Account Takeover Fraud , Cybercrime , Fraud Management & Cybercrime

Numerous Arrests in 2 SIM-Swapping Schemes

European Authorities Say Gangs Responsible for Millions in Thefts
Numerous Arrests in 2 SIM-Swapping Schemes

Europol, along with local police in Spain, Romania and Austria, arrested about two dozen alleged members of two criminal gangs that are accused of stealing millions in euros from bank accounts in several countries by using SIM swapping techniques to steal credentials and passwords.

See Also: Understanding Human Behavior to Tackle ATO & Fraud

In the first case, Europol investigators and Spanish police arrested a dozen individuals who allegedly used various SIM swapping techniques, as well as banking Trojans, to steal about €3 million ($3.4 million) from victims' bank accounts.

In addition, police in Austria and Romania, along with Europol, arrested another 14 people and shut down another alleged SIM swapping operation that had stolen more than €500,000 ($560,000) since the spring of 2019, according to Friday's announcement. The two cases were overseen by Europol’s European Cybercrime Center.

SIM Swapping

In both cases, Europol investigators believe that the two gangs used SIM swapping techniques to steal passwords and other credentials that would give them access to bank accounts and other personal data. These attacks typically start by persuading a mobile operator's customer service employee to move a cell phone number to different SIM card - a swap - or port it to another carrier.

Once attackers have control of the victim's smartphone or mobile device, they can then intercept one-time passwords or PIN resets that are used as part of a multifactor authentication process, which then allows them to rest passwords and gain access to accounts.

(Source: Europol)

Over the last year, law enforcement officials in Europe and the U.S. have reported a number of investigation into cybercriminals using SIM swapping. In November 2019, the U.S. Justice Department charged two Massachusetts men with allegedly running a years-long scheme that used SIM swapping and other hacking techniques to target executives in order to steal more than $550,000 worth of cryptocurrency (see: DOJ: Pair Used SIM Swapping Scam to Steal Cryptocurrency).

In October 2019, the FBI issued an alert noting that cybercriminals has started bypassing security measures, such as multifactor authentication, such as through SIM swapping (see: FBI: Cybercriminals Are Bypassing Multifactor Authentication).

Operation Quinientos Dusim

In the first recent investigation, called, Operation Quinientos Dusim, Europol investigators, along with Spanish police, began an investigation in January that eventually involved 12 people operating an alleged SIM swapping operation in Spain across three different regions.

While no names were released, Europol describes the suspects as ranging in age from 22 to 52 and residents of Italy, Romania, Colombia and Spain. Authorities say the gang targeted over 100 victims using SIM swapping techniques and stole between €6,000 and €137,000 ($6,700-$153,000) from accounts.

In addition to SIM swapping, this gang planted malware, such as banking Trojans, on devices as well, according to Europol.

"Once they had these credentials, the suspects would apply for a duplicate of the SIM cards of the victims, providing fake documents to the mobile service providers. With these duplicates in their possession, they would receive directly to their phones the second factor authentication codes the banks would send to confirm transfers," Europol notes.

Once the transfer had been made, the gang used "money mules" to collect the funds. All these transferred happened within one to two hours – or before victims knew their accounts had been changed, according to Europol.

Operation Smart Cash

A second recent eight-month investigation, called Operation Smart Cash, led to the arrests of 14 individuals who operated a criminal gang mainly from Romania, according to Europol. None of the suspects' names were released.

The investigation found that this gang allegedly targeted victims in Austria starting in the spring of 2019 and used SIM swapping to steal credentials and passwords.

"Once having gained control over a victim's phone number, this particular gang would then use stolen banking credentials to log onto a mobile banking application to generate a withdraw transaction, which they then validated with a one-time password sent by the bank via SMS allowing them to withdraw money at cardless ATMs," Europol notes.

Stopping SIM Swapping

One reason why SIM swapping has increased is that many wireless carriers have inadequate authentication procedures. In January, Princeton University researchers released a report than found numerous sites that use phone-based authentication techniques could easily be compromised (see: How Wireless Carriers Open the Door to SIM Swapping Attacks).

That report offered a number of recommendations for how carriers and banks could improve their security for mobile customers, including discontinuing using personal information, account information, device information, usage information and security questions as part of the authentication process. In addition, it recommended companies use website or application login with a one-time password sent through a voice call.

Managing Editor Scott Ferguson contributed to this report.

About the Author

Apurva Venkat

Apurva Venkat

Special Correspondent

Venkat is special correspondent for Information Security Media Group's global news desk. She has previously worked at companies such as IDG and Business Standard where she reported on developments in technology, businesses, startups, fintech, e-commerce, cybersecurity, civic news and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.