It is a common story: the signal bars disappears from their mobile phones, they call the phone number – it rings, but it’s not their phone ringing. They try to login to their bank account, but the password fails. They have become the newest victim of SIM swap fraud and their phone number is now in the control of a criminal.
SIM swap fraud is committed when a fraudster dupes the victim's mobile phone operator into porting the victim's mobile number to a SIM in the possession of the fraudster and so starts receiving any incoming calls and text messages, including banking one-time-passwords which are sent to the victim's phone number.
The fraudster can then perform transactions, using credentials gathered by other techniques such as malware, and when the bank sends a one-time-password via SMS, the fraudster receives it and completes the authorisation of the transaction.
With SIM swapping making the headlines in recent months, police across Europe has been gearing up against this threat, with two operations targeting SIM highjackers coming recently to fruition.
Operation Quinientos Dusim
Investigators from the Spanish National Police (Policía Nacional) together with the Civil Guard (Guardia Civil) and Europol targeted back in January suspects across Spain believed to be part of a hacking ring which stole over €3 million in a series of SIM swapping attacks. 12 individuals were arrested in Benidorm (five), Granada (six) and Valladolid (one).
Composed of nationals between the ages of 22-52 years old from Italy, Romania, Colombia and Spain, this criminal gang struck over 100 times, stealing between €6,000 and €137,000 from bank accounts of unsuspecting victims per attack.
The modus operandi was simple, yet effective. The criminals managed the obtain the online banking credentials from the victims of the different banks by means of hacking techniques such as the use of banking Trojans or other types of malware. Once they had these credentials, the suspects would apply for a duplicate of the SIM cards of the victims, providing fake documents to the mobile service providers. With these duplicates in their possession, they would receive directly to their phones the second factor authentication codes the banks would send to confirm transfers.
The criminals then proceeded to make fraudulent transfers from the victims’ accounts to money mule accounts used to hide their traces. All this was done in a very short period of time – between one or two hours – which is the time it would take for the victim to realise that his/her phone number was no longer working.
Operation Smart Cash
An eight-month long investigation between the Romanian National Police (Poliția Română) and the Austrian Criminal intelligence Service (Bundeskriminalamt) with the support of Europol has led to the arrest of 14 members of a crime gang who emptied bank accounts in Austria by gaining control over their victims’ phone numbers.
The suspects were arrested earlier in February in Romania in simultaneous warrants at their homes in Bucharest (one), Constanta (five), Mures (six), Braila (one) and Sibiu (one).
The thefts, which netted dozens of victims in Austria, were perpetrated by the gang in the spring of 2019 in a series of SIM swapping attacks.
Once having gained control over a victim’s phone number, this particular gang would then use stolen banking credentials to log onto a mobile banking application to generate a withdraw transaction which they then validated with a one-time password sent by the bank via SMS allowing them to withdraw money at cardless ATMs.
It is estimated that this gang managed to steal over half a million euros this way from unsuspecting bank account owners.
Both these cases were referred to Europol’s European Cybercrime Centre (EC3) due to the demanding investigative measures run across borders. Its dedicated teams of specialists helped the national authorities build an up-to-date intelligence picture of the different criminal groups, facilitating the development of a joint strategy to target the criminals.
“Fraudsters are always coming up with new ways to steal money from the accounts of unsuspecting victims. Although seemingly innocuous, SIM swapping robs victims of more than just their phones: SIM highjackers can empty your bank account in a matter of hours. Law enforcement is gearing up against this threat, with coordinated actions happening across Europe,” said Fernando Ruiz, acting Head of Europol’s European Cybercrime Centre.
Don’t be the next victim
So how can you prevent SIM swapping? Simplistically put, it all starts with identify theft. Criminals can get hold of your personal data by searching for it on social media, by attacking your device with malware that will grant them access to your sensitive data or through social engineering attacks such as phishing, vishing or smishing. Here are a few tips to help you stay one step ahead:
- Keep your devices’ software up to date
- Do not click on links or download attachments that come with unexpected emails
- Do not reply to suspicious emails or engage over the phone with callers that request your personal information
- Limit the amount of personal data you share online
- Try to use two-factor authentication for your online services, rather than having an authentication code sent over SMS
- When possible, do not associate your phone number with sensitive online accounts
- Set up your own PIN to restrict access to the SIM card. Do not share this PIN with anyone.
If your phone loses reception suddenly in an area where you should have connectivity:
- Report the situation to your service provider
- If there are suspicious transactions in your bank account, contact the bank
- Immediately change all the passwords for your online accounts
- Keep all evidence, in case you will need to contact the police
For more advice on how to protect your financial information from cyber scams, visit this dedicated page.
