Connect with us

Crime

The #SIMHighjackers - How criminals are stealing millions by highjacking phone numbers

Published

on

It is a common story: the signal bars disappears from their mobile phones, they call the phone number – it rings, but it’s not their phone ringing. They try to login to their bank account, but the password fails. They have become the newest victim of SIM swap fraud and their phone number is now in the control of a criminal. 

SIM swap fraud is committed when a fraudster dupes the victim's mobile phone operator into porting the victim's mobile number to a SIM in the possession of the fraudster and so starts receiving any incoming calls and text messages, including banking one-time-passwords which are sent to the victim's phone number.

The fraudster can then perform transactions, using credentials gathered by other techniques such as malware, and when the bank sends a one-time-password via SMS, the fraudster receives it and completes the authorisation of the transaction.

With SIM swapping making the headlines in recent months, police across Europe has been gearing up against this threat, with two operations targeting SIM highjackers coming recently to fruition.

Operation Quinientos Dusim

Investigators from the Spanish National Police (Policía Nacional) together with the Civil Guard (Guardia Civil) and Europol targeted back in January suspects across Spain believed to be part of a hacking ring which stole over €3 million in a series of SIM swapping attacks. 12 individuals were arrested in Benidorm (five), Granada (six) and Valladolid (one).

Composed of nationals between the ages of 22-52 years old from Italy, Romania, Colombia and Spain, this criminal gang struck over 100 times, stealing between €6,000 and €137,000 from bank accounts of unsuspecting victims per attack.

The modus operandi was simple, yet effective. The criminals managed the obtain the online banking credentials from the victims of the different banks by means of hacking techniques such as the use of banking Trojans or other types of malware. Once they had these credentials, the suspects would apply for a duplicate of the SIM cards of the victims, providing fake documents to the mobile service providers. With these duplicates in their possession, they would receive directly to their phones the second factor authentication codes the banks would send to confirm transfers.

The criminals then proceeded to make fraudulent transfers from the victims’ accounts to money mule accounts used to hide their traces. All this was done in a very short period of time – between one or two hours – which is the time it would take for the victim to realise that his/her phone number was no longer working.

Operation Smart Cash 

An eight-month long investigation between the Romanian National Police (Poliția Română) and the Austrian Criminal intelligence Service (Bundeskriminalamt) with the support of Europol has led to the arrest of 14 members of a crime gang who emptied bank accounts in Austria by gaining control over their victims’ phone numbers.

The suspects were arrested earlier in February in Romania in simultaneous warrants at their homes in Bucharest (one), Constanta (five), Mures (six), Braila (one) and Sibiu (one).

The thefts, which netted dozens of victims in Austria, were perpetrated by the gang in the spring of 2019 in a series of SIM swapping attacks.

Once having gained control over a victim’s phone number, this particular gang would then use stolen banking credentials to log onto a mobile banking application to generate a withdraw transaction which they then validated with a one-time password sent by the bank via SMS allowing them to withdraw money at cardless ATMs.

It is estimated that this gang managed to steal over half a million euros this way from unsuspecting bank account owners.

Both these cases were referred to Europol’s European Cybercrime Centre (EC3) due to the demanding investigative measures run across borders. Its dedicated teams of specialists helped the national authorities build an up-to-date intelligence picture of the different criminal groups, facilitating the development of a joint strategy to target the criminals.

“Fraudsters are always coming up with new ways to steal money from the accounts of unsuspecting victims. Although seemingly innocuous, SIM swapping robs victims of more than just their phones: SIM highjackers can empty your bank account in a matter of hours. Law enforcement is gearing up against this threat, with coordinated actions happening across Europe,” said Fernando Ruiz, acting Head of Europol’s European Cybercrime Centre.

Don’t be the next victim

So how can you prevent SIM swapping? Simplistically put, it all starts with identify theft. Criminals can get hold of your personal data by searching for it on social media, by attacking your device with malware that will grant them access to your sensitive data or through social engineering attacks such as phishing, vishing or smishing. Here are a few tips to help you stay one step ahead:

  • Keep your devices’ software up to date
  • Do not click on links or download attachments that come with unexpected emails
  • Do not reply to suspicious emails or engage over the phone with callers that request your personal information
  • Limit the amount of personal data you share online
  • Try to use two-factor authentication for your online services, rather than having an authentication code sent over SMS
  • When possible, do not associate your phone number with sensitive online accounts
  • Set up your own PIN to restrict access to the SIM card. Do not share this PIN with anyone.

