sim swap scams

SIM Swap Scams Targeting Cryptocurrency Investors

SIM swap scams are nothing new, and are back in the news with high profile SIM swap attacks on Twitter’s CEO.

Telecommunications providers such as Verizon, AT&T, T-Mobile, and Sprint have been aware for over ten years that unauthorized third parties regularly attempt to obtain access to customer subscriber accounts to gain control over a customer’s SIM card.

Hackers Gaining Account Control

By gaining control over a customer’s SIM card, a hacker can then take control of a subscriber’s telephone number. Once the hacker has control over the subscriber’s telephone number, he or she can use two-factor authentication, which often sends a text message to the subscriber’s mobile phone, to reset the passwords associated with the subscriber’s email account, bank account, cryptocurrency exchange account, and investment accounts.

In an age where telecommunications providers like Verizon, AT&T, T-Mobile, and Sprint outsource their customer support obligations to third parties, hackers know that employees at these companies do not always follow company protocol. In some cases, the companies themselves may not follow industry best practices to secure subscriber accounts from unauthorized access.

Hackers have become adept at finding and exploiting weaknesses in cell provider security. And some providers may even allow known exploits to continue to be used by hackers even after their security and fraud departments have identified them.

SIM Swap Scams Targeting Cryptocurrency Investors

The most recent of these scams targets cryptocurrency investors, such as those who invest in Bitcoin or Ethereum.

Hackers mine data, often from Twitter, LinkedIn, Reddit, and other sources to identify those individuals most likely to have cryptocurrency. Once they have identified a target, they obtain personal information concerning the target in a number of ways. They may pretend to be the target and obtain an account number at an authorized retailer, or they may obtain account information from a prior data breach at a telecommunications provider.

Once this information is in their possession, they call the telecommunications provider’s customer support number. From here, they often attempt to convince the customer support representative that they’ve forgotten their secure PIN number and need to perform a SIM swap with just an account number or some other information. If they are successful, they obtain control over the target’s accounts and either ransom them for payment in cryptocurrency or simply steal cryptocurrency from the target’s account.

Telecom Arbitration Clauses

Telecommunications providers know that these SIM swap scams are happening, yet many appear to not take the threat, or their duties to secure personal and personally identifiable information, seriously.

Since most cell phone subscribers agree to an arbitration clause when signing up for an account, telecommunications providers force these subscribers into arbitration in an attempt to keep these grossly negligent vulnerabilities hidden from the public.

If you are the victim of a SIM swap scam, contact a data breach attorney immediately.

Revision Legal offers a wide array of legal services related to data breach and Internet law matters.  We can be reached by using the form on this page or by calling us at 855-473-8474.

what is the international sale of goods, or CISG?

What is Convention/Contracts for the International Sale of Goods (“CISG”)?

Most businesses are familiar with basic US business contracts and with the Uniform Commercial Code (“UCC”). Unless your business involves a significant component of international transactions, you may not be familiar with the Convention/Contracts for the International Sale of Goods (“CISG”).

CISG law and CISG forms govern international sales of commercial goods, but not services, including all transactions between the US, Mexico, and Canada under the North American Free Trade Agreement (“NAFTA”).

Here is a quick rundown. Read more

is your website ada compiant? read about website accessibility

Website Accessibility: Is Your Website ADA Compliant?

When is comes to website accessibility, there is a difference between a website that is accessible and one that is ADA-compliant, and that difference can have a huge impact on a business.

The Americans with Disabilities Act (ADA) is a law that mainly regulates accessibility for business, government entities, and more. Although the ADA does not discuss websites specifically in the language of the act, United States courts have construed Title III of the ADA to be relevant to website design.

For this reason, a website must meet certain criteria in order to be considered ADA-compliant. Read more

New York Privacy Act: What You Need To Know

It’s no secret that consumers today are more concerned than they’ve ever been about their privacy online, especially when they use social media. In response, consumer privacy laws have been popping up throughout the United States and Europe.

Consumer privacy laws began ramping up in May 2018 with the European Union’s General Data Protection Regulation, which has had a tremendous impact on websites across the world to avoid a costly breach. Then, a month later, California passed its own consumer privacy law, the California Consumer Privacy Law. Not to be outdone, New York proposed the stringent New York Privacy Act this month.

Not sure how to comply with all this new legislation? We’ve got you covered. Read on to learn all about the New York Privacy Act! Read more

data breach litigation

Data Breach Litigation: Theories of Damages in Data Breach Cases

Data breach litigation is an emerging area of the law, and courts are regularly struggling with how to award damages in data breach cases because the harm caused by a data breach does not always fit neatly into traditional theories of damages.

