Forum
Notifications
Clear all
Topic starter
March 24, 2020 10:23 am
SIM Hack
San Francisco (CNN Business)Robert Ross was sitting in his San Francisco home office in October 2018 when he noticed the bars on his phone had disappeared and he had no cell coverage. A few hours later, he had lost $1 million.
Ross was the victim of a SIM hack, an attack that occurs when hackers take over a victim's phone number by transferring it to a SIM card they control. By taking over his cellphone number, a hacker was able to gain access to his email address and ultimately his life-savings, Ross said in an interview with CNN Business.
"I was at home at my desk and I noticed a notification on my iPhone for a withdrawal request from one of my financial institutions, and I thought, 'That's weird. I didn't make a withdrawal request,'" Ross recalled. "Then I looked back at my phone and I saw that I had no service."
In recent years, cybersecurity breaches have become so common that some consumers may almost take for granted their information has been compromised at some point. The list of massive data breaches includes a major hotel chain, a credit reporting firm, a bank and a social network. But SIM hacks are both less talked about and yet potentially more devastating.
There is limited data on the prevalence of SIM hijacking nationally, but during the last year, the US Department of Justice has indicted numerous people for crimes associated with SIM swapping.
Some of the most high-profile SIM hijacks have targeted people with money stored in cryptocurrency exchanges. Ross had approximately $1 million stored in two exchanges when he was attacked, according to a report by investigators.
An arrest was made in Ross' case, and the suspect has pleaded not guilty.
The attack on Ross followed a standard SIM hack playbook: The alleged hacker called up Ross' cellphone service provider, in this case AT&T. (WarnerMedia, the parent company of CNN, is owned by AT&T.) Pretending to be Ross, the alleged hacker successfully convinced AT&T that he was Ross and took control of Ross' phone number, an investigation by authorities in California later found. That's when Ross' own phone went dark.
Ross may have been using AT&T, but SIM hijacks have been reported on all major US cell phone networks.
Robert Ross lost his life savings as a result of a SIM hack.
How to try to protect yourself against SIM swaps
Think of everything you do on your phone and everything that is associated with your phone number. When you forget your email passwords or have trouble accessing your online bank accounts, many services send you a text message with a code to help verify your identity — a form of multi or two-factor authentication.
When a hacker gets access to your phone number, they get the keys to the castle. They potentially have the ability to take over a victim's social media and other accounts by using text message password recovery features.
CNN asked the four major networks what steps their customers could take to protect themselves from SIM hacks. While all offered some options, few seem to have a solution that would provide complete peace of mind.
Sprint (S) appears to have the most comprehensive solution, requiring customers to complete two-factor authentication in order to SIM swap. The customer must first give a PIN number or answer a security question and then provide a one-time passcode that is sent to their device via text message.
"We strongly encourage our customers to protect and regularly update their passwords, and never share account details, names, or other personal information with a third party without verifying the request came from a trusted source," a Sprint spokesperson told CNN Business.
An AT&T (T) spokesperson said the company advises against using mobile phone numbers as the single source of security and authentication." AT&T encourages customers to add "extra security" measures to their accounts, such as creating a password.
A Verizon (VZ) spokesperson said it offers customers a "Port Freeze" that will prevent their number from being moved to another network.
T-Mobile (TMUS) pointed CNN Business to a post on the company's website that outlines what its customers can do. In the event of an "account takeover fraud," the company said it would "work with customers individually to apply additional security measures."
Dealing with the fallout of a SIM hack
More than a year after suffering the SIM hack, Ross is still seeking justice.
He is suing AT&T for what he alleges was a failure by the company to protect his "sensitive and confidential account data" that resulted in "massive violations" of his privacy and "the theft of more than $1 million," according to the lawsuit.
"Fraudulent SIM swaps are a form of theft committed by sophisticated criminals. We are working closely with our industry, law enforcement and consumers to stop and prevent this type of crime," an AT&T spokesperson told CNN Business.
"It is unfortunate that Mr. Ross experiences this, but we dispute his allegations and plan to disprove them in court," the spokesperson added.
Topic starter
April 1, 2020 10:42 am
Verizon is my carrier so I'm looking into Port Freeze and how to get it for my cell phone. Hackers can get your information so quickly it's scary. I've had my credit card account used several times in Florida and I have not even been there. I did not have enough money available so it was flagged on the first or second transaction. I was sent a message that a transaction was done and denied so I got another card right away. Three months later it was hacked again in Florida. Another new card was issued. A few months later a different card account was used for a transaction in Florida. I asked the bank how can this keep happening. They said there are so many ways that people can do this that they could not even guess how
April 5, 2020 10:07 pm
Unfortunately there are people who hack and steal peoples information for a living and think its no big deal. Since technology has advanced which is great but it also gives those people a lot more opportunity to hack into phones and computers. As the people on the other end all we can do is be cautious what we buy and where we buy it from, don't sign up for suspicious deals on websites, and DO NOT click on those pop up ads saying you won a free trip to Hawaii and they just need your credit card number.
Topic starter
April 8, 2020 7:11 pm
I agree Gabby. I'm always getting emails on I've one something and they (whoever these people are) are getting ready to ship it to me. be very careful and do not respond.
April 9, 2020 7:49 pm
@gabriellemrasiectskin-com Gabby, you are well informed. It is all too easy to get taken advantage of.
April 9, 2020 7:53 pm
@deborah Debbie, we are fortunate that our banks and credit card companies help protect us against fraudulent purchases. I think I was 19 and I had a large charge on my credit card that I didn't make. I was devastated thinking that I would be responsible for paying. I called to report my card number as stolen and they removed the unauthorized charge. That was the best feeling knowing that my credit card company was there to protect me.
Topic starter
April 18, 2020 6:41 pm
I agree with both of you. It is a terribly helpless feeling when fraud happens. It can ruin the credit of people. It can take years for people to get back on their feet. There are so many ways that this fraud can occur it is scary to think about
