Project Disrupt Leads to Arrests and Charges
Toronto Police arrested 10 people and laid 108 charges in a major SIM swap fraud investigation.
In June 2023, The Service’s Financial Crimes Unit, in partnership with the Co-ordinated Cyber Centre, launched Project Disrupt into a SIM swap fraud scheme.
“It was alleged that perpetrators had taken over the cell phone accounts of multiple unsuspecting victims and made changes to the accounts, allowing them to access and compromise many of the victims’ online accounts, including those of financial institutions,” said Detective David Coffey at a news conference at police headquarters on August 1.
In many cases, the perpetrators impersonated victims at cell phone stores, using convincing fraudulent identification. They often used the same identification at the victim’s financial institutions to take over their bank accounts.
“In other instances, the perpetrators gained access to cell phone accounts using phishing techniques such as false web links and websites,” Coffey pointed out. “It is important to note this investigation began with reports from multiple telecom companies and that since the inception of Project Disrupt, the telecom companies have instituted additional security features and collaborated with TPS to help fight this fraud.”
Investigators executed multiple search warrants and production orders and seized over 400 fraudulent pieces of identification.
“The total combined loss to individual victims, telecom companies and financial institutions is over $1 million,” said Coffey. “Over 1,500 cellular accounts are known to have been compromised throughout Canada.”
He said the investigation highlights the important collaboration between the Financial Crimes Unit and the Co-ordinated Cyber Centre.
“This collaboration is crucial and essential going forward as fraud has become so heavily reliant on the internet and is just one of the many examples of how the Toronto Police Service will continue to evolve and adapt to continue the fight against fraud,” noted Coffey. “By working together, we were able to tackle this complex and widespread criminal actively more effectively.”
Those arrested are Noah Ibgui, Syed Shan, Syed Hunain, Waseem Abbas, Ounali Hussain, Huzaifa Motala, Brandon D’Amica, Maria Aguja, Muhammad Ibrahim and Owais Varachhia.
One of them pled guilty while the others are out on bail.
Two suspects, Nadia Campitelli, 47, and 26-year-old Hervine Umutijima of Toronto are wanted by police in connection with the investigation.
Anyone with information is asked to contact police at 416-808-7300, Crime Stoppers anonymously at 416-222-TIPS (8477) or at www.222tips.com
A SIM SWAP is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification in which the second factor or step is a text message (SMS) or call placed to a mobile telephone. In the scheme, individuals compromise an unsuspecting victim’s cell phone account by switching the SIM card associated to the account by either impersonating the customer at a cell phone store or gaining access to the account.
Once they have access to the account, they are able to receive any emails or texts in relation to password recovery or changes and thus access and compromise any other accounts associated to the victim, including online banking and social media accounts
“This is not about taking over somebody’s SIM card and physically putting it into a phone,” said Detective Constable Michael Gow of the Co-ordinated Cyber Centre. “What occurs is the suspects will control their device, they will have their own separate device and they socially engineer, which is also known as human hacking. So they are able to convince the telecommunications companies that they are in fact the customer they are going after. They will then use that customer’s information, bypass security, take over the phone number and tell the telecommunication company to transfer the phone number of the affected customer to the SIM card they possess.
“Once that is done, they are in possession of the phone number. Once they have that, and not the phone or the content in the phone, the phone number is used for two-factor identification. So they will go to their e-mail and they will hit the ‘Forgot My Password’ button on the email. That one-time password to take over that email account and change passwords is sent to the suspects and not the victims. From the victim’s perspective, all they see is SOS in the top right hand corner of their phone. What that means is the SIM card in their phone is not transmitting any signal. All they know is this stuff is happening in the background and they lose access to their bank account and a lot of different things and they only find out after. Many of these go unreported just because when the victim sees what happens, they just see a fraud happening to their bank account.”