Europol busts up two SIM-swapping hacking rings

2020-03-17 10:51

Cross-border investigations, Europol announced on Friday that it's arrested more than two dozen people suspected of draining bank accounts by hijacking victims' phone numbers via SIM-swap fraud.

As we've explained, SIM swaps work because phone numbers are actually tied to the phone's SIM card - in fact, SIM is short for subscriber identity module, a special system-on-a-chip card that securely stores the cryptographic secret that identifies your phone number to the network.

Most mobile phone shops out there can issue and activate replacement SIM cards quickly, causing your old SIM to go dead and the new SIM card to take over your phone number and your telephonic identity.

By stealing your phone number, the crooks start receiving your text messages along with your phone calls, and if you've set up SMS-based two-factor authentication, the crooks now have access to your 2FA codes - at least, until you notice that your phone has gone dead, and manage to convince your account providers that somebody else has hijacked your account.

Malware on your phone may be able to coerce the authenticator app into generating the next token without you realizing it - and canny scammers may even phone you up and try to trick you into reading out your next logon code, often pretending they're doing some sort of "Fraud check".

News URL

https://nakedsecurity.sophos.com/2020/03/17/europol-busts-up-two-sim-swapping-hacking-rings/

#europol #hacking #SIM