In the wrong hands, your SIM card can help criminals access your bank accounts - PhoneArena

Cops bust member of gang that obtained active SIM cards and used them to empty bank accounts

Cops bust member of gang that obtained active SIM cards and used them to empty bank accounts
For something so small in size, subscriber identification module (SIM) cards can create huge headaches. For example, the cops last month busted Ricky Joseph Handschumacher, a 25-year old Floridian man who used misappropriated SIM cards to purloin hundreds of thousands of dollars in cryptocurrencies, including Bitcoins. Handschumacher, who was charged with grand theft and money laundering, was part of a group of nine men who used "SIM swaps" across the country in order to gain access to victims' accounts.

Similar to a previous scam we told you about a few months ago, Handschumacher and the gang would call wireless providers and request a new SIM card. That request isn't normally viewed as a red flag by carriers because a new SIM card could be needed if the old one is damaged, or if the customer switches to a new phone that uses a different sized card. While poor security on the part of the wireless operators could help such a plan succeed, the incident back in February reportedly involved a rogue T-Mobile employee.

The falsely requested SIM cards would be inserted in the criminals' own phones to access the victim's bank and cryptocurrency accounts. The gang's biggest haul was one that illegally netted them 57 Bitcoins valued at $470,000. The ill-gotten gains were divided among the nine gang members.

The scheme fell apart when the mother of one of the gang members overheard her son on the phone, pretending to be an AT&T employee. She called the cops on him and they found damaging evidence such as multiple handsets, a number of SIM cards, and a file on his computer that contained "an extensive list of names and phone numbers of people from around the world."

So what is the answer? The only fool-proof suggestion we can think of is that carriers require customers to pick up requested SIM card replacements inside retail locations and demand to be shown government-issued ID, like a driver's license. Sure, it would make such requests a pain in the ass for both the customer and the carrier, but it might help prevent the theft of a person's hard-earned money-or virtual money. Unfortunately, the gang did have inside help from some of the carriers' employees who were paid off to help the scheme succeed.

And if your phone mysteriously goes off after you receive a message that your SIM was updated, call your carrier immediately (see image at the top of the article). Remember, once the crooks have your SIM card, even two-factor authentication is useless.

source: Motherboard
Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless