Criminals escalating SIM swap attacks to steal millions of dollars: FBI


By MYBRANDBOOK


Criminals escalating SIM swap attacks to steal millions of dollars: FBI

Ransomware continues to be an ongoing problem with protecting users’ data, there is a cell phone scam the public needs to be aware of as well. The FBI says criminals have escalated SIM card swap attacks to hijack victims’ phone numbers and steal millions of dollars from fiat and virtual currency accounts. “Both people and companies have become conditioned to being able to verify identity through simple questions like social security number or mother’s maiden name. Unfortunately, this falls apart completely when data breaches affecting millions of people routinely occur. Now information that was previously assumed to be relatively private is in the hands of malicious parties who can leverage it to easily impersonate their victims.”

 

SIM swapping is a scam in which malicious parties target cell phone carriers to gain access to victims’ bank accounts, virtual currency accounts and additional sensitive information by using social engineering, insider threat or phishing techniques. Social engineering involves a criminal to impersonate the victim’s mobile number by tricking the cell phone carrier into switching the victim’s mobile number to a SIM card that is in the criminal’s possession, allowing the malicious party to access the victim’s calls, texts and other data, but this is only one of the three methods used to steal funds from victims.

 

FBI encourages mobile users to first contact their mobile carriers immediately to regain control of their phone number, then accessing their online accounts to change their passwords that protect their sensitive data. Insider threat takes place when a criminal actor pays off a mobile carrier employee to switch the victim’s SIM to a card currently in the criminal’s possession. Malicious parties can also employ phishing techniques to access victims’ sensitive data, and steal funds from the victim through their banking data or third-party services like PayPal or Venmo.

 

 

This level of access to a victim’s cell data then allows a malicious party entry to everything from text message verification to SMS based two-factor authentication to exploit victims’ sensitive information. Service providers must move from more simplistic means of validating identity to more sophisticated ones,”. “PIN codes unique to each user’s account can be one way of adding additional security to the process, and ‘out of wallet’ questions are another alternative that works by verifying much harder to compromise information such as last three home addresses or cars. It may be more of a hassle for everyone, but it’s simply no longer viable to rely on information that has been routinely compromised to validate a person’s identity.

 E-Magazine 
 VIDEOS  Placeholder image

Copyright www.mybrandbook.co.in @1999-2024 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org