In this article, we look at the three major theories of damages applied to data breach litigation cases. Read more

learn everything you need to know about Internet Law

Internet Law: Everything You Need To Know

What is Internet law?

Internet law refers to the legislation and legal principles that are in place regarding the use of the Internet in all forms.

Unlike other law fields, Internet law cannot be identified as a specific, stable, and solid field of practice. It instead applies principles and incorporates rules from a number of different traditional fields, including contract law and privacy law.

Internet law can include topics like how to link web pages, how to resolve conflicts over domain names, how trademarks are used across the web, governing Internet service providers, and website creation.

When you consider the fact that the internet is evolving at a rapid pace, common law or precedent is not enough to create the laws. This means that there is a greater amount of uncertainty. Read more

Can I Sue Amazon? Amazon’s Forced Arbitration Clause

Can I sue Amazon? Amazon's Arbitration Clause
“Ship Products Safely with Good Shipping Supplies” by Sherwood Lebron is licensed under CC BY-NC-ND 4.0

We represent a number of clients who either sell their products on Amazon or who have dealt with or are currently dealing with Amazon counterfeiting issues. Our clients often ask us, “Can I sue Amazon or am I stuck in an arbitration clause?” Like many legal questions, the answer often depends on the facts.

This article is intended to help you better understand how Amazon views the enforceability of its arbitration clause, how courts have viewed Amazon’s arbitration clause, and whether there are claims that may not be subject to Amazon’s arbitration clause.

Amazon’s Arbitration Clause

It is first worth looking at the text of Amazon’s arbitration clause:

Amazon and you both consent that any dispute with Amazon or its Affiliates or claim relating in any way to this Agreement or your use of the Services will be resolved by binding arbitration as described in this paragraph, rather than in court, except that (i) you may assert claims in small claims court that is a Governing Court if your claims qualify and (ii) you or we may bring suit in the Governing Courts, submitting to the jurisdiction of the Governing Courts and waiving our respective rights to any other jurisdiction, to enjoin infringement or other misuse of intellectual property rights. There is no judge or jury in arbitration, and court review of an arbitration award is limited. However, an arbitrator can award on an individual basis the same damages and relief as a court (including injunctive and declaratory relief or statutory damages), and must follow the terms of this agreement as a court would.

The arbitration will be conducted by the American Arbitration Association (AAA) under its rules, including the AAA’s Supplementary Procedures for Consumer-Related Disputes. Payment of all filing, administration, and arbitrator fees will be governed by the AAA’s rules. We will reimburse those fees for claims totaling less than $10,000 unless the arbitrator determines the claims are frivolous. Likewise, Amazon will not seek attorneys’ fees and costs from you in arbitration unless the arbitrator determines the claims are frivolous. You may choose to have the arbitration conducted by telephone, based on written submissions, or in person at a mutually agreed location. Amazon and you each agree that any dispute resolution proceedings will be conducted only on an individual basis and not in a class, consolidated or representative action. If for any reason a claim proceeds in court rather than in arbitration Amazon and you each waive any right to a jury trial.

To summarize, almost any claim against Amazon or its affiliates appears to be covered by the arbitration clause, excluding any request to enjoin infringement or other misuse of intellectual property rights. It also appears that all potential class action claims or requests for a jury trial are waived.

Amazon’s agreements define “Governing Courts” as the state or federal courts in King County, Washington and “Governing Laws” as the laws of the State of Washington. This seems to indicate that any arbitration proceeding falling under Amazon’s clause will have to take place in the State of Washington.

Intellectual Property Claims

Amazon’s arbitration clause seems to leave the door open for plaintiffs to avoid arbitration by asserting intellectual property claims, allowing a lawsuit in the State of Washington “to enjoin infringement or other misuse of intellectual property rights.”

Some cases seem to confirm this interpretation. See Milo & Gabby, LLC v. Amazon.com, Inc., 12 F. Supp. 3d 1341 (W.D. Wash. 2014) (trademark infringement); Rout v. Amazon.com, Inc., 2012 U.S. Dist. LEXIS 170602 (W.D. Wash. 2012) (copyright infringement); Hendrickson v. Amazon, Inc., 298 F. Supp. 2d 914 (W.D. Wash. 2003) (copyright infringement).

For clients who may be faced with counterfeiting on Amazon’s platform or perpetrated by Amazon itself, asserting intellectual property claims may be a route to avoid arbitration.

Forum Selection and Choice of Law Clauses

Clients often ask us whether they really have to arbitrate or file suit against Amazon in the State of Washington and litigate their claims under Washington law.

