social engineering that aims to trick employees of phone companies into transferring a legitimate user’s phone number to a SIM card controlled by hackers. Sometimes, the SIM swap is done with the help of an internal attacker, although in essence it works in the same way.
A successful attack allows threat actors to intercept the victim’s calls and text messages, including multi-factor authentication codes. Access to these codes would eventually allow you to take control of any online accounts associated with the copied phone number, including social media profiles, email accounts, and more.
In the most severe cases, victims lose access to their online banking platforms and cryptocurrency addresses, in addition to being exposed to identity fraud.
Unfortunately, reports of SIM swap attacks have only increased excessively for some years now, which caught the attention of law enforcement around the world. While the FBI had only received about 300 reports between 2018 and 2020, the figure soared to 1,600 complaints in 2021. It is estimated that, during the past year, this attack generated losses of around $ 68 million USD, a figure that will undoubtedly be exceeded by the end of 2022.
In its report, the FBI asked mobile operators to disseminate more information about the SIM swap attack among their customers, hoping users will learn how to identify a possible attack and, if possible, implement additional security mechanisms to avoid economic losses.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.