Posted on 05/14/2022 9:47:58 AM PDT by Mr. Mojo
TAMPA, Fla. (WFLA) — Dan Clark says his future changed in an instant as his life savings of more than $700,000 vanished.
“My phone said, ‘No service, SIM card.’ And I didn’t even know what a SIM card was,” Clark said.
By the time he found out, it was too late. His phone number had been transferred to a crook’s device, and Clark’s accounts, including his proceeds in investments in cryptocurrency, were wiped out.
“I lost everything in a matter of a few hours,” he said. “Life’s work, a few hours.”
Clark quickly learned he was a victim of a SIM swap, a sophisticated scheme the FBI warns is sweeping the country. In 2021, the FBI received 1,611 SIM swapping complaints representing $68 million in losses to consumers.
The FBI explains that crooks trick mobile carriers to transfer your SIM, basically your phone number, to a device they control — either by impersonating you or, in some cases, paying off a phone carrier employee.
The FBI has warned of criminals gaining control of cell phone SIM cards from unknowing victims and stealing their personal information, including bank account and financial app details.
These scams netted criminals $68 million in 2021 alone, the FBI said, and it received more than 1,611 complaints. Compare that to $12 million in losses in 2018 to 2020.
Man loses $82K in fake car sale; BBB warns of other scams The FBI is urging the public to be aware of suspicious emails and not to advertise investments in cryptocurrency or other financial assets.
“Once the SIM is swapped, the victim’s calls, texts and other data are diverted to the criminal’s device,” the FBI said. “This access allows criminals to send ‘Forgot Password’ or ‘Account Recovery’ requests to the victim’s email and other online accounts associated with the victim’s mobile telephone number.
Clark’s case is currently under investigation by the FBI. T-Mobile confirms his SIM was swapped numerous times — even after he regained access to his phone and asked for an alert on his account to stop swaps.
T-Mobile has not responded to requests for comment from WFLA.
Clark is still hopeful he’ll get his money back. In the meantime, he wants to warn you.
“I want to protect other people from this. It’s a crazy world that we live in. It’s a very fast-paced world that we live in, a very fast-paced electronic world. And like I said, $1,600 cases last year to $68 million, and I am a statistic of that.”
The FBI recommends individuals take the following precautions:
• Do not advertise information about financial assets, including ownership or investment of cryptocurrency, on social media websites and forums.
• Do not provide your mobile number account information over the phone to representatives that request your account password or pin. Verify the call by dialing the customer service line of your mobile carrier.
• Avoid posting personal information online, such as mobile phone number, address, or other personal identifying information.
• Use a variation of unique passwords to access online accounts. Be aware of any changes in SMS-based connectivity.
• Use strong multi-factor authentication methods such as biometrics, physical security tokens, or standalone authentication applications to access online accounts.
• Do not store passwords, usernames, or other information for easy login on mobile device applications.
This is a Florida man I actually feel sympathy for.
Pre Covid I was having a winning year at the local casino—but I would not call it an “investment”.
;-)
What's to stop an employee of the 2-Factor ID key from accessing your 2 factors? Online financial transactions are inherently risky.
Which country of origin is the housekeeper from? That would be the first suspect to interrogate.
They don’t have the other factor. That’s the whole point. 2 sources of identity confirmation, hacking one isn’t enough.
Online financial transactions are really no more risky than any other. Once money became a paper trail somebody has always been in a position to steal it while nobody is looking.
I would not expose an amount more than needed for routine transactions to the internet.
Can knowing your ten-digit phone number ALONE allow your cellular device SIM to be stolen?
Like a lot of people, my landline has been cut down to minimal service because cellular service on a multi-function device is so useful.
Surprised I’ve never had many issues with credit card fraud considering I’ve used it at restaurants for years but somehow feel uneasy giving the waitress our waiter my cc and they disappear with it. With the prevalence of cell phone cameras, what’s stopping them from taking pics of the card including the security code and then just making purchases on Amazon with it?
Sorry to be ignorant.
WTF is that?
Obviously I did not invest in bitcoin either, but I wish I had bought a 1,000 of them several years ago, now. I would have probably cashed them in already when they reached their high of 63K+ for 63 million+. 🙂
If only my hindsight were my foresight. 🙂
What stops anybody? The real question is, was, and always will be: did you run into a criminal today? If you did you might have gotten robbed, maybe with a gun, maybe with a skimmer, maybe with a camera phone. Or maybe they decided you weren’t worth the trouble. Or you didn’t run into one.
That’s always how it’s been. Once humans figured out ownership, they also figured out theft. Only thing that changes is the methods.
America. She was born and raised in the town we live in. And, no. NEVER - the bank knows it was some sort of international scam.
And don’t make false accusations about a situation you know almost nothing about.
I googled to try to find anything like you described. The only thing I came up with was something called ‘face id’ but it’s still weird imo. —It should be in the terms and conditions if it was something they required.
What keeps hackers from accessing a password manager?
“think they’re referring to the common method of keeping a spreadsheet or text file like so many do.”
Lol... raises hand. I keep my login info on a computer text. But you need to cut out a couple of characters in each login to get the correct info *and* if you need to find out what websites they’re for, you have to go through a folder on my desk (not the computer) and find the name of the website and match it to the number on the text file. It’s pretty easy once you get the hang of it, and I think pretty safe.
I think it would have to involve at a minimum some social engineering at your phone company, but knowing the number would be a starting point. It would be helpful if they would share more of the methods used, so we could take measures to secure ourselves better.
> What keeps hackers from accessing a password manager?
Me never sharing the password with anyone, and doing my best to operate properly on cell phones, laptops, and other devices and the fact that the password manager’s whole business is about not leaving any holes in their product. I’m not bad at as I did manage cell phones and laptops for a rather high profile target organization in my day job.
All security is a tradeoff between convenience and security. I suppose someone could cut off a few fingers and toes to make give up access. ;-)
You beat me to it. I do not have info from any financial institution I deal with on my phone. Nothing. I don’t even keep pictures on it. I use it for text and calls, that’s it.
I applied online and there was nothing to indicate that was required - when it came up fraudulent, I called immediately and even though they could 100% verify it was ME, they still insisted I go through with the process or I would have to manually verify it by a mailing and my cc was canceled before it arrived in the mail.
It’s called a yubikey.
From website: The YubiKey offers superior security by combining hardware-based authentication and public key cryptography to effectively defend against phishing attacks and eliminate account takeovers. It offers multi-protocol support including FIDO2, Yubico OTP, OATH HOTP, U2F, PIV, and Open PGP.
https://www.yubico.com/product/yubikey-5-nfc/
It’s a foolproof method for stupid people like me to securely log into websites.
The yubikey is a physical device that you plug into your USB 4 computer port while logging in. You must physically press the yubikey button to log into your account on the website after you get the prompt from the website.
Because it’s a device that requires the user to physically activate it, it’s my understanding that it can’t be hacked.
I use it on financial sites.
Everything I wrote above was written by me - a stupid idiot. Do your own research and come to your own conclusions.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.