In most cases, the answer is, “yes.”

In general, the US Supreme Court has supported forum selection clauses like Amazon’s except under extraordinary circumstances. See Bremen v. Zapata Off Shore Co., 407 U.S. 1 (1972) (forum selection clause could be specifically enforced unless Zapata could clearly show that enforcement would be unreasonable and unjust or that the clause was invalid for such reason as fraud or overreaching.); Carnival Cruise Lines v. Shute, 499 U.S. 585 (1991) (finding that even non-negotiated forum select clauses are enforceable).

Cases have also specifically found that Amazon’s forum selection clause and choice of law clause are enforceable. See Segal v. Amazon.com, Inc., 763 F. Supp. 2d 1367 (S.D. Fla. 2011) (finding Amazon’s forum selection clause enforceable and applying Bremen and Carnival Cruise Lines); see also Fagerstrom v. Amazon.com, Inc., 141 F. Supp. 3d 1051 (S.D. Cal. 2015) (finding Amazon’s choice of law clause to be valid).

Based on the case law, then, it appears that courts will uphold Amazon’s forum selection and choice of law clauses.

Arbitration as a Remedy for Suspensions and Monetary Losses

If intellectual property claims are not in play, arbitration may be the only remedy for a dispute involving an account suspension or monetary damages against Amazon. However, the remedies in arbitration may be limited due to the manner in which Amazon takes advantage of Washington law.

For example, Amazon’s Services Business Solutions Agreement allows either party to terminate the agreement at any time: “We may terminate or suspend this Agreement or any Service for any reason at any time by notice to you. You may terminate or suspend this Agreement or any Service for any reason at any time by the means then specified by Amazon.”

Amazon takes the position that, because either party can terminate the agreement at any time, the contract is an at-will contract and Amazon has no duty to reinstate a suspended account, even when they are wrong. Washington law seems to support their position, and the Western District of Washington and the Ninth Circuit have upheld such an at-will provision in a case involving Amazon in the past.

In Hard 2 Find Accessories, Amazon suspended a seller’s account after it had received complaints that the seller was selling counterfeit products. See Hard 2 Find Accessories, Inc. v. Amazon.com, Inc., 58 F. Supp. 3d 1166, 1173 (W.D. Wash. 2014), aff’d 691 Fed. Appx. 406 (9th Cir. 2017).

After the complaints had been resolved, Amazon refused to reinstate the seller’s Amazon account, citing the at-will nature of its agreement with the seller. The seller sued Amazon and argued that Amazon failed to conduct a thorough investigation before terminating the seller’s account.

However, the court found that the at-will relationship created by the agreement between the parties meant that Amazon was under no duty to perform such an investigation or otherwise reinstate the seller’s account.

Even in cases where Amazon is wrong, it may have no duty to reinstate a seller or affiliate account and the only remedy in arbitration may be damages.

Conclusion

Navigating potential lawsuits against Amazon, or issues with an Amazon seller account, can be very difficult and must be handled by competent counsel with knowledge of the process. Though many companies and law firms promise Amazon account reinstatement or success in arbitration, it is important to know what remedies can be provided through these avenues before spending money to proceed down them. Most cases take a delicate balancing of business risk and legal risk and should be approached carefully.

To discuss a potential case, please contact our e-commerce attorneys with the form on this page, or call us at 855-473-8474.

 

has your paypal account been frozen? we defend online retailers being sued for trademark infringement

PayPal Account Frozen? Defending Retailers Sued for Trademark Infringement

If you are an online retailer, here is what you need to know about trademark infringement on ecommerce platforms, and things you should be aware of if you are required to defend yourself from trademark infringement allegations.

A Mixing Pot of Commerce and Cultures

Domestic e-commerce sites such as Amazon Marketplace and eBay are big business. More than 1 million sellers are on the Amazon Marketplace alone, representing all 50 states. This is not just a US phenomenon – people from more than 130 countries are selling on Amazon. Read more

read about Amazon's new patent neutral evaluation procedure and how to use it to protect your business.

Amazon’s Patent Neutral Evaluation Procedure: What You Need to Know

In April 2019, Amazon unveiled its Patent Neutral Evaluation Procedure, designed to enlist private attorneys in resolving disputes through an arbitration procedure between utility patent owners and sellers on the Amazon Marketplace.

Given that the Amazon Marketplace is the largest online retailer in the United States, capturing nearly 68% of all online sales, it is no wonder that intellectual property holders, including patent owners, must exercise constant diligence in monitoring the site for counterfeit goods. Read more

cybersquatting laws overview

An Overview of Cybersquatting Laws

Read more