Hollywood Sim Swappers are the New Posers.
Your mobile phone is often the second key to your life. When you forget your password at key accounts like your email or bank, you may be prompted to enter a code that appears by text message to your phone. Perfect security, multi-factor authentication.
But what if you are targeted and someone can access your phone?
As we have seen, today’s internet criminals are savvy enough to make some investments in research for the opportunity of a million dollar prize, exploiting your trusted relationship with family and business associates (via Whaling email imposter tactics), or your trust in your outsourced providers and consultants (as suspected in Panama Papers and Paradise Papers information leaks).
But what about the trust put in your mobile provider? These networks just work. People don’t even think much about them as long as they see four bars. Point to a telephone pole and ask a teen what it is. I did, their first response was “a tall wooden pole”. The concept that there are people behind the operations of these amorphous big brands is foreign to most.
It may matter when you are dealing in your most personal information.
An emerging threat — that is successfully siphoning out personal funds from bank accounts and prevalent today (soon to spread) is called Hollywood SIM Swapping. And it is alleged to have been facilitated at times by insiders in AT&T and Verizon.
In this latest scheme, an Internet criminal obtains enough information about you and walks into an AT&T, Verizon, or other carrier store posing as you asks for a new SIM card for a new phone. They provide a new SIM card with your telephone number. This can be done at the national or at the local level, in any AT&T, Verizon or phone company affiliate storefront.
The Internet criminal, armed with some basic information about you can often reset your email and financial account passwords with ease as these systems will send a text message to your phone with a one-time-code to verify your identity. Now, since the criminal has a SIM card with your phone number, that code goes to their phone, not yours. They verify, they look in your email account for your bank and other account information from past emails, and then use the phone verification to access these accounts; ultimately siphoning your money out and transferring to cryptocurrency. Gone.
As Fox news reported, the criminal can change passwords, lock the victim out of their own lives, and even empty out financial accounts, which is exactly what happened to Robert Ross on October 26, 2018. “I took a million dollar loss,” he said. “My heart was pumping a lot, fear, deer in the headlights.”
This, and other newfound threats are at times assisted by insiders. In the Hollywood Sim Swap scam, allegedly phone company workers assisted for a fee. In Panama Papers and Paradise Papers leaks, it is suspected that a contractor to the law firms assisted.
What to do? Well, if you ever see your phone indicating no sim card, contact the phone company immediately, and watch your financial accounts (although it may be too late). If you are sending your personal or business financial information by email, certainly send it RMail encrypted so that you are not leaving breadcrumbs all over the Internet luring these Internet criminals to target you. You can do this most easily with RMail email encryption.