News

SIM-Swap Scams: A Growing Concern for Everyone from FTX to the SEC

In the aftermath of the FTX cryptocurrency exchange collapse in November 2022, a baffling mystery emerged about the whereabouts of roughly $400 million in vanished cryptocurrency. Court documents now hint that a SIM-swapping criminal gang, believed to have ties to Russia, might have orchestrated the FTX theft. This incident isn’t isolated, with the Security Exchange Commission (SEC) recently disclosing it fell victim to a similar SIM-swapping scheme that led to premature announcements on X (formerly Twitter) about Bitcoin exchange-traded funds approval.

SIM-swapping, a technique well-known to security experts for hacking into bank accounts, corporate emails, and social media, has claimed notable victims, including Twitter’s co-founder Jack Dorsey. In 2021 alone, the FBI received over 1,600 complaints about SIM swapping, with financial losses exceeding $68 million.

Understanding SIM-Swapping

A SIM (Subscriber Identity Module) card is pivotal for linking a phone number to a mobile network. SIM swapping involves deceiving a phone company into transferring a victim’s phone number to a scammer’s SIM card, granting them access to receive crucial authentication codes and password resets. This vulnerability can lead to unauthorized access to crypto wallets, bank accounts, and social media profiles. The FTX breach, for instance, reportedly involved an American woman using a fake ID to impersonate an FTX executive at an AT&T store, gaining control over her phone number and subsequently the company’s crypto wallets.

How to Guard Against SIM-Swapping?

In response to the growing threat of SIM-swapping, the Federal Communications Commission (FCC) mandated in November that cell phone carriers must immediately notify customers of any requests to port their numbers to another account. Carriers have introduced additional safeguards, such as the option to create an account PIN for phone number transfers or requiring a one-time PIN before any transfer is authorized. These features vary by carrier and might not be activated by default, urging customers to proactively check their account settings.

Protecting Your Accounts

Even if a scammer hijacks your phone number, you can still bolster the security of your email, social media, and financial accounts. Opting for biometric authentication or using authentication apps like those from Microsoft and Google can provide more secure alternatives to text message-based two-factor authentication. Moreover, physical security keys offer an extra layer of protection, making it increasingly difficult for unauthorized access.

The incidents involving entities like FTX and the SEC underscore the critical need for vigilance and proactive measures against SIM-swapping. By adopting more secure authentication methods and staying informed about carrier options, individuals and organizations can significantly mitigate the risk of these increasingly common cyber attacks.

Leave a Reply

Your email address will not be published. Required fields are marked *