SIM card swap scams on the rise, FBI warns; $68 million stolen in 2021

The Federal Bureau of Investigation is issuing a warning about Subscriber Identity Module – or SIM – swapping scams that have risen substantially over the last year and netted criminals over $68 million in 2021.

Download the FOX 5 DC News App for Local Breaking News and Weather

SIM swapping is a technique where criminals target mobile carriers to gain access to customer bank accounts and other sensitive information.

Authorities say criminals can use phishing techniques, impersonate a victim, or even pay off mobile carrier employees to switch a victim's mobile number to a SIM card in their possession.

Once the SIM is swapped, the victim's calls, texts, and other data are diverted to the imposter device, the FBI says. This switch allows criminals to send 'Forgot Password' or 'Account Recovery' requests to the victim's email and other online accounts associated with the victim's cell phone number.

SUBSCRIBE TO FOX 5 DC ON YOUTUBE

Using SMS-based two-factor authentication, cell phone providers send a link or one-time passcode text to the victim's number -- now owned by the fraudster -- to access accounts. The FBI says the scammers then use the codes to login and reset passwords for online accounts associated with the victim's phone.

TIPS ON HOW TO PROTECT YOURSELF

The FBI recommends individuals take the following precautions:

Do not advertise information about financial assets, including ownership or investment of cryptocurrency, on social media websites and forums.

Do not provide your mobile number account information over the phone to representatives that request your account password or pin. Verify the call by dialing the customer service line of your mobile carrier.

Avoid posting personal information online, such as mobile phone number, address, or other personal identifying information.

Use a variation of unique passwords to access online accounts.

Be aware of any changes in SMS-based connectivity.

Use strong multi-factor authentication methods such as biometrics, physical security tokens, or standalone authentication applications to access online accounts.

Do not store passwords, usernames, or other information for easy login on mobile device applications.

The FBI recommends mobile carriers take the following precautions:

Educate employees and conduct training sessions on SIM swapping.

Carefully inspect incoming email addresses containing official correspondence for slight changes that can make fraudulent addresses appear legitimate and resemble actual clients' names.

Set strict security protocols enabling employees to effectively verify customer credentials before changing their numbers to a new device.

Authenticate calls from third party authorized retailers requesting customer information.

VICTIM REPORTING AND ADDITIONAL INFORMATION

If you suspect that you are a victim of SIM swapping:

Contact your mobile carrier immediately to regain control of your phone number.

Access your online accounts and change your passwords.

Contact your financial institutions to place an alert on your accounts for suspicious login attempts and/or transactions.

Report information concerning all suspicious activity to your local law enforcement agency or your local FBI field office (contact information can be found at www.fbi.gov/contact-us/field-offices.)

Report the activity to the FBI's Internet Crime Complaint Center at www.ic3.gov.