If your phone loses reception suddenly in an area where you should have connectivity:

  • Report the situation to your service provider
  • If there are suspicious transactions in your bank account, contact the bank
  • Immediately change all the passwords for your online accounts
  • Keep all evidence, in case you will need to contact the police

For more advice on how to protect your financial information from cyber scams, visit this dedicated page.

Crime

European day on the protection of children against sexual exploitation and sexual abuse

Published

on

On the occasion of the European day on the protection of children against sexual exploitation and sexual abuse (18 November), the Commission reaffirmed its determination to fight child sexual abuse with all the tools at its disposal. Promoting our European Way of Life Vice President Margaritis Schinas said: “Under the Security Union Strategy, we are working to protect all those living in Europe, both online and offline. Children are particularly vulnerable, especially as the coronavirus pandemic correlates with increased sharing of child sexual abuse images online, and we have an obligation to protect them.”

Home Affairs Commisioner Ylva Johansson said: “Imagine as a child victim knowing the worst moment in your life is still circulating on the internet. Even worse, imagine that an opportunity to be saved from ongoing abuse was missed because tools had become illegal. Companies need to be able to report so that police can stop images circulating and even save children.”

Over the last years, there has been a significant increase in child sexual abuse and exploitation cases and recently the coronavirus pandemic has exacerbated the situation. Europol found that as member states introduced lockdown and quarantine measures, the number of self-produced materials increased, while travel restrictions and other restrictive measures means that offenders  increasingly exchange  materials online.

In July, the Commission adopted a comprehensive EU strategy for a more effective fight against child sexual abuse. Under the Strategy, we proposed legislation to ensure that providers of online communications services can continue voluntary measures to detect child sexual abuse online. In addition, Europol provides support to operations such as the recent action targeting child trafficking. The agency also monitors criminal trends in the Internet Organized Crime Threat Assessment (IOCTA) and dedicated reports on the evolution of threats, including child sexual abuse, in the times of COVID-19.

Continue Reading

Crime

High-level conference on anti-money laundering and countering terrorist financing - closing the door on dirty money

Published

on

On 30 September, the European Commission hosted a high-level conference on the EU's fight against money laundering and terrorist financing. This conference marked the conclusion of the public consultation that was launched in parallel with the adoption of the Anti-Money Laundering Action Plan on 7 May 2020.

There was a series of dedicated panel debates and keynote speeches by high-profile speakers who are on the front line of the fight against dirty money, including Catanzaro Chief Prosecutor Nicola Gratteri and French Court of Cassation General Prosecutor Francois Molins.

An Economy that Works for the People Valdis Executive Vice-President Dombrovskis said: “Dirty money should have nowhere to hide. The EU has been ramping up its anti-money laundering rules. They are now among the toughest in the world - but still not enforced equally across the board. It is clear that we must do a lot more to shut off remaining loopholes, remove weak links, and co-ordinate better between EU countries. Effectiveness, efficiency, enforcement: these are the governing principles of our strategy in tackling money-laundering. They should apply across the EU and across the world. That is how we can beat it.”

Three thematic panels will cover the areas for future reform of EU rules, while a closing roundtable will bring together representatives from the European Commission, the German Presidency and the European Parliament to highlight the EU's united position and commitment to fighting money laundering and terrorist financing. Each panel will include an opportunity for questions via Twitter with the hashtag #StopDirtyMoneyEU. For more information, details on the programme and a link to the live feed, please see here.

Continue Reading

Ireland

Russian - Irish Business Council launches an inquiry into Russian businessman

Published

on

The Russian Irish Business Council has launched a broad inquiry into alleged illegal activities of Russian businessman Mr. Sergey Govyadin and his close associate Mr. Ildar Samiyev.

