The FBI is warning about a massive increase in so-called “SIM-swap” attacks, where criminals find ways to divert victims’ phone numbers onto a SIM card under their control.

       Last year, the FBI’s Internet Crime Complaint Center (IC3) got more than 1,600 complaints of SIM-swapping, a more than 15 times increase over previous years, according to a recent FBI public service announcement. The scams caused more than $68m in losses to victims in 2021.

       “Once the SIM is swapped, the victim’s calls, texts, and other data are diverted to the criminal’s device. This access allows criminals to send ‘Forgot Password’ or ‘Account Recovery’ requests to the victim’s email and other online accounts associated with the victim’s mobile telephone number,” the FBI wrote in its PSA.

       Recommended FBI: Online sleuths' posts led to 2 arrests in Capitol riot FBI urges Olympic athletes to leave their personal cell phones at home and take burner phones to Beijing FBI confirms it bought spyware from Israel's NSO Group

       The SIM-swappers then use these links to take control of accounts linked to the phone number, including banking apps and cryptocurrency wallets.

       Hackers and other criminals have a number of ways of taking control of a phone number, from using phishing techniques to infect a victim with malware, to bribing or tricking wireless carrier employees to hand over the phone numbers. Scammers can also exploit information that’s been taken during data breaches at mobile carriers, according to the FBI.

       Fraudsters have also taken to a similar scam in recent years, involving opening up an account with a new cell phone carrier, then persuading the victim’s original carrier to “port out” the number to the new account.

       Roughly 6,000 accounts were recently ported out from TracFone, Straight Talk, and other low-cost prepaid carriers.

       The FBI says there are a number of ways of guarding against such schemes.

       (Getty Images/iStockphoto)

       Mobile phone users shouldn’t attract undue interest to themselves by bragging about how much money or crypto they spend, nor should they give their password or PIN to anyone representing themselves as a customer service agent unless they are sure the request is coming directly from their phone company.

       Other basic pieces of cyber etiquette help, too, including refraining from putting one’s phone number online and avoiding reusing passwords.

       Consumers are also advised to opt for authenticator apps, physical security keys, or biometric identifiers in lieu of mobile-based two-factor authentication if possible.

       Victims of SIM-swap attacks are encouraged to immediately contact their mobile carrier and law enforcement, as well as change the passwords on all their online accounts and notify their financial institutions of the potential breach.

       Recommended Report: Conspiracy theorists fuel bump in extremist killings Air traffic control call reveals terror of American Airlines flight Pressure mounts on Congress to curb lawmaker stock trading

       Last year the Federal Communications Commission said it is working on rules to combat SIM swaps.

       “The FCC has received numerous complaints from consumers who have suffered significant distress, inconvenience, and financial harm as a result of SIM-swapping and port-out fraud,” the commission said at the time. “In addition, recent data breaches have exposed customer information that could potentially make it easier to pull off these kinds of attacks.”