Ten people have been arrested in connection with a series of SIM-swapping attacks that reaped more than $100 million by taking over the mobile phone accounts of high-profile individuals.
SIM-swapping is a crime that involves replacing a target’s legitimate SIM card with one belonging to the attacker. The attacker then initiates password resets for accounts for email, cryptocurrency holdings, and other important resources. With control over the target’s mobile phone, the attacker responds to text messages the account providers send to complete the password reset.
The account hijacking typically occurs with either the help of a malicious employee who works for the mobile carrier, or with the help of an attacker posing as the rightful account owner and asking for a new card.