How To Investigate SIM Swap Fraud?

Imagine a hardworking individual living with a smartphone as his lifeline. One day, he notices something peculiar – his phone loses signal, and suddenly, the virtual world he inhabits becomes eerily silent. He has fallen victim to a SIM swap fraud attack, a most deceptive act where a malicious actor takes control of his phone number.

The hacker, armed with the keys to the victim’s digital world, is capable of ensuing chaos in their life. Bank accounts, email, and social media are now accessible to the perpetrator. With access to the victim’s phone number, financial transactions, confidential messages, and personal data are no longer theirs alone, and the victim now faces the daunting task of reclaiming his digital identity and saving whatever’s left. 

In today’s age, the impact of a SIM swap isn’t merely a technological inconvenience; it’s a direct threat to fortunes and years of hard work. As illuminated by the FBI’s alarming statistics, the rate of SIM swap fraud is on a concerning ascent. From January 2018 to December 2020, the FBI’s Internet Crime Complaint Center (IC3) documented 320 complaints related to SIM swapping, with financial losses totaling approximately $12 million. However, in 2021, the IC3 reported a staggering surge in SIM swapping incidents adding up to 1,611 complaints and amounting to an alarming figure of more than $68 million in losses. 

With the prevalence of digital finance and the mass adoption of cryptocurrencies, these numbers underscore a pervasive and escalating threat to the financial security of individuals.

SIM Swap Attacks Modus Operandi

SIM swapping, a nefarious exploit, is a prevalent type of fraud. It hinges on criminals manipulating mobile carriers to hijack victims’ bank accounts, cryptocurrency wallets and sensitive data. The criminal’s strategy involves gathering personal details through phishing, malware, or the dark web, using this information to impersonate the phone’s owner and manipulate the mobile carrier into activating a new SIM card. This severs the victim’s control over their accounts and grants it to the criminal.

With access to the victim’s SIM card and phone number, the fraudster redirects calls, texts, and digital footprints to a mobile number belonging to them instead of the victim. With this control, they gain access to email, online accounts and most perilously, cryptocurrency wallets.

Operating through social engineering, insider collaboration, or phishing, these schemes are insidious and require a meticulous understanding of the victim’s personal information. Social engineering relies on deception, while insider threats involve bribing carrier employees to execute the swap. Phishing involves tricking employees into downloading malware or sharing personal information with fake entities, or legit ones impersonated by the perpetrator.

Once the SIM swap is complete, the victim’s communications divert to the criminal’s device. This access serves as a gateway for the perpetrator to manipulate ‘Forgot Password’ or ‘Account Recovery’ processes linked to the victim’s online accounts. With SMS-based two-factor authentication (2FA), the criminal intercepts authentication codes sent via text, enabling unauthorized access to accounts associated with the victim’s phone profile.

2FA is a way of verifying your identity when you log in to a website, application, or network. It adds an extra layer of security to your account, making it harder for hackers to access your personal or sensitive information. 2FA is popular because it relies on the SIM card in the physical possession of users to authenticate them. It improves online account protection from phishing, password breaches and other cyberattacks.

Learn more about Multi-Factor Authentication (MFA).

In simpler terms, SIM swap fraud capitalizes on the vulnerability of 2FA. By taking control of the victim’s phone number, scammers can intercept authentication messages, potentially gaining unauthorized entry to the victim’s digital domains.

Understanding a SIM card’s role is pivotal in comprehending SIM swapping intricacies. A subscriber identity module (SIM) is a small chip-containing card integral to a smartphone’s functionality. Without it, the phone is restricted to Wi-Fi activities and local functions. 

Armed with enough personal data about the victim, illicit actors initiate a dialogue with the victim’s mobile carrier, posing as the legitimate user seeking SIM replacement due to loss or damage. The acquired information facilitates the manipulation of security questions during this deceitful exchange.

