A recent Department of Justice (DOJ) case highlighted a lucrative fraud scheme that has been on the rise known as “SIM-swapping.”
According to the DOG, global criminal networks perform “SIM-swaps” to gain access to an individual’s phone, and thus their private information and passwords – including cryptocurrency keys.
The scheme has been especially lucrative since last year’s meteoric rise in cryptocurrency value and investor wealth.
The recent arrest of fraudster Declan Harrington, 21, of Massachusetts, shined a spotlight on the SIM-swap scheme. Harrington pleaded guilty to several counts including conspiracy, wire fraud and aggravated identity theft.
According to the Massachusetts U.S. Attorney’s Office, Harrington and other co-conspirators targeted at least 10 victims around the country with the scheme.
The DOJ said the gang “stole (or attempted to steal) more than $530,000 in cryptocurrency” from the victims.
But this wasn’t an isolated case.
A report by Europol in February claimed that 8 fraudsters were arrested for using the method to target thousands of high-profile victims in the U.S., including celebrities, influencers, musicians and athletes.
According to the article, the attackers stole over $100 million in cryptocurrencies after hacking into their phones with a SIM-swap.
The arrests come after a year-long investigation conducted between international law enforcement authorities, such as the UK National Crime Agency, the United States Secret Service, FBI, Homeland Security Investigations and Santa Clara REACT, as well as agencies from Belgium, Malta and Canada. Europol coordinated international activity.
In a “SIM-swap” attack, a criminal gains access to an individual’s phone by getting the phone service provider to swap the victim’s SIM card for the criminal’s card. They then reset the passwords for the user’s mobile phone account, as well as account log-in credentials.
“The cybercriminals can then reset the victim’s account log-in credentials and use those credentials to access the victim’s account without authorization,” the DOJ said.
Europol explained the operation as thus: “It involves cybercriminals taking over use of a victim’s phone number by essentially deactivating their SIM and porting the allocated number over to a SIM belonging to a member of the criminal network.”
Once criminals gain control of a phone and its accounts, they just need to identify digital currency wallets and their keys. They can then transfer the cryptocurrency from the victim’s account to their own.