Ten people in Europe have been arrested for hijacking the cell phone numbers of celebrities in the US in order to take over their online accounts.
According to the UK National Crime Agency, the arrested suspects were part of a criminal gang that targeted numerous victims in the US last year, including sports stars, musicians, and well-known influencers on social media.
The same group also stole an estimated $100 million in cryptocurrencies after gaining access to victims’ phones, according to Europol.
To hijack the cell phone numbers, the gang resorted to SIM swapping. This often involves identity theft to trick a cellular provider into handing over access to your cell phone number. In other cases, the culprit will pay off a rogue employee to claim control of the number.
A successful SIM swap can then open the door to a full takeover your most important online accounts. This is because many internet companies and bank providers use your cell phone number as a way to send password reset links.
“After changing the passwords, the victim is denied access and the criminals have free rein over their contacts, banking apps, emails and social media accounts,” the UK National Crime Agency added.
The 10 arrested suspects allegedly stole money from victims’ online bank accounts and Bitcoin wallets. In some cases, they also took over the victims’ social media profiles, and sent messages pretending to be them.
The UK National Crime Agency said it worked with the FBI and the Department of Homeland Security to track down the suspects, eight of whom were arrested in the UK. The other two were arrested in Malta and Belgium. The defendants now face the prospect of being extradited to the US to face criminal charges.
To protect yourself from a SIM swapping attack, it’s best to avoid using your cell phone number for password resets or for two-factor authentication. (Instead, you can use an authenticator app to generate 2FA codes on your smartphone.) You can also call your cellular provider to set up a PIN or password on your account to help stop a hijacking attempt. The FTC has more tips.