The FBI (Federal Bureau of Investigation) has disclosed that cybercriminals have increased SIM swap attacks to steal millions of dollars by hijacking the phone numbers of victims. According to FBI reports obtained through the Internet Crime Complaint Center (IC3) in 2021, the number of complaints received from the public in the United States has climbed almost fivefold from 2018 and reported losses have increased nearly fivefold.
The FBI’s warning comes after the US Federal Communications Commission (FCC) stated that it had begun developing guidelines to prevent SIM swapping attacks. The FCC’s action follows multiple customer complaints about considerable anguish and financial loss due to SIM swapping attacks and port-out fraud.
“The Federal Bureau of Investigation is issuing this announcement to inform mobile carriers and the public of the increasing use of Subscriber Identity Module (SIM) swapping by criminals to steal money from fiat and virtual currency accounts,” the FBI warned.
“From January 2018 to December 2020, the FBI Internet Crime Complaint Center (IC3) received 320 complaints related to SIM swapping incidents with adjusted losses of approximately $12 million. In 2021, IC3 received 1,611 SIM swapping complaints with adjusted losses of more than $68 million.”
Following an upsurge in SIM hijacking occurrences, the federal law enforcement agency issued another SIM swapping alert three years earlier, in March 2019.
SIM swapping fraud (aka SIM jacking, SIM hijacking, or SIM splitting) is an account takeover (ATO) scam in which criminals take control of their victims’ phone numbers. The criminals achieve this by using social engineering or the help of one or more bribed staff to deceive phone service providers into shifting a target’s phone number to attacker-controlled SIM cards.
The criminals would get the victims’ calls and messages once the SIM has been moved, making it very easy to circumvent SMS-based MFA, steal passwords, and gain control of their victims’ online service accounts. Most SIM swappers are motivated by money. They typically target their victims’ cryptocurrency exchange and online banking accounts to steal virtual assets and funds, as well as lock them out of their accounts by changing passwords.
On Tuesday, the FBI released tips on how individuals may protect themselves and how mobile carriers can protect their customers against SIM swapping attacks, as well as information on how to report incidents of SIM swapping.