Once the switch occurs, scammers gain unhindered access to the victim’s cellphone number, particularly intercepting text messages crucial for authentication. This access becomes the gateway for unauthorized entry into the victim’s bank accounts, exploiting the SMS-based 2FA process.

Investigate SIM Swap Fraud

Reported SIM swap incidents might only represent a fraction of the overall cases that slipped under the radar of law enforcement. However, with the current surge in reported crimes, investigators could soon find themselves inundated with cases of stolen cryptocurrency. This surge is attributed to the widespread use of 2FA and SMS-based authentication across various applications, especially those involving cryptocurrency services. 

To navigate these cases effectively, investigators must leverage the victim’s firsthand account. Understanding the incident’s nature and scope through the victim’s perspective is crucial in identifying leads that can ultimately lead to the apprehension of the perpetrators

Victim’s report and collaboration with mobile carriers

Stolen accounts are often leaked online, and more often than not on darknet markets. Once armed with the victim’s report, investigators embark on a collaborative journey with the victim’s mobile carrier. Investigators seek access to carrier logs, call records, and any relevant data related to the SIM swap. This information may include the time and date of the swap, the device used for the request, and the involved carrier employees.

Financial Transactions Monitoring

As investigators delve into the SIM swap incident, monitoring financial transactions associated with the compromised accounts becomes a focal point:

  • Tracing Flow of Funds:
    • Investigating any financial transactions linked to the compromised accounts provides insights into the motives behind the SIM swap. This involves exploring the blockchain tracing the flow of funds from the victim’s cryptocurrency wallets to identify any wallets belonging to the perpetrators, and possibly more leads on their identity.
  • Collaboration with Financial Institutions:
    • Collaborating with banks and financial institutions, and regulated cryptocurrency exchanges and other service providers is integral. Investigators work closely with these entities to obtain transaction records, identify any unusual activities, and understand the destination of transferred funds.
  • Uncovering Money Laundering Patterns:
    • If the SIM swap is part of a larger financial crime scheme, investigators scrutinize transactions for patterns indicative of money laundering. Uncovering such patterns aids in building a comprehensive case against the perpetrators.

Dark Web Monitoring

Given the prevalence of personal information trading on the dark web, monitoring this shadowy marketplace is a crucial aspect of the investigation:

  • Identification of Stolen Data:
    • Investigators actively seek out forums or marketplaces on the dark web where stolen personal information, especially that which could facilitate a SIM swap, is traded. This involves employing specialized tools and techniques to identify and track such activities.
  • Analysis of Dark Web Purchases:
    • If the attackers have purchased personal information on the dark web, investigators analyze these transactions. Understanding what information was acquired and how it was used provides valuable intelligence for building a case against the criminals.
  • Coordinated Efforts to Shut Down Activities:
    • In collaboration with cybersecurity agencies and international partners, investigators may work to shut down or disrupt dark web activities related to SIM swap schemes. This involves taking legal actions and coordinating efforts to dismantle criminal networks operating in these hidden corners of the internet.

In essence, these steps represent a meticulous and multidimensional approach to SIM swap investigations, involving cooperation, technical expertise, and a keen understanding of financial and cybercrime dynamics.

The recent surge in SIM swap attacks, especially targeting cryptocurrency users, highlights the critical need for advanced security measures. At Blockchain Intelligence Group we understand the gravity of securing digital assets and aim to empower governments and law enforcement in investigating and recovering stolen cryptocurrencies and digital assets.

QLUE™, a blockchain analytics tool designed by law enforcement experts. Tailored to combat the evolving tactics of cybercriminals, QLUE™ stands as an ideal tool for investigators dealing with the complexities of SIM swap attacks. As illicit activities escalate in sophistication, QLUE™ provides investigators with a practical ally in their pursuit of SIM swap attackers.Book a demo today and use QLUE™ to investigate and resolve SIM swap cases, quickly and affordably.

Written By: Omar Marzouk
Writer, Content marketing at Blockchain Intelligence Group


  • Solutions
  • Training
  • Resources
  • Support