SIM swap scams

Reverend Conehead

Reverend Conehead

Well-Known Member
Messages
9,938
Reaction score
11,822
This one's really rotten. It's done via identity theft. Some scammer gets enough info about you to convince your cell phone company that they're you. Then they get them to send them a new SIM card, and transfer your phone number to their phone containing the duplicate SIM. At this point, they control your cell service and get all your calls and texts. With that as their weapon, they use the password reset system of your bank and gain access. If you've got 2-factor authentication set up, they can get the SMS texts with the code, which "proves" that they're you. With that, they change your password to access all your accounts. Then they transfer all your money out to a foreign bank or to crypto currency.
...
If you have social media, DON'T share identifying info online such as your place of birth, where you went to school, etc. If you've already shared that info online, use fake info for your security questions with your bank. Pick some some name that your mom never had for "mother's maiden name," pick some city where you were not born as "place of birth," some name you've never had for a teacher as "favorite teacher's name," and "favorite pet's name," etc. DON'T let anyone know who your cell phone company is.
...
This 2-factor authentication has been really helpful in increasing security because the scammers can't get in even if they somehow hack your password. It's not surprising, the crooks have found a way to get passed it with this SIM swap crap. I've decided I'm going to contact my bank's anti-fraud department to see if I can use some kind of keyfob not connected to my cell service for 2-factor. That way, even if the goons somehow hijack my cell phone service, they can't get the 2-factor code. A company I used to work for gave us all keyfobs for 2-factor authentication for logging into all company accounts. You could just keep the keyfob on your keychain. If you ever lost it, it was in the contract that you contact them immediately to shut off the keyfob. Then a new one could only be issued on site. They would never mail one to your home address.
...
All these criminals are really disgusting. Be tight with your information. The following info about me, I would never give out on the phone:
...
Name: Melvin Stinkenhoffenklink
DOB: July 13, 1967
Place of Birth: Lincoln, Nebraska
Mother's Maiden Name: McGoonyclump
Favorite Teacher: Mrs. Chokeumchild
First Job: Richard Simmons' butler
SSN: 444-55-7777
Pet's name: Killerkitty
...
There. Keeping my sensitive info here where no one will find it.
 
Creeper

Creeper

Well-Known Member
Messages
14,039
Reaction score
17,800
Thanks for the heads up. This is becoming a real problem. Phone companies have to balance their customer service goals with good security and this can leave vulnerabilities for hackers to sneak through.

There are a couple of authentication apps you can use on your phone. I believe they are linked to your SIM card. When I changed iPhones, the authenticator apps stopped working for me. I had to go through an elaborate process to resynchronize the authenticator apps with the apps that use them. I had to prove my identity.

But only a few web sites I use allow this method of authentication. Most email or text me a code. Obviously, these are not the best security measures. When I was working our company, a major financial company, issued password tokens to employees. We required these to access our network remotely. The tokens required a pin to activate and every time you guess the pin wrong it took longer and longer to allow the next attempt to enter the pin. After about 6 tries, it disable the token on the network side. We offered then to customers but many complained because other companies wanted them to use tokens too and some people had multiple tokens and pins it was difficult for them to manage.

I like you idea to contact you bank ahead of time to find out what other options you have for security. It is better now than after someone steals all your money.
 
Reverend Conehead

Reverend Conehead

Well-Known Member
Messages
9,938
Reaction score
11,822
Creeper said:
Thanks for the heads up. This is becoming a real problem. Phone companies have to balance their customer service goals with good security and this can leave vulnerabilities for hackers to sneak through.

There are a couple of authentication apps you can use on your phone. I believe they are linked to your SIM card. When I changed iPhones, the authenticator apps stopped working for me. I had to go through an elaborate process to resynchronize the authenticator apps with the apps that use them. I had to prove my identity.

But only a few web sites I use allow this method of authentication. Most email or text me a code. Obviously, these are not the best security measures. When I was working our company, a major financial company, issued password tokens to employees. We required these to access our network remotely. The tokens required a pin to activate and every time you guess the pin wrong it took longer and longer to allow the next attempt to enter the pin. After about 6 tries, it disable the token on the network side. We offered then to customers but many complained because other companies wanted them to use tokens too and some people had multiple tokens and pins it was difficult for them to manage.

I like you idea to contact you bank ahead of time to find out what other options you have for security. It is better now than after someone steals all your money.
Click to expand...
Exactly. I had a bad experience, and the scammers hadn't stolen my full identity. They somehow hacked got my Visa debit card duplicated and stole money. The people who stole my credit card info were probably different from the ones who used it. I logged on and found two transactions from some shell company in Singapore totaling over 800 bucks. My bank was able to reverse the charges, but it took 3 days. They think it was probably done by bogus scanning equipment added to a legit credit card system. This was before cards had the chip. My biggest suspect is the place where I paid for fuel at the pump. I don't do that anymore. However, it could be much, much worse if some scammer got your full identity.
 
Creeper

Creeper

Well-Known Member
Messages
14,039
Reaction score
17,800
Reverend Conehead said:
Exactly. I had a bad experience, and the scammers hadn't stolen my full identity. They somehow hacked got my Visa debit card duplicated and stole money. The people who stole my credit card info were probably different from the ones who used it. I logged on and found two transactions from some shell company in Singapore totaling over 800 bucks. My bank was able to reverse the charges, but it took 3 days. They think it was probably done by bogus scanning equipment added to a legit credit card system. This was before cards had the chip. My biggest suspect is the place where I paid for fuel at the pump. I don't do that anymore. However, it could be much, much worse if some scammer got your full identity.
Click to expand...
Stealing valid credit card info is a big business in some countries. Organized criminals hack banks and retailers to get the credit card info, then they sell it to others who use the numbers to purchase and resell merchandise. When I was working in Cyber Security we got a government briefing on organized crime and hacking and we were told Russian hackers operate like legitimate businesses in Russia. They have high social status. Valid American credit card info was like gold for them.
 
Reverend Conehead

Reverend Conehead

Well-Known Member
Messages
9,938
Reaction score
11,822
Creeper said:
Stealing valid credit card info is a big business in some countries. Organized criminals hack banks and retailers to get the credit card info, then they sell it to others who use the numbers to purchase and resell merchandise. When I was working in Cyber Security we got a government briefing on organized crime and hacking and we were told Russian hackers operate like legitimate businesses in Russia. They have high social status. Valid American credit card info was like gold for them.
Click to expand...
Same thing in India. I read a thing from some guy in India who thought he had found a good job. It was in a normal-looking office with cubicles. It wasn't until he started his training that he realized it was a scam center. Disgusting. However, I most strongly suspect local scammers who sold the info online. There were a whole bunch of cases of local businesses finding those bogus scanners attached to their equipment, and service stations with pay-at-the-pump systems were big targets because the scammers could install their equipment usually without being noticed. I'll never know for certain, but I've never paid at the pump since.
 
You must log in or register to reply here.
Top