European day on the protection of children against sexual exploitation and sexual abuse
On the occasion of the European day on the protection of children against sexual exploitation and sexual abuse (18 November), the Commission reaffirmed its determination to fight child sexual abuse with all the tools at its disposal. Promoting our European Way of Life Vice President Margaritis Schinas said: “Under the Security Union Strategy, we are working to protect all those living in Europe, both online and offline. Children are particularly vulnerable, especially as the coronavirus pandemic correlates with increased sharing of child sexual abuse images online, and we have an obligation to protect them.”
Home Affairs Commisioner Ylva Johansson said: “Imagine as a child victim knowing the worst moment in your life is still circulating on the internet. Even worse, imagine that an opportunity to be saved from ongoing abuse was missed because tools had become illegal. Companies need to be able to report so that police can stop images circulating and even save children.”
Over the last years, there has been a significant increase in child sexual abuse and exploitation cases and recently the coronavirus pandemic has exacerbated the situation. Europol found that as member states introduced lockdown and quarantine measures, the number of self-produced materials increased, while travel restrictions and other restrictive measures means that offenders increasingly exchange materials online.
In July, the Commission adopted a comprehensive EU strategy for a more effective fight against child sexual abuse. Under the Strategy, we proposed legislation to ensure that providers of online communications services can continue voluntary measures to detect child sexual abuse online. In addition, Europol provides support to operations such as the recent action targeting child trafficking. The agency also monitors criminal trends in the Internet Organized Crime Threat Assessment (IOCTA) and dedicated reports on the evolution of threats, including child sexual abuse, in the times of COVID-19.
High-level conference on anti-money laundering and countering terrorist financing - closing the door on dirty money
On 30 September, the European Commission hosted a high-level conference on the EU's fight against money laundering and terrorist financing. This conference marked the conclusion of the public consultation that was launched in parallel with the adoption of the Anti-Money Laundering Action Plan on 7 May 2020.
There was a series of dedicated panel debates and keynote speeches by high-profile speakers who are on the front line of the fight against dirty money, including Catanzaro Chief Prosecutor Nicola Gratteri and French Court of Cassation General Prosecutor Francois Molins.
An Economy that Works for the People Valdis Executive Vice-President Dombrovskis said: “Dirty money should have nowhere to hide. The EU has been ramping up its anti-money laundering rules. They are now among the toughest in the world - but still not enforced equally across the board. It is clear that we must do a lot more to shut off remaining loopholes, remove weak links, and co-ordinate better between EU countries. Effectiveness, efficiency, enforcement: these are the governing principles of our strategy in tackling money-laundering. They should apply across the EU and across the world. That is how we can beat it.”
Three thematic panels will cover the areas for future reform of EU rules, while a closing roundtable will bring together representatives from the European Commission, the German Presidency and the European Parliament to highlight the EU's united position and commitment to fighting money laundering and terrorist financing. Each panel will include an opportunity for questions via Twitter with the hashtag #StopDirtyMoneyEU. For more information, details on the programme and a link to the live feed, please see here.
Russian - Irish Business Council launches an inquiry into Russian businessman
The Russian Irish Business Council has launched a broad inquiry into alleged illegal activities of Russian businessman Mr. Sergey Govyadin and his close associate Mr. Ildar Samiyev.
The Council, unifying companies working in the UK, EU and Russia, have sent a letter to HSBC and a number of other financial institutions in the UK requesting information the banks might have about Mr. Sergey Govyadin. It alleges that both he and Mr. Samiyev were obviously involved in money laundering and other illegal purposes via the UK legal system and the UK offices of HSBC. The Council asks to investigate possible acts of fraud by Mr. Govyadin and Mr. Samiyev. This information was also sent to the US Internal Revenue Service for consideration and possible feedback due to its criminal background. There are indications that both are using the US monetary mechanisms for their illegal activities. Full copies of these letters can be read at the foot of this article, whilst numerous legal papers are in EU Reporter's possession.
The story of Sergey Govyadin has much in common with other infamous "new riches" from Eastern Europe who have a profound criminal portfolio.
Visibly a prosperous real estate businessman and developer, Sergey Govyadin is alleged in Russian media as being involved in many criminal cases related to fraud and other criminal incidents on selling elite property and apartments in luxurious districts in Moscow. Newspapers in Russia call Mr. Govyadin a "shadow influencer" alleging corrupt connections with a number of police authorities.
Togather with Ildar Samiyev, Mr. Govyadin has long been featured in the Russian criminal chronicle as a scandalous person, primarily found in fraudulent deals with private property and luxe apartments in fabulous districts in Moscow and in its suburbs. Back in 2015, Govyadin was “crowned” as a “successful millionaire” by tabloid press. By that time he was married to the beauty pageant - Miss Russia. However, his name remains on the lists of fraudsters and corrupt officials published from time to time by the media.
