Sim swap scams are getting rampant despite the existence of ways to avoid them.
Californian police have arrested Joel Ortiz, a 20-year old who they say was involved in a scam where several cellphone numbers were hacked in order to get their hands on over $5 million in cryptocurrency—the first reported operation of its kind. Ortiz was nabbed at the Los Angeles International Airport and was said to be on his way to Europe toting a Gucci bag believed to have been purchased with scam money.
Ortiz was a member of OGUSERS, an online marketplace for selling online accounts and virtual goods, and has been known to be a black market for stolen Instagram accounts. Sim swap hackers are also known to sell their stolen accounts here.
While Ortiz’s gang have yet to be apprehended, he faces 28 charges, including 13 counts of identity theft, 13 counts of hacking, and two counts of grand theft.
Identity theft has been around for quite a while. And as technology evolves, so do scams—scammers tweak their modus to fit technological developments, with the cryptocurrency space being their latest breeding ground.
The rise of sim swap scams in crypto
Last year, the scam involving the hijacking of sim cards made the news as their instigators began targeting cryptocurrency holders. In the sim swap scam, scammers scour the web for personal information about an individual, going through social media accounts such as Facebook, Twitter, LinkedIn, and LinkedIn. All it then takes is for the scammer to find out your mobile number—which can traditionally be found on business cards handed out in events, although these days most only include email addresses or instant messaging handles. Some of them would even call their target posing as customer service representatives of the service provider in an attempt to harvest as much personal information as they can.
The fraud then calls your service provider pretending to be you, says that “you” lost your phone and tricks the provider into issuing a new phone with a new sim card that has your phone number. This leaves the actual account owner’s phone dead. Taking this scam further, a scammer can then try to access any accounts the victim has that are connected to the phone number, since many applications—including cryptocurrency wallets, send 2FA (two-factor authentication) to mobile phones. This works when the scammer has previously gained access to a victim’s online credentials, such as through phishing emails. Access to the victim’s mobile phone and therefore, the 2FA, completes the invasion.
Negligence and accountability
There are several ways for service providers to make sure they don’t fall for the trap by contacting the account owner and verifying the sim swap request—and most cases could be avoided if providers weren’t negligent. According to Revision Legal, the service provider can be held liable to damages if the lapses in due diligence are found to be theirs. Most victims are forced into internal arbitration to keep things quiet, but that they have better options.
“Since most cell phone subscribers agree to an arbitration clause when signing up for an account, telecommunications providers force these subscribers into arbitration in an attempt to keep these grossly negligent vulnerabilities hidden from the public,” Revision Legal wrote.
“If you are the victim of a SIM swap scam, contact a data breach attorney immediately.”
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.