UK Police Arrest SIM-Swapping Gang Responsible for the Theft of Over $100 Million in Cryptocurrency

cryptocurrency SIM $100 millionThis month the UK’s National Crime Agency (NCA) arrested eight suspects who targeted famous sports stars and musicians in the US and stole from victim’s bank accounts and crypto wallets.

We hadn’t heard much from the SIM-swapping side of cybercrime in quite a while. This method of tricking a carrier and anyone using a phone number as a form of authentication is accomplished by swapping out the legitimate SIM of the victim with one controlled by the criminal to take over the mobile number of their target.

Once in control of the mobile phone number, it becomes far easier to reset passwords, gain access to bank accounts, etc. as many businesses lean on the possession of a mobile device as the second form of authentication. In all, the NCA estimates that the gang took over $100 million in money and cryptocurrency over the course of 2020.

It’s not clear whether the gang used social engineering to trick their victims into giving up logon details, hacked into a cellular carrier’s network and gained access to their internal systems, or had inside help to modify the SIM on the target mobile account. But the NCA was able to monitor the gang during their investigation and notify some victims of the SIM swap before any malicious actions could be taken.

While this attack targeted celebrities in the US, this could just as easily be an attack targeting CEOs in an attempt to impersonate and commit fraud. Organizations should be mindful of any social engineering involving their mobile device and its associated user account, as well as any communication from an executive's mobile device that involves money-related transactions.

Request A Demo: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Save My Spot!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Anti-Phishing Guide ebook

Get the latest about social engineering

Subscribe to CyberheistNews