According to them, Govyadin and Samiev denigrate other people who are their partners, in order to justify their allegedly illegal transactions. In Moscow, a high-profile trial has long been underway in the case of developer Albert Khudoyan, whom Govyadin and Samiev accused of fraud and deception. As a result, the businessman was arrested. His case became additionally known due to violations on the part of the investigation. Some corrupt law enforcement officials tried to profit from his arrest according to the media.
Russian business ombudsman Boris Titov has already defended Khudoyan. However, the process against him continues. Khudoyan suffers from heart disease.
The alleged illegal activities of Govyadin and Samiyev have a long history.
For example, together with Ildar Samiev, Govyadin is alleged to have taken part in the withdrawal of funds from Russian Svyaz Bank. He is alleged to have been involved in fraud with apartments in the elite Knightsbridge residential complex in Khamovniki district of Moscow, as well as a number of other stories.
For example, back in 2014, Optima property management LLC, owned by Govyadin, took $ 95 million loan from the state-owned Svyaz Bank and used the funds to purchase 22 apartments in the elite Knightsbridge residential complex under construction in Khamovniki. This company was controlled by Sergey Govyadin and Ildar Samiev through a chain of companies, namely the Russian LLC "Eurofinance" and the English company Mansfiled Executive Limited (from 25 to 50 percent of Mansfiled Executive Limited belongs to Govyadin, according to the Endole database). At the same time, the price of apartments under the deal was inflated, which allowed to actually withdraw more than a billion rubles from the state Bank.
The residential complex was constructed in 2016. Probably, because of the extremely high price, the purchased apartments remain on the balance sheet of Optima property management, since it is impossible to sell them at such a high price. Optima properties has not yet returned the debt to the Bank, and in 2018 Svyaz Bank filed a lawsuit to recover $ 95 million from Optima property management, but failed. As a result, the state, which is the owner of Svyaz Bank, suffered, having completed its rehabilitation in 2011. The debtor has apartments on the balance sheet that are unlikely to cost more than 50 percent of the debt amount, and more than 1 billion rubles settled on the accounts of the developer Knightsbridge, controlled by Govyadin.
It is obvious that the request of the Russian Irish Business Clouncilwill be an occasion for more close and detailed attention to the illegal activities of Govyadin & Co. British and American financial institutions will hopefully be held accountable of those international speculators.
USA tax letter
Technological solutions are the key to tackling Europe’s second wave of Covid-19
2020 Afghanistan Conference: Sustainable peace, anti-corruption and aid effectiveness on the agenda
Stop violence against women: Statement by the European Commission and the High Representative
Coronavirus: Commission to provide 200 disinfection robots to European hospitals
Boosting Offshore Renewable Energy for a Climate Neutral Europe
EU foreign ministers express ‘deep concern’ regarding Israel’s ‘settlement activities’, welcome PA’s decision to resume co-operation with Israel
Bank embraces blockchain to facilitate Belt and Road trade
#EBA - Supervisor says the EU banking sector entered the crisis with solid capital positions and improved asset quality
The war in #Libya - a Russian movie reveals who is spreading death and terror
EU solidarity in action: €211 million to Italy to repair the damage of the harsh weather conditions in autumn 2019
First president of #Kazakhstan Nursultan Nazarbayev’s 80th birthday and his role in international relations
Brexit - European Commission gives market participants 18 months to reduce their exposure to UK clearing operations
Von der Leyen says two vaccines could receive market authorization before the end of the year
EU Budget: Michel says it is time to implement what was agreed in July
EU ramps up efforts in offshore renewable energy
EU makes final push to reach an agreement with the UK
EU steps up efforts to roll out antigen testing across Europe
Von der Leyen announces new contract with CureVac for 405 million doses of COVID-19 vaccine
EU14 hours ago
EU foreign ministers express ‘deep concern’ regarding Israel’s ‘settlement activities’, welcome PA’s decision to resume co-operation with Israel
EU16 hours ago
Presidents von der Leyen and Michel present the EU priorities for the G20 Leaders' Summit
Environment14 hours ago
New EU industrial strategy: The challenges to tackle
EU16 hours ago
Commission invests €3.9 million to support investigative journalism and media freedom
Disabilities16 hours ago
European Disability Strategy 2010-2020 helped to remove barriers
Energy15 hours ago
Technology Plan 2020 Conference
Belgium15 hours ago
Commission approves €434 million wage subsidy scheme to support Belgian companies affected by coronavirus outbreak
coronavirus15 hours ago
Italy reports 28,337 new coronavirus cases on Sunday, 562 deaths