Over the last year, various accounts of high-profile individuals, especially in the United States, have been hacked. What may be surprising, is the Edmonton Police Service’s (EPS) role in the investigations of some of these cybercrimes.
One type of fraud that EPS investigates are known as SIM Swapping frauds (also known as a Port Out Scam). A SIM Swap fraud is when criminals exploit a mobile phone service provider's ability to transfer or port a telephone number from one cellular device to another cellular device. This process is normally used when a customer is replacing their cellular phone with a new phone while wishing to keep their existing phone number.
In 2019, EPS’ Cyber Crimes was investigating local reports of SIM swapping with large financial losses. From their investigations, they identified an individual in another province believed responsible for SIM Swaps and started working with local law enforcement. The investigation continued and EPS Cyber Crimes was brought into an international task force targeting SIM swappers. Our officers met throughout 2020 with the other law enforcement agencies to collaborate and share their investigative findings to help identify the criminals involved in this 100 million-dollar (US) scam.
On February 9, 2021, Europol announced the arrest of eight scammers involved in these SIM swapping files, as well as two others who were arrested earlier for their involvement.
“This illustrates how EPS’ Cyber Crimes not only works within our city’s boundaries, but how we also work with national and international law enforcement agencies,” explains Acting Staff Sergeant Jim Gainor of the Cyber Crimes Unit. “It may be surprising to know our municipal police service is involved in such large online files, and it highlights how the Edmonton Police Service is collaborating with our partners on a global scale. We do everything we can to solve these boundary-less crimes.”
In fact, EPS’ Cyber Crimes started as a small detail of specially trained police officers in 2015, with one Sergeant and three Constables. It has grown to be a part of a specialized section that includes a Staff Sergeant, a Sergeant, two Detectives, five Constables and a specialized Intelligence Analyst. The team investigates the criminal use of technology and provides support to the frontlines and specialized units within EPS in matters where technology was used in the commission of the offense. Due to the global nature of the Internet, many crimes involving technology result in joint investigations with other jurisdictions, requiring collaboration with regional, national, and international partners.
Please see the Europol media release for more information on this case.
SIM Swapping targets anyone
Since 2019, EPS has noted more than 60 files with local victims losing over a million dollars.
The biggest red flag that your SIM may have been swapped is if your mobile phone loses service. The fraudster will want as much time as possible to gain access to your most valuable information stored on your devices, like your email and banking information. There are even algorithms that exist to try and guess your password. If it’s a weak password, an algorithm might be able to guess your password in less than an hour.
If you notice your phone has lost service, contact your provider immediately to ensure they have not ported your SIM.
SIM swappers generally gain access by using the information that you post online and then they contact your mobile service provider pretending to be you, or pretending to be an employee of the provider, or they use malware that you unknowingly download and grant access to your device. If you’re going to enter personal information on a website, platform, or through an application, be aware that it could be leaked, and you don’t have control of the information; knowing this can help you protect yourself.
To reduce being a target, choose security over convenience:
- Create unique, strong passwords for EACH account you create.
- Change your passwords regularly
- Use a separate email address for your financial accounts.
- Use two-factor authentication on all platforms that offer it, ideally through an application rather than to your cellular phone number if possible.
- Don’t allow your devices to remember your banking information for quicker sign on.
- Limit the personal information on your social media profiles and who can see this information.
- Ask your service provider to add an extra layer of protection. For example, tell them that they are not to make changes like porting your number unless you give a unique password, or only if you are making this change in-person.
- Consider checking the public website “haveibeenpwned.com” to see if your email address(es) may have been reported in any data breaches.