Europol Reports Arrest of Gangs Who Made Millions Through SIM Swap Attacks
European authorities have announced the dismantling of two criminal groups responsible for stealing millions of euros through SIM card hijacking. In these types of attacks, criminals use social engineering to trick mobile carrier representatives. For example, by pretending to be the legitimate owner of a phone number, the attacker claims the SIM card was lost or damaged and requests the number be transferred to a new SIM card. Once successful, the criminals gain access to accounts linked to the victim’s phone number, effectively stealing their entire digital identity.
SIM swap attacks are often used to steal large sums in cryptocurrency, from bank accounts (since intercepting 2FA codes becomes easy), or to hijack valuable Instagram accounts.
Operation Quinientos Dusim
The operation, called Quinientos Dusim, involved the European Cybercrime Centre (EC3), Spain’s National Police, and the Spanish Civil Guard. Europol reports that last week, members of two separate criminal groups specializing in SIM card hijacking were arrested: dozens of people were detained in Spain and Romania.
In Spain, 12 suspects were arrested, allegedly stealing over €3,000,000. The detainees, aged 22 to 52, were citizens of Italy, Romania, Colombia, and Spain. Authorities believe they carried out more than 100 attacks, stealing between €6,000 and €137,000 per attack on average.
Using banking trojans or other hacking methods, the criminals obtained victims’ online banking credentials. They then provided fake documents to the victim’s mobile provider to get a duplicate SIM card. This allowed them to receive two-factor authentication codes from banks and make fraudulent transfers to money mule accounts within one or two hours. Essentially, victims had almost no time to notice their phone was not working and that their number had been hijacked.
Arrests in Romania
In Romania, authorities arrested another 14 members of the criminal group, with arrests carried out simultaneously in Bucharest, Constanța, Mureș, Brăila, and Sibiu. Reports indicate that in early 2019, these criminals emptied several bank accounts in Austria. Using stolen credentials and hijacked phone numbers, they accessed mobile banking apps to make transactions, which were then confirmed with one-time passwords sent via SMS. Through this tactic, the group allegedly stole over half a million euros.