AT&T sued by cryptocurrency investor who was ripped off in "SIM swap fraud"
A few days ago, we told you how a nine-member gang stole hundreds of thousands of dollars in cash and cryptocurrencies by employing the ol' SIM swap routine. This is accomplished when a crook calls a carrier's customer service department and pretends to be a subscriber. The caller claims that his SIM card is damaged, or the one he has doesn't fit a new phone he bought. With the help of a paid off insider, a replacement SIM, tied to the victim's account, is sent to the bad guy. Once the SIM is inserted by the criminal into his phone, he now has complete control of the victim's apps. Even two-party authentication is useless at this point.
Now, a gentleman named Michael Terpin has sued AT&T for $224 million after his account was infiltrated using this SIM swap fraud. Terpin, a cryptocurrency investor, lost $24 million dollars to the scheme and is seeking the return of his money and wants the wireless provider to be slapped with $200 million in punitive damages.
According to the victim, he had set up his accounts with security in mind, using two-factor authentication on all his apps. He even consulted security experts to make sure that his accounts were secure. But Terpin says that "criminal gangs" are using the LinkedIn app to find people working at certain carriers, and are paying them off to help them on the inside. He adds that part of the "SIM swap fraud" requires the paid-off insider to obtain personal information about the chosen victim; this helps the gang obtain the "replacement" SIM card that sets the whole scam in motion. "The one thing that’s been a link between [crypto hacks] is that in every case they’ve had an insider," Terpin said. He states that the FBI, Homeland Security, and the U.S. Secret Service know the identity of the rogue AT&T employee who was involved in the hack of his account.
Terpin claims that during past mediation efforts that failed, AT&T said that it was not responsible for what happened to him. As you might imagine, Terpin disagrees. You budding Perry Masons can read the complaint by clicking on the sourcelink below.
According to the complaint, AT&T had placed additional security on Terpin's account after a previous hacking attempt was foiled. Yet, it still delivered a replacement SIM card to an imposter pretending to be Mr. Terpin without requesting valid identification, or the victim's required password.