Security news aggregator

Latest coverage for SIM Swapping

SIM swapping fraud transfers a victim’s phone number to an attacker, enabling interception of calls or texts used for account takeover.

40 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

SIM swapping is an account-takeover technique in which an attacker persuades, coerces, or abuses a mobile carrier’s account-change process to move a victim’s phone number to a SIM or eSIM the attacker controls. The attacker can then receive SMS messages and voice calls, including one-time codes used for password resets or multifactor authentication. A related number-porting attack transfers the number to another carrier; both attacks depend on access to carrier workflows or customer information, not on remotely cloning the victim’s SIM.

The main security exposure is reliance on phone numbers as an authentication or account-recovery factor: email, financial, cryptocurrency, and other accounts may be compromised if SMS verification is accepted. Defenses include carrier account PINs and port-out restrictions, minimizing public personal data that can support social engineering, and using authenticator apps or phishing-resistant security keys instead of SMS where possible. An unexpected loss of cellular service should trigger rapid carrier contact, password changes from a trusted device, revocation of active sessions and recovery codes, and review of account changes.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 40
Krebs on Security 10 months, 4 weeks ago

SIM-Swapper, Scattered Spider Hacker Gets 10 Years

A 21-year-old Florida man at the center of a prolific cybercrime group known as "Scattered Spider" was sentenced to 10 years in federal prison today, and ordered to pay roughly $13 million in restitution to victims. Noah Michael Urban of Palm Coast, Fla. pleaded guilty in April 2025 to charges of wire fraud and conspiracy. Florida prosecutors alleged Urban conspired with others to steal at least $800,000 from five victims via SIM-swapping attacks that diverted their mobile phone calls and text messages to devices controlled by Urban and his co-conspirators.

PLUS: more glibc vulns discovered; DraftKings hacker sentenced; and a hefty dose of critical vulnerabilities Infosec In Brief The recent indictment of a massive SIM-swapping ring may mean convicted crypto conman Sam Bankman-Fried is innocent of at least one allegation still hanging over his head: The theft of more than $400 million in crypto hacked from wallets belonging to his crypto firm, FTX, just before it declared bankruptcy.…

Bank Info Security 2 years, 5 months ago

Cryptohack Roundup: 2024's Biggest Heist - So Far

Also: US Courts Announce Guilty Pleas and Hand Out Sentences in Crypto-Linked CasesThis week, a Ripple co-founder and a karaoke platform were hacked, Mexican crypto banks were targeted, authorities seized crypto in the U.S. and Germany, the DOJ made charges in crypto cases, people pleaded guilty to money laundering and SIM swapping, monero was traced, and FTX will not restart.

Krebs on Security 2 years, 5 months ago

Arrests in $400M SIM-Swap Tied to Heist at FTX?

Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct cryptocurrency exchange FTX, which had just filed for bankruptcy on that same day.

On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022.

Bank Info Security 2 years, 5 months ago

Hackers Used SIM Swapping to Breach US SEC X Account

Hackers Spread Fake News About SEC Approving Spot Bitcoin Exchange-Traded FundIt wasn't a sophisticated hack on Jan. 9 that allowed hackers to briefly take control of an official U.S. Securities and Exchange Commission social media account, the agency said Monday. The hackers simply scammed the account's mobile phone provider in a SIM swap attack.

Loading more headlines...