The fraud sees criminals hijack the target’s phone by deactivating their sim card and switching the number over to a sim controlled by a member of the criminal network.
The fraudster then uses the “change password” function on apps to receive rest codes via text and email to take over the victim’s contacts, banking apps, emails and social media accounts.
It leaves the victim locked out of their accounts and helpless to protect their personal data.
The criminals were able to steal money, bitcoin and personal information, as well as make social media posts and send messages masquerading as the victims.
The gang targeted thousands of victims over the course of 2020, stealing more than 100 million US dollars (£71.8 million) in cryptocurrencies, according to Europol.
The fraud often relies on criminals persuading mobile phone providers to do the swap using information gleaned though “phishing” scams – such as posing as a software engineer to get the victim to disclose log-in details.
Sometimes criminal networks rely on a corrupt insider at the phone company to identify targets and swap their phone details, the National Crime Agency (NCA) said.
On Thursday, NCA crime officers arrested eight suspects, aged between 18 and 26, in England and Scotland following a joint investigation with Europol and several US agencies, including the secret service and the FBI.
Officers from Police Scotland, the Metropolitan Police, East Midlands and North East Special Operations Units, and the West Midlands Regional Organised Crime Unit were also involved in the raids.
The NCA said that, in some cases, investigators had been able to notify targets that their phones had been switched before the criminals managed to do any damage.
Paul Creffield, head of operations in the NCA’s National Cyber Crime Unit, said: “Sim-swapping requires significant organisation by a network of cyber criminals, who each commit various types of criminality to achieve the desired outcome.
“This network targeted a large number of victims in the US and regularly attacked those they believed would be lucrative targets, such as famous sports stars and musicians.
“In this case, those arrested face prosecution for offences under the Computer Misuse Act, fraud, and money laundering, as well as extradition to the US.”
“As well as causing a lot of distress and disruption, we know they stole large sums from their victims, from either their bank accounts or bitcoin wallets.
He continued: “Cyber criminality is not restricted by borders and our efforts to tackle it reflect that.
“This investigation is the result of successful collaboration with international partners in the US and Europol, as well as our law enforcement colleagues here in the UK.”
Michael D’Ambrosio, assistant director of the US Secret Service Office of Investigations, said: “The multi-jurisdictional arrests announced today illustrate the importance of building strong partnerships.
“The Secret Service would like to thank our domestic and international law enforcement partners for their steadfast commitment and co-operation in this case.
“The Secret Service and our law enforcement partners remain ready to combat transnational crimes and to hold offenders accountable.”