Scammers Are Hijacking Cell Phone Numbers

Inside Subprime: May 16, 2019

By Lindsay Frankel

Any mobile phone user has the potential to be a victim of “SIM Swap” fraud, in which scammers take advantage of two-factor authentication to access the target’s private accounts and steal their money.

That’s what happened to Rob Ross, a San Francisco man who lost $1 million due to the scam. Fraudsters hijacked his cell phone number to gain access to his password reset codes. First, they persuaded Ross’s cell phone carrier to transfer his phone number from his SIM card to a mobile phone used by the hackers. Next, they redirected his text messages and used his reset codes to gain access to his financial accounts.

“My worst fears were being played out in real time,” Ross told NBC. “They traded the money into bitcoin and then they withdrew it all.”

Ross discovered the scam when his cell phone alerted him that he had “no service.” Upon contacting AT&T, he was told someone had requested a SIM swap.

Ross isn’t the only victim of this type of fraud. There have been about 1,000 victims, according to conservative estimates from law enforcement sources. Earlier this month, nine hackers were charged in Michigan in connection with a series of SIM related scams.

Some scammers are able to complete the SIM swap simply by tricking phone carriers into believing they are agents for the company, while others use bribery to get low-level phone company workers to authorize the swap. Ross said wireless carriers need to do more to prevent this type of fraud.

NBC asked several phone carriers for comment. AT&T stated, “We continually look for ways to enhance our policies and safeguards to protect against these sorts of scams.” Other carriers suggested that users place an administrative block on their cell phone accounts or protect their account from changes with a PIN. However, court records indicate that carrier employees have provided PIN numbers to hackers.

While some of Ross’s funds were recovered, much of his savings is still missing. The alleged scammer will be prosecuted in Santa Clara County.

To avoid becoming a victim of a “SIM Swap” scam, some experts recommend using your email address for two-factor authentication instead of SMS. Some companies will also let you use an authenticator app, which is safer than having a code texted to you. And though scammers have been known to get access to a victim’s PIN, adding a PIN to your carrier account and SIM card still adds an extra level of security that may make it more difficult for hackers to gain access to your accounts.

Unfortunately, there’s no foolproof way to prevent this type of scam. If you notice a “no service” message on your cell phone, you should contact your carrier immediately to reverse the SIM swap if one has been requested. Then block withdrawals from your financial accounts, change your passwords, and report any losses.

Learn more about payday loans, scams, and cash advances by checking out our city and state financial guides, including CaliforniaAnaheimBakersfieldChicoFresnoLos AngelesModestoOaklandRedding, RiversideSacramento, San Diego, San FranciscoSan Jose, Santa Barbara and Stockton.