The SIM Hijackers: how hackers take your phone number and then all of your accounts

In the buzzing underground market for stolen social media and gaming handles, a short, unique username can go for between $500 and $5,000, according to people involved in the trade and a review of listings on a popular marketplace. Several hackers involved in the market claimed that the Instagram account @t, for example, recently sold for around $40,000 worth of Bitcoin.

By hijacking Rachel’s phone number, the hackers were able to seize not only Rachel’s Instagram, but her Amazon, Ebay, Paypal, Netflix, and Hulu accounts too. None of the security measures Rachel took to secure some of those accounts, including two-factor authentication, mattered once the hackers took control of her phone number.

In February, T-Mobile sent a mass text warning customers of an “industry-wide” threat. Criminals, the company said, are increasingly utilizing a technique called “port out scam” to target and steal people’s phone numbers. The scam, also known as SIM swapping or SIM hijacking, is simple but tremendously effective.

First, criminals call a cell phone carrier’s tech support number pretending to be their target. They explain to the company’s employee that they “lost” their SIM card, requesting their phone number be transferred, or ported, to a new SIM card that the hackers themselves already own. With a bit of social engineering—perhaps by providing the victim’s Social Security Number or home address (which is often available from one of the many data breaches that have happened in the last few years)—the criminals convince the employee that they really are who they claim to be, at which point the employee ports the phone number to the new SIM card.

Game over.

“With someone’s phone number,” a hacker who does SIM swapping told me, “you can get into every account they own within minutes and they can’t do anything about it.”

Source: The SIM Hijackers – Motherboard

Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

 robin@edgarbv.com  https://www.edgarbv.com