SIM Highjackers Stealing More Than €3 Million By Highjacking Phone Numbers

Law enforcement agencies arrested 26 fraudsters who have committed a Sim swapping fraud and stole over €3 million in a series of SIM swapping attacks.

The criminals managed the obtain the online banking credentials from the victims of the different banks by means of hacking techniques such as the use of banking Trojans or other types of malware. Basically, they try to login to their bank account, but the password crashes. Thus, they have graced the newest victim of SIM swap scam, and their phone number is now in the control of a criminal. 

The SIM swap fraud is performed when a fraudster tricks the victim’s mobile phone operator while porting the victim’s mobile number to a SIM in the ownership of the fraudster and then starts getting all incoming calls and text messages, including banking OTP (one-time-passwords) that are assigned to the victim’s phone number.

Moreover, the fraudster can then make transactions, utilizing credentials found by other methods such as malware. When the bank gives a one-time-password by SMS, the fraudster gets it and performs the authorization of the transaction.

Last year the cybersecurity experts have exposed the occurrence of a new and previously undetected severe simjacker vulnerability in SIM cards that could enable remote attackers to negotiate targeted mobile phones and spy on victims just by assigning an SMS.

Operation Quinientos Dusim

SIM trading securing the headlines in current months, police over Europe has been organizing up against this threat, with two services targeting SIM highjackers coming newly to success.

Below the name “Operation Quinientos Dusim,” Europol’s European Cybercrime Centre (EC3), the Spanish National Police, and Spanish Civil Guard seized 12 defendants across Benidorm, Granada, and Valladolid. 

Hence, a joint police inquiry in January – a collaboration between Europol and Spanish law enforcement – probed the arrest of 12 suspects in Spain, held to have completed a cybercrime ring that defrauded more than €3 million by SIM hijacking.

“Composed of nationals between the ages of 22-52 years old from Italy, Romania, Colombia and Spain, this criminal gang struck over 100 times, stealing between €6,000 and €137,000 from bank accounts of unsuspecting victims per attack”

Operation Smart Cash

Thus, law implementation in Romania and Austria arrested an additional 14 alleged members of a different gang under “Operation Smart Cash.” Perpetrators of SIM swapping attack can create illegal profits in the millions, devising dozens of victims in their track.

“Once they had these credentials data, the defendants would appeal for a duplicate of the SIM cards of the victims, giving fake documents to the mobile assistance providers.” After that, a second investigation, crossing eight months and backed by Europol in partnership with the Romanian and Austrian security services, headed to the February arrests of 14 SIM hijackers who were involved in various cases of identity fraud in Austria.

According to Europol report “Well, after gaining control over a victim’s phone number, this particular gang would then utilized stolen banking credentials to get access to a mobile banking application. So that they can create a withdrawal transaction which they later confirmed with a one-time password sent by the bank via SMS enabling them to withdraw cash at cardless ATMs,” Europol stated. Well, as per the information, the cybercrime gang is suspected of having taken more than €500,000 ($560,000).

So, what do you think about this? Simply share all your views and thoughts in the comment section below.

Also Read:

Credit Card Data From Volusion Hack Appears On Dark Web

Beware of Fake Weaponized Coronavirus Maps that Steal Your Login Credentials

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.