SIM Swap Scams Targeting Cryptocurrency Investors featured image

SIM Swap Scams Targeting Cryptocurrency Investors

by John DiGiacomo

Partner

Data Breach

SIM swap scams are nothing new, and are back in the news with high profile SIM swap attacks on Twitter’s CEO.

Telecommunications providers such as Verizon, AT&T, T-Mobile, and Sprint have been aware for over ten years that unauthorized third parties regularly attempt to obtain access to customer subscriber accounts to gain control over a customer’s SIM card.

Hackers Gaining Account Control

By gaining control over a customer’s SIM card, a hacker can then take control of a subscriber’s telephone number. Once the hacker has control over the subscriber’s telephone number, he or she can use two-factor authentication, which often sends a text message to the subscriber’s mobile phone, to reset the passwords associated with the subscriber’s email account, bank account, cryptocurrency exchange account, and investment accounts.

In an age where telecommunications providers like Verizon, AT&T, T-Mobile, and Sprint outsource their customer support obligations to third parties, hackers know that employees at these companies do not always follow company protocol. In some cases, the companies themselves may not follow industry best practices to secure subscriber accounts from unauthorized access.

Hackers have become adept at finding and exploiting weaknesses in cell provider security. And some providers may even allow known exploits to continue to be used by hackers even after their security and fraud departments have identified them.

SIM Swap Scams Targeting Cryptocurrency Investors

The most recent of these scams targets cryptocurrency investors, such as those who invest in Bitcoin or Ethereum.

Hackers mine data, often from Twitter, LinkedIn, Reddit, and other sources to identify those individuals most likely to have cryptocurrency. Once they have identified a target, they obtain personal information concerning the target in a number of ways. They may pretend to be the target and obtain an account number at an authorized retailer, or they may obtain account information from a prior data breach at a telecommunications provider.

Once this information is in their possession, they call the telecommunications provider’s customer support number. From here, they often attempt to convince the customer support representative that they’ve forgotten their secure PIN number and need to perform a SIM swap with just an account number or some other information. If they are successful, they obtain control over the target’s accounts and either ransom them for payment in cryptocurrency or simply steal cryptocurrency from the target’s account.

Telecom Arbitration Clauses

Telecommunications providers know that these SIM swap scams are happening, yet many appear to not take the threat, or their duties to secure personal and personally identifiable information, seriously.

Since most cell phone subscribers agree to an arbitration clause when signing up for an account, telecommunications providers force these subscribers into arbitration in an attempt to keep these grossly negligent vulnerabilities hidden from the public.

If you are the victim of a SIM swap scam, contact a data breach attorney immediately.

Revision Legal offers a wide array of legal services related to data breach and Internet law matters.  We can be reached by using the form on this page or by calling us at 855-473-8474.

Extra, Extra!
Recent Posts

2025 Changes to Trademark Fees

2025 Changes to Trademark Fees

Trademark

There are some significant changes coming to the United States Patent and Trademark Office (USPTO) that will affect trademark filings beginning January 18, 2025. These changes include the introduction of the Trademark Center, new fees, and revised application requirements. Here is an overview of the key changes: The USPTO will retire the TEAS system, which […]

Read more about 2025 Changes to Trademark Fees

Automated Decision-Making Technology: California Releases Proposed Regulations

Automated Decision-Making Technology: California Releases Proposed Regulations

Internet Law

In today’s competitive e-commerce landscape, automated decision-making technology is becoming more and more important. From personalized product recommendations to targeted advertising and streamlined logistics, these systems help ecommerce businesses adapt and grow. But new regulations are on the horizon, and these changes could reshape the way e-commerce businesses use automation. The California Privacy Protection Agency […]

Read more about Automated Decision-Making Technology: California Releases Proposed Regulations

FTC Adopts Final “Click to Cancel Rule”

FTC Adopts Final “Click to Cancel Rule”

Internet Law

The Federal Trade Commission (FTC) has issued final amendments to its trade regulation rule concerning negative option plans, also known as the “click to cancel rule.” This rule aims to address widespread deceptive practices that prohibit customers from cancelling services in the same manner in which they signed up. Here’s a detailed summary of the […]

Read more about FTC Adopts Final “Click to Cancel Rule”

Put Revision Legal on your side