Man's $1M Life Savings Stolen as Cell Number Is Hijacked - NBC Connecticut
NBC Connecticut Responds

NBC Connecticut Responds

RESPONDING TO YOUR CONSUMER NEEDS AND WORKING TO SAVE YOU MONEY

Man's $1M Life Savings Stolen as Cell Number Is Hijacked

Carrier workers bribed or tricked into helping hackers

    processing...

    NEWSLETTERS

    Man's $1M Life Savings Stolen As Cell Number is Hijacked

    Hackers are exploiting a system designed to make your financial, social media, and e-mail accounts safer. Security experts recommend everyone take action now to protect themselves. Consumer investigator Chris Chmura reports. (Published Friday, April 26, 2019)

    Rob Ross freaked out.

    One minute, the San Francisco man’s investment accounts added up to a million dollars; the next moment they had a zero balance.

    "I was devastated," he said. “It was about 90 percent of my net worth.”

    Ross was a victim of the “SIM Swap Scam.” His story is a warning for everyone. If you have a mobile phone, you are a potential target in this fraud.

    US Attorney Lays Out Next Steps After Billion-Dollar Cocaine Bust

    [NATL] US Attorney Lays Out Next Steps After Billion-Dollar Cocaine Bust

    Bill McSwain, United States Attorney for the United States District Court for the Eastern District of Pennsylvania, addressed the media Friday following a billion-dollar cocaine seizure at the Philadelphia seaport.

    (Published Friday, June 21, 2019)

    Thieves have hacked this extra layer of protection known as two-factor authentication. You’ve probably seen "2FA" in the form of a message from your bank account, social media, or email provider suggesting something along the lines of “adding a phone number adds security.”

    But thieves have hacked it.

    First, they hijack your mobile phone number. At that point, your email, social media, and financial password reset codes go to them. And that's all they need to take control of all those accounts and steal from you.

    “They don’t care about the damage they are doing to other people’s lives,” Ross said.

    The scam starts when your cellphone suddenly shows “No Service.” After Ross discovered that message on his phone, he contacted his carrier.

    “AT&T said there had been a SIM swap request,” Ross said. “I had never heard the term SIM swap.”

    The SIM is the small card that contains your phone number. When the hackers got Ross’s carrier to swap his number off his SIM and put it on their phone, they redirected Ross’s calls and text messages. And that’s all the hackers needed to clear him out.

    “My worst fears were being played out in real time,” he said. “They traded the money into bitcoin and then they withdrew it all.”

    We searched our nationwide database of consumer complaints and found viewers around the country complaining of the same SIM swap scam.    

    “Why would they take control over my phone number,” asked a New York woman whose credit was compromised after a SIM swap. A viewer near Los Angeles lost money just as quickly as Ross did. “They stole $4,000 in less than 2 minutes,” she wrote.

    Law enforcement sources estimate 1,000 victims, conservatively.

    We wondered how hackers are gaining access to so many people’s wireless accounts to swap SIMs. We found Trickery and bribery.

    Police Commissioner After Billion-Dollar Bust: ‘You Have to Talk About the Violence’

    [NATL] Police Commissioner After Billion-Dollar Bust: ‘You Have to Talk About the Violence’

    Philadelphia Police Commissioner Richard Ross addressed the media Friday following a billion-dollar cocaine seizure at the Philadelphia seaport. 

    (Published Friday, June 21, 2019)

    We pulled records for a few SIM Swap cases that are in court. They show one hacker simply "pretending to be an AT&T agent" on the phone with AT&T to access a target’s cellular account and hijack their number.

    Other hackers in online chats brag of paying off carrier salespeople or call center workers with a few bucks or even a small bag of pot. Hackers call them “plugs.” One hacker wrote, “My Sprint plug is legit.”

    Ross fears low level carrier employees, some of whom are overseas, are too easily compromised into swapping SIMs.

    “A lot of people," he said, "are susceptible to bribery.” Ross said the world's wireless carriers need to step up. “To my knowledge, [the carriers] are not doing anything.”

    We asked AT&T, Verizon, Sprint, and T-Mobile how they’re combatting unauthorized SIM swaps. AT&T said in a statement, “We continually look for ways to enhance our policies and safeguards to protect against these sorts of scams.”

    Verizon recommended users put an administrative block on their account. T-Mobile offered the same solution plus an account PIN. Sprint’s website also suggests a PIN for any changes to your service or SIM.

    Facebook Announces New Cryptocurrency 'Libra'

    [NATL] Facebook Announces New Cryptocurrency 'Libra'
    Facebook has announced plans to enter the banking business by launching a new digital currency. The social media giant says it wants to make sending money around the world as easy as sending a photo or message with the new "Libra" cryptocurrency.
     
    (Published Wednesday, June 19, 2019)

    But court records we covered show at least one SIM swapper’s “plug” simply handing it over.  

    “[The plug] just gives me the PIN,” one hacker wrote.

    Justin Dolly, chief security officer at a cybersecurity firm SecureAuth, told us wireless carriers track their workers at almost every turn. So now they need to cross reference that big data with unusual transactions and weed out whoever is assisting scammers.

    “The information is there," he said. “There’s definitely some responsibility that they need to take."

    So, what do you do about those password resets by text that can open the door for hackers? Consider some changes, right now.

    Ask your bank, brokerage, email, and social media companies if they can send unlock codes via email, not SMS. Or, text them to a secondary number — like Google Voice — instead of your cell.

    10-Year-Old Drag Queen 'Sparkles' in Portland Pride Parade

    [NATL] 10-Year-Old Drag Queen 'Sparkles' in Portland Pride Parade

    An LGBTQ+ group offered protection for a 10-year-old drag queen at Portland, Oregon’s, Pride Parade, after online backlash had their family fearing for their safety. Sparkle, who uses the pronouns they/them, had received a lot of support online, but after an all-ages drag show performance, Sparkle, and her mother Michelle Porter, started to receive hateful comments online.

    (Published Monday, June 17, 2019)

    Dolly endorsed that idea.

    “You’re one more hop away from the hacker, and they might not be able to reach you there,” he reasoned.  

    Ross launched a website, StopSIMcrime.org, to raise awareness of the SIM Swap Scam. The site warns people that your phone could one day read “No Service.” And then, no matter how much or how little money you have, SIM swapping hackers will try to steal it.

    "They don’t always know what they’re going to get until they get into the financial accounts,” Ross said. And yet, they keep trying. "They’re doing this all day long.”

    Detectives recovered some of Ross’s savings. But most of it is still missing. The accused thief is facing prosecution in Santa Clara County.

    If you suddenly see “No Service” on your cellphone, call your carrier right away — from a different phone — to see if your SIM has been swapped. If so, insist they undo it immediately. Then lock down your financial accounts ASAP. Block withdrawals. Check your balances. And report any missing money on the spot.

    CDC Issues Travel Warning To and From Europe

    [NATL] CDC Issues Travel Warning to and From Europe

    A new Centers for Disease Control report is raising concerns that travelers visiting Europe could bring home not just memories, but potentially new measles cases. Health experts say the region is experiencing a spike in measles, up 300 percent in the first three months of this year compared to the same time frame of last year. 

    (Published Tuesday, June 18, 2019)

    If you've been the victim of a SIM swap, let us know. Call 888-996-TIPS. Or go to NBCBayArea.com/Responds.