Europol has announced its success in dismantling two SIM swapping networks in Spain, Austria, and Romania. Named operation "Quintentos Dusim” and operation "Smart Cash,” they were both the results of lengthy investigations that led to the arrests of 26 individuals. The crime gangs had managed to hijack the phone numbers of hundreds of victims, emptying their bank accounts, gaining control of their online accounts, and getting past two-factor authentication steps that are based on the use of SMS messages.
Starting with the Quinientos Dusim operation, the Spanish Police have worked together with the Civil Guard and the Europol for the past three months, tracking down twelve SIM swapping actors from Benidorm, Granada, and Valladolid. The gang comprised of people from Romania, Colombia, and Spain, and had managed to duplicate the SIM cards of about 100 people, stealing a total of €3 million. They made fraudulent bank transfers over to money mule accounts in an attempt to hide their traces from the authorities.
In operation Smart Cash, the investigation of the Romanian National Police and the Austrian Criminal Intelligence Service lasted for about eight months and resulted in the arresting of 14 criminals from Bucharest, Constanta, Mures, Braila, and Sibiu. The targets of this gang were mainly from Austria, and the authorities estimate that a total of half a million Euros lost. They stole the money mainly by logging in on the mobile banking app of the victims and withdrawing it at card-less ATMs by using one-time passwords.
Unfortunately, the victims can’t do a lot to protect themselves from SIM swappers, as it is usually telco employees who are tricked through social engineering and perform the number porting. One solid way to protect yourself, though, would be to keep secret the phone number that you are using for 2FA. This way, the actors wouldn’t even know what number to swap to their SIM card. Moreover, you may also call your telecommunications provider and set up a PIN that should be requested in the case of number porting events. If you suddenly lose the signal reception on your phone, check your access on the most critical online services and reset your passwords immediately. If you’ve lost access there, call your bank as soon as possible and inform them of the situation before your account is emptied.