FBI San Francisco
San Francisco Media Office
media.sf@fbi.gov
March 6, 2019

FBI San Francisco Warns the Public of the Dangers of SIM Swapping

Criminals Are Targeting Victims with Cryptocurrency and Other Digital Currency Accounts

SAN FRANCISCO—The San Francisco Division of the Federal Bureau of Investigation (FBI) is seeking to warn potential victims of SIM swapping. Criminal actors engage in SIM swapping for the purpose of gaining access to the victim’s digital currency accounts. Most of the individuals targeted are heavy investors in or early adopters of cryptocurrency.

“The FBI has seen an increase in the use of SIM swapping by criminals to steal digital currency using information found on social media. This includes personally identifying information or details about the victim’s digital currency accounts,” said Special Agent in Charge John F. Bennett of the FBI San Francisco Division. “The FBI wants to help individuals make themselves harder targets and, if they are victimized, to quickly regain control of their accounts to mitigate any potential harm. The FBI and our local law enforcement partners will investigate the culprits behind SIM swapping and bring these criminals to justice.”

Generally, the attackers follow this pattern:

  • Identify the victim: Identify a victim likely to own a large amount of digital currency, particularly cryptocurrency. Identify the victim’s mobile telephone number and the mobile phone carrier.
  • Swap the SIM card: Socially engineer a customer service representative from the mobile phone company in order to port the victim’s phone number to a SIM card and phone in the control of the attackers.
  • Password resets: Initiate password resets on the victim’s email, cloud storage, and social media accounts (password resets usually accomplished by text messages to the victim’s telephone number).
  • Access accounts: Gain access to the victim’s accounts and identify digital currency keys, wallets, and accounts that may be stored in them. Defeat any SMS-based or mobile application-based two-factor authentication on any accounts with control of the victim’s phone number.
  • Steal currency: Transfer the digital currency out of the victim’s account into accounts controlled by the attackers.

The FBI recommends that the public take these measures to prevent becoming a victim:

  • Protect your personal information: Avoid posting personal data online, such as your mobile phone number, address, or other personal information. Bad actors often do significant information gathering before attempting to compromise a target. Do not leave important documents or information in your email account (e.g., digital currency private keys, documents with your social security number, or photo copies of a driver’s license).
  • Protect your financial information: Avoid posting information online about your financial assets (including cryptocurrency), especially on any social media websites and forums.
  • Take precautions with your mobile service provider: Call your mobile service provider and place a PIN on your account; only individuals with the PIN should be able to make any changes on the account. In addition, place a note on the account that mandates any change to the account must be done in-person at a physical location.
  • Use unique passwords: Secure online accounts with unique passwords—preferably passphrases—and do not re-use the same password across each account.
  • Use two-factor authentication apps or physical security keys: Activate two-factor authentication on every online account when possible; preferably using a standalone authentication app such as Google Authenticator instead of SMS. A physical security key is even better.

If you suspect that you may be a victim of SIM swapping, the FBI recommends that you take several steps to mitigate any harm and report the incident to law enforcement:

  • Access your accounts: Attempt to access your online accounts as soon as possible from a secure location or connection and change your password. Email accounts are normally targeted first.
  • Call your bank: Call your financial institutions to place an alert on your accounts for suspicious login attempts.
  • Look for unusual activity: Once online accounts have been re-established, view your recent activity to check for any unusual activity. Check for unknown devices associated with the account. Save any indicators of suspicious activity so you can report them to law enforcement.
  • Call your mobile service provider: Report the incident to a physical location for your mobile service provider after your online accounts have been remediated. Attempt to ascertain when the SIM was ported to a new phone and gather the SIM card number and IMEI from the mobile provider. Save any bad actor SIM and mobile phone information to report to law enforcement.
  • Call law enforcement: Report the incident to the FBI or your local police department.

The public can report all suspicious activity to the FBI San Francisco Division at tips.fbi.gov or by calling 415-553-7400.