Brooke Brennan and Kevin Smith
ARIZONA—The FBI Phoenix Field Office wants to educate the public about the dangers of Subscriber Identity Module (SIM) swapping by criminals to steal money from virtual currency accounts.
How the scam works—Criminals first identify a victim who is likely to own large amounts of digital currency and obtain their phone number and mobile carrier. They then socially engineer a customer service representative to port the victim’s phone number to a SIM card and phone in their control.
Once they obtain control, they will change the passwords to all accounts (email, cloud storage, and social media accounts) by using the password reset option. Criminals can defeat any SMS-based or mobile two-factor authentication on any user accounts with control of the victim’s phone number, and then steal the currency.
The FBI suggests these tips to protect you and your digital currency:
- Protect your personal and financial information. Don’t advertise your phone number, address, or financial assets, including ownership or investment of cryptocurrency, on social media sites.
- Take precautions giving your mobile account information to representatives over the phone. Verify the call by dialing the customer service line of your mobile carrier or place a note on your account that changes must be done in person.
- Use strong multi-factor authentication methods such as biometrics, physical security tokens, or standalone authentication applications to access online accounts.
- Do not store passwords, usernames, or other information for easy login on mobile device applications.
If you believe you are a victim of SIM swapping, contact your mobile carrier, change all passwords, and contact your financial institution. Then inform your local law enforcement agency or FBI Phoenix at (623) 466-1999. Victims are also encouraged to file a complaint with the FBI at ic3.gov.
For more information on SIM swapping, visit: https://www.ic3.gov/Media/Y2022/PSA220208