In a sequence of SIM swapping strikes, the Spanish National Police detained eight individuals who were reportedly part of a criminal ring that robbed bank accounts. According to a press release issued today, they allegedly mimic the targets’ bank in phishing communications sent through email, SMS, or direct messaging on social networking sites.
The suspects collected sensitive personal information through phishing to mimic the potential victims and dupe phone store staff into providing new SIM cards with the same number. Finally, they obtained one-time passwords for e-banking accounts using the victims’ phone numbers, accessed them, and swiftly drained all available cash by transferring them to accounts under their control.
The first fraud case linked to this SIM swapping gang dates back to March 2021, when the police received two reports of fraudulent transfers made without the account holders’ knowledge. Investigators could track the criminals despite their attempts to launder the funds through various bank transactions and digital quick payments. Seven people were arrested in Barcelona, one in Seville, and an equal number of bank accounts were blocked due to the crackdown.
Threat actors use SIM swapping, which entails moving a person’s phone number to a new SIM card and accessing accounts secured by SMS-based two-factor authentication (2FA). The worst incidents of compromise include enormous quantities of cryptocurrency investments, but e-bank accounts, as demonstrated in this case, can also be attractive targets.
A sudden loss of network connection on your smartphone should be taken seriously. In most situations, the account owner only has a few minutes to react and switch the 2FA method to email or an authentication app. You should always choose an alternative to SMS 2FA if the opportunity is available. If SMS is the only option, create a personal phone number used just for that reason and does not need to be shared.