Over the past week, the US cryptocurrency community has been reeling from a recent wave of sustained SIM swapping attacks.
The attacks were limited to the US alone and seemed to have targeted T-Mobile and AT&T customers.
SIM swapping/jacking is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification, where the second factor or step is an SMS or a call placed to a mobile telephone. Effectively the perpetrator uses various techniques (usually social engineering) to transfers a victim’s phone number to their own SIM card.
My personal identity was hacked last week. The attacker was able to steal $100k+ in a sweep of my Coinbase account. I'm equal parts embarrassed, hurt, and deeply remorseful.
In an effort to raise awareness about the attack, I wrote about it here: https://t.co/ZnbB0AN6Gd
— Sean Coonce (@cooncesean) May 20, 2019
Attackers saw the rise in cryptocurrency as an opportunity to broaden their activities and make some serious money, although such events have been occurring for the past ten years. The number of attacks rocketed in 2017 as crypto took off. 2018 registered a number of SIM swap attacks in the US, but these numbers appear to a have reduced after police intervention. Caleb Tuttle, a detective with the Santa Clara County District Attorney’s office explained how the attacks work:
“The first is when the attacker bribes or blackmails a mobile store employee into assisting in the crime. The second involves current and/or former mobile store employees who knowingly abuse their access to customer data and the mobile company’s network. Finally, crooked store employees may trick unwitting associates at other stores into swapping a target’s existing SIM card with a new one.”
I've been hearing about another spate of SIM-jackings involving @TMobile, possibly involving bypassed PINs, which hint at insiders or weak processes.
The traditional telecom companies won't clean up their act without a class action lawsuit and heavy fines. Switch to @googlefi. https://t.co/wp60qvyn7i
— Emin Gün Sirer (@el33th4xor) June 2, 2019
However on an encouraging note for cryptocurrency users, it has been reported that SIM swappers are usually caught, as phone providers usually pick-up the excessive log-ins associated with the activity.
Follow BitcoinNews.com on Twitter: @bitcoinnewscom
Telegram Alerts from BitcoinNews.com: https://t.me/bconews
Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.
Image Courtesy: Pixabay
The post US Crypto Users Hit by Sim Jacking Flurry appeared first on BitcoinNews.com.