SIM swapping incidents have seen a dramatic increase in recent years, according to a new alert from the FBI. The Internet Crime Complaint Center (IC3) reported a staggering rise in complaints related to SIM swapping, with over five times more cases reported in 2021 compared to the previous three years combined.
Between January 2018 and December 2020, the IC3 received 320 complaints related to SIM swapping, resulting in combined losses of approximately $12 million. However, in 2021 alone, the IC3 received 1611 complaints, with losses exceeding $68 million.
SIM swapping typically involves fraudsters manipulating mobile carriers to transfer a victim’s mobile number to a SIM card in their possession. This can be achieved through social engineering tactics, phishing emails containing malware, or collusion with insiders at the phone company.
Once the SIM swap is successful, the criminal gains access to the victim’s calls, texts, and other data, allowing them to intercept password reset requests and access the victim’s online accounts. This method is often used to target cryptocurrency accounts, as demonstrated by a Canadian teenager who stole $36.5 million from a US victim.
To protect against SIM swapping attacks, the FBI advises users to avoid sharing personal information online and refrain from disclosing details about crypto and financial assets on social media. It also recommends using strong multi-factor authentication (MFA) methods that do not rely on SMS passcodes, such as biometrics and standalone MFA apps.
In addition, the FBI urges mobile carriers to enhance internal security measures by providing comprehensive staff training, implementing effective phishing detection systems, and strengthening customer authentication protocols.
By following these recommendations, both individuals and mobile carriers can mitigate the risks associated with SIM swapping attacks and safeguard against financial losses and privacy breaches.