Security News > 2022 > February > Sharp SIM-Swapping Spike Causes $68M in Losses
The attacks, which lead to 2FA defeat and account takeover, have accelerated by several hundred percent in one year, leading to thousands of drained bank accounts.
SIM-swapping - the practice of duping mobile carriers into switching a target's phone services to an attacker-controlled phone - is on the rise, the Feds are warning - leading to millions in losses for consumers who found their bank accounts drained and other accounts taken over.
Once the service has been redirected, the crooks have access to any of the victims' calls, texts, voicemails and saved profile data, which allows them to send "Forgot Password" or "Account Recovery" requests to the victim's email and easy defeat two-factor authentication that uses one-time passcodes and crack high-value accounts.
While SIM-swapping isn't a new practice, the attacks now seem to be accelerating at a rapid clip: Last year, the FBI Internet Crime Complaint Center received 1,611 SIM swapping complaints with adjusted losses stemming from resulting account takeovers and data theft totaling more than $68 million, it said this week.
"PIN codes unique to each user's account can be one way of adding additional security to the process. 'Out of wallet' questions are another alternative that works by verifying much harder to compromise information such as last three home addresses or cars. It may be more of a hassle for everyone, but it's simply no longer viable to rely on information that has been routinely compromised to validate a person's identity."
Do not provide your mobile number account information over the phone to representatives that request your account password or PIN. Verify the call by dialing the customer service line of your mobile carrier.
News URL
https://threatpost.com/sharp-sim-swapping-spike-losses/178358/