The Council, unifying companies working in the UK, EU and Russia, have sent a letter to HSBC and a number of other financial institutions in the UK requesting information the banks might have about Mr. Sergey Govyadin. It alleges that both he and Mr. Samiyev were obviously involved in money laundering and other illegal purposes via the UK legal system and the UK offices of HSBC. The Council asks to investigate possible acts of fraud by Mr. Govyadin and Mr. Samiyev.  This information was also sent to the US Internal Revenue Service for consideration and possible feedback due to its criminal background. There are indications that both are using the US monetary mechanisms for their illegal activities. Full copies of these letters can be read at the foot of this article, whilst numerous legal papers are in EU Reporter's possession.

The story of Sergey Govyadin has much in common with other infamous "new riches" from Eastern Europe who have a profound criminal portfolio.

Sergey Govyadin

Sergey Govyadin

Visibly a prosperous real estate businessman and developer, Sergey Govyadin is alleged in Russian media as being involved in many criminal cases related to fraud and other criminal incidents on selling elite property and apartments in luxurious districts in Moscow. Newspapers in Russia call Mr. Govyadin a "shadow influencer" alleging corrupt connections with a number of police authorities.

Togather with Ildar Samiyev, Mr. Govyadin has long been featured in the Russian criminal chronicle as a scandalous person, primarily found in fraudulent deals with private property and luxe apartments in fabulous districts in Moscow and in its suburbs. Back in 2015, Govyadin was “crowned” as a “successful millionaire” by tabloid press. By that time he was married to the beauty pageant - Miss Russia.  However, his name remains on the lists of fraudsters and corrupt officials published from time to time by the media.

According to them, Govyadin and Samiev denigrate other people who are their partners, in order to justify their allegedly illegal transactions. In Moscow, a high-profile trial has long been underway in the case of developer Albert Khudoyan, whom Govyadin and Samiev accused of fraud and deception. As a result, the businessman was arrested. His case became additionally known due to violations on the part of the investigation. Some corrupt law enforcement officials tried to profit from his arrest according to the media.

Russian business ombudsman Boris Titov has already defended Khudoyan. However, the process against him continues. Khudoyan suffers from heart disease.

The alleged illegal activities of Govyadin and Samiyev have a long history.

Ildar Samiyev

Ildar Samiyev

For example, together with Ildar Samiev, Govyadin is alleged to have taken part in the withdrawal of funds from Russian Svyaz Bank. He is alleged to have been involved in fraud with apartments in the elite Knightsbridge residential complex in Khamovniki district of Moscow, as well as a number of other stories.

For example, back in 2014, Optima property management LLC, owned by Govyadin, took $ 95 million loan from the state-owned Svyaz Bank and used the funds to purchase 22 apartments in the elite Knightsbridge residential complex under construction in Khamovniki. This company was controlled by Sergey Govyadin and Ildar Samiev through a chain of companies, namely the Russian LLC "Eurofinance" and the English company Mansfiled Executive Limited (from 25 to 50 percent of Mansfiled Executive Limited belongs to Govyadin, according to the Endole database). At the same time, the price of apartments under the deal was inflated, which allowed to actually withdraw more than a billion rubles from the state Bank.

The residential complex was constructed in 2016. Probably, because of the extremely high price, the purchased apartments remain on the balance sheet of Optima property management, since it is impossible to sell them at such a high price. Optima properties has not yet returned the debt to the Bank, and in 2018 Svyaz Bank filed a lawsuit to recover $ 95 million from Optima property management, but failed. As a result, the state, which is the owner of Svyaz Bank, suffered, having completed its rehabilitation in 2011. The debtor has apartments on the balance sheet that are unlikely to cost more than 50 percent of the debt amount, and more than 1 billion rubles settled on the accounts of the developer Knightsbridge, controlled by Govyadin.

It is obvious that the request of the Russian Irish Business Clouncilwill be an occasion for more close and detailed attention to the illegal activities of Govyadin & Co. British and American financial institutions will hopefully be held accountable of those international speculators.

Source information

HSBC letter

 

 

USA tax letter

 

Continue Reading
Advertisement

Facebook

Twitter

Trending