The Department of Justice recently charged nine people with being part of a criminal enterprise known as “The Community” that hijacked mobile phone numbers to steal money and cryptocurrency.
The sophisticated hackers used a technique called SIM swapping to target the bank accounts and online cryptocurrency wallets of their victims.
Among the criminal gang were two former AT&T contract employees and one former Verizon employee, who helped the alleged criminals by providing private customer information in exchange for bribes.
A SIM card is a small plastic chip that tells your device which cellular network to connect to and which phone number to use.
We rarely ever think about SIM cards, except maybe when we get a new phone and we need to remove or replace our SIM card.
The way this scam works is criminals either trick cell phone carrier employees into giving them control of the victim’s phone numbers or bribe them in exchange for their help.
Changing SIM cards is a typical part of a cell phone company employee’s job, such as when a customer loses their phone, so it’s not hard to get access to people’s SIM cards.
In the case of the two former AT&T contractors, they helped the criminals steal more than $2 million from several victims by performing 29 fraudulent SIM swaps.
Another phone employee said criminals found him via Instagram and offered him $100 per target.
The big carriers have no control over their tens of thousands of customer service reps and who knows how many of them would accept a bribe to hand over customer information.
With that being said, here are the best ways to protect yourself from falling victim to the SIM card scam.
Add a PIN #. You can decrease your chances of someone gaining access to and taking over your phone number by adding a PIN code or password to your wireless account.
T-Mobile, Verizon, Sprint and AT&T all offer the ability to add a PIN code.
If you haven’t done so yet, immediately add a PIN code to your cell phone account and don’t pick something such as a birthday or address.
Use an authentication app. SIM cards are directly tied to your phone number.
So, when you attempt to login to your bank account and the bank sends you a verification code, the criminal will receive the code just like you, since they have the SIM card.
However, these days, you can download apps to your Smartphone that work with two-factor authentication that sends the code directly to your device and not the phone number.
For example, the Google Authenticator app gives you two-factor authentication, but ties to your physical device rather than your phone number.
Use a different phone number. As I mentioned, your SIM card is directly tied to your number, so you should consider having your two-factor authentication sent to a different number.
For instance, if you have a landline in your home you could set it up so that you receive a call with a password on your landline phone that you can use to login to online accounts.
Another option is using a Google Voice phone number on your Smartphone, because even if your SIM card is stolen, the thieves wouldn’t have access to your Google Voice number.
SIM swapping is a prime example of why a phone number may not be the best verifier of your identity.
It’s an easily compromised authenticator. With that being said, adding additional layers of protection can help keep your online accounts and your identity from being stolen.