Busting SIM Swappers and SIM Swap Myths>
Krebs On Security – Brian Krebs
KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized âSIM swapsâ â a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. Snippets from that fascinating conversation are recounted below, and punctuated by accounts from a recent victim who lost more than $100,000 after his mobile phone number was hijacked. SIM swapping attacks primarily target individuals who are visibly active in the cryptocurrency space. This includes people who run or work at cryptocurrency-focused companies; those who participate as speakers at public conferences centered around Blockchain and cryptocurrency technologies; and those who like to talk openly on social media about their crypto investments. The âhowâ of these SIM swaps is often the most interesting because itâs the one aspect of this crime thatâs probably the least well-understood. Ferri said when he initially contacted T-Mobile about his incident, the company told him that the perpetrator had entered a T-Mobile store and presented a fake ID in Ferriâs name. âThis is a really serious problem among the carriers, the ease with which SIM swaps can occur,â Lt. Rose said. âIf youâre working at a mobile phone store and making $12 an hour and suddenly someone offers you $400 to do a single SIM swap, that can seem like a pretty sweet deal if you donât also have any morals or sense of conscience. â Asked what he would have done differently about his attack, Ferri said heâd have set up his Google accounts to use app-based two-factor authentication, instead of relying merely on his mobile phone to receive that second factor via text message. Sgt. Tarazi says one big problem is that itâs still not common knowledge that SMS-based two-factor can leave users with a false sense of security.
Link: https://krebsonsecurity.com/2018/11/busting-sim-swappers-and-sim-swap-myths/