Man's $1M Life Savings Stolen as Cell Number Is Hijacked - NBC 10 Philadelphia
NBC10 Responds

NBC10 Responds

Responding to your consumer complaints

Man's $1M Life Savings Stolen as Cell Number Is Hijacked

Carrier workers bribed or tricked into helping hackers

    processing...

    NEWSLETTERS

    Man's $1M Life Savings Stolen As Cell Number is Hijacked

    Hackers are exploiting a system designed to make your financial, social media, and e-mail accounts safer. Security experts recommend everyone take action now to protect themselves. Consumer investigator Chris Chmura reports. (Published Friday, April 26, 2019)

    Rob Ross freaked out.

    One minute, the San Francisco man’s investment accounts added up to a million dollars; the next moment they had a zero balance.

    "I was devastated," he said. “It was about 90 percent of my net worth.”

    Ross was a victim of the “SIM Swap Scam.” His story is a warning for everyone. If you have a mobile phone, you are a potential target in this fraud.

    No Religious Exemptions for Measles Vaccines

    [NATL] No Religious Exemptions for Measles Vaccines

    A new law signed by New York Governor Andrew Cuomo Thursday ends religious exemptions for vaccinations for school children.

     
    The move comes as New York battles its worst measles outbreak in decades.
    (Published Friday, June 14, 2019)

    Thieves have hacked this extra layer of protection known as two-factor authentication. You’ve probably seen "2FA" in the form of a message from your bank account, social media, or email provider suggesting something along the lines of “adding a phone number adds security.”

    But thieves have hacked it.

    First, they hijack your mobile phone number. At that point, your email, social media, and financial password reset codes go to them. And that's all they need to take control of all those accounts and steal from you.

    “They don’t care about the damage they are doing to other people’s lives,” Ross said.

    The scam starts when your cellphone suddenly shows “No Service.” After Ross discovered that message on his phone, he contacted his carrier.

    “AT&T said there had been a SIM swap request,” Ross said. “I had never heard the term SIM swap.”

    The SIM is the small card that contains your phone number. When the hackers got Ross’s carrier to swap his number off his SIM and put it on their phone, they redirected Ross’s calls and text messages. And that’s all the hackers needed to clear him out.

    “My worst fears were being played out in real time,” he said. “They traded the money into bitcoin and then they withdrew it all.”

    We searched our nationwide database of consumer complaints and found viewers around the country complaining of the same SIM swap scam.    

    “Why would they take control over my phone number,” asked a New York woman whose credit was compromised after a SIM swap. A viewer near Los Angeles lost money just as quickly as Ross did. “They stole $4,000 in less than 2 minutes,” she wrote.

    Law enforcement sources estimate 1,000 victims, conservatively.

    We wondered how hackers are gaining access to so many people’s wireless accounts to swap SIMs. We found Trickery and bribery.

    US Blames Iran for Attacks to Oil Tankers

    [NATL] U.S. Blames Iran for Attacks to Oil Tankers

    Tensions intensified this week after the U.S. blamed Iran for a suspected attack on oil tankers, one of which was set ablaze, near the strategic Strait of Hormuz.

    (Published Thursday, June 13, 2019)

    We pulled records for a few SIM Swap cases that are in court. They show one hacker simply "pretending to be an AT&T agent" on the phone with AT&T to access a target’s cellular account and hijack their number.

    Other hackers in online chats brag of paying off carrier salespeople or call center workers with a few bucks or even a small bag of pot. Hackers call them “plugs.” One hacker wrote, “My Sprint plug is legit.”

    Ross fears low level carrier employees, some of whom are overseas, are too easily compromised into swapping SIMs.

    “A lot of people," he said, "are susceptible to bribery.” Ross said the world's wireless carriers need to step up. “To my knowledge, [the carriers] are not doing anything.”

    We asked AT&T, Verizon, Sprint, and T-Mobile how they’re combatting unauthorized SIM swaps. AT&T said in a statement, “We continually look for ways to enhance our policies and safeguards to protect against these sorts of scams.”

    Verizon recommended users put an administrative block on their account. T-Mobile offered the same solution plus an account PIN. Sprint’s website also suggests a PIN for any changes to your service or SIM.

    Mother of 5 Slain Kids Asks Jury to Spare Ex-Husband's Life

    [NATL] Mother of 5 Slain Kids Asks Jury to Spare Ex-Husband From Death Penalty

    Amber Kyzer stunned a South Carolina courtroom after she asked the jury to spare their murderer, her ex-husband Timothy Jones Jr., the death penalty, despite Jones having killed their five children.

    (Published Wednesday, June 12, 2019)

    But court records we covered show at least one SIM swapper’s “plug” simply handing it over.  

    “[The plug] just gives me the PIN,” one hacker wrote.

    Justin Dolly, chief security officer at a cybersecurity firm SecureAuth, told us wireless carriers track their workers at almost every turn. So now they need to cross reference that big data with unusual transactions and weed out whoever is assisting scammers.

    “The information is there," he said. “There’s definitely some responsibility that they need to take."

    So, what do you do about those password resets by text that can open the door for hackers? Consider some changes, right now.

    Ask your bank, brokerage, email, and social media companies if they can send unlock codes via email, not SMS. Or, text them to a secondary number — like Google Voice — instead of your cell.

    Body Cameras Capture Controversial Police Punch

    [NATL] Body Cameras Capture Controversial Police Punch

    Video showing a Columbus, Ohio, police officer punching a man went viral over the weekend. On Monday, the Columbus Division of Police released body worn camera video showing the incident. In the video you can see a woman who claims to be the man’s mother visibly upset with officers while recording the incident on Facebook live. Another woman then approaches officers with two children in her arms. Officer ask her to step back away from the house. A man is seen then approaching police. Officer AJ Johnson exchanges words with the man. Seconds later officer Johnson is seen hitting him.

    (Published Wednesday, June 12, 2019)

    Dolly endorsed that idea.

    “You’re one more hop away from the hacker, and they might not be able to reach you there,” he reasoned.  

    Ross launched a website, StopSIMcrime.org, to raise awareness of the SIM Swap Scam. The site warns people that your phone could one day read “No Service.” And then, no matter how much or how little money you have, SIM swapping hackers will try to steal it.

    "They don’t always know what they’re going to get until they get into the financial accounts,” Ross said. And yet, they keep trying. "They’re doing this all day long.”

    Detectives recovered some of Ross’s savings. But most of it is still missing. The accused thief is facing prosecution in Santa Clara County.

    If you suddenly see “No Service” on your cellphone, call your carrier right away — from a different phone — to see if your SIM has been swapped. If so, insist they undo it immediately. Then lock down your financial accounts ASAP. Block withdrawals. Check your balances. And report any missing money on the spot.

    US Women Set Records in 13-0 World Cup Win

    [NATL] US Women Set Records in 13-0 World Cup Win

    The U.S. Women's National Team beat Thailand 13-0 in their opening match of group play in the 2019 World Cup in France.

    (Published Tuesday, June 11, 2019)

    If you've been the victim of a SIM swap, let us know. Call 888-996-TIPS. Or go to NBCBayArea.com/Responds.