Fraudsters are texting telecoms employees with offers of bribes in exchange for helping them in SIM-swapping attacks.
T-Mobile and Verizon staffers, including former employees, took to Reddit to share screenshots with messages tempting them to facilitate SIM swaps in exchange for $300 per swap.
“Former tmo employee here, and feeling curious about how they even have my number lol,” one poster wrote, sharing the screenshot below.
Credit: LowkyRep on Reddit
“I got your number from the T-Mo employee directory,” reads the text. “I'm looking to pay someone up to $300 per sim swap done, if you're interested, reply and we can talk.”
“Got the same message today on my employee phone, I work for Verizon though,” another person wrote.
The criminals likely got their hands on employee data from past breaches. However, T-Mobile denies having suffered a breach, telling inquiring news outlets:
“We did not have a systems breach. We continue to investigate these messages that are being sent to solicit illegal activity. We understand other wireless providers have reported similar messages.”
SIM swapping is a popular technique among scammers. All they need is the victim’s phone number and a telecom employee willing to port that number to a SIM card they control. From there, the scammer can intercept authentication codes and take over the victim’s accounts, including a bank account, a crypto wallet, social media, and everything in between.
Taking bribes to help in these attacks can land telecom employees in prison for years, as evidenced by the recent case of Jonathan Katz who acted as such an insider at a telecommunications company from Burlington County.
Katz swapped several customers’ numbers into phones controlled by scammers, taking $1,000 per swap and facilitating account takeovers, including email, social media, and cryptocurrency accounts, according to the US Department of Justice.
At Bitdefender, we recommend you move away from SMS-based multi-factor authentication and instead adopt a trusted authenticator app, which makes it much harder for criminals to intercept one-time authentication codes to your accounts. For peace of mind, also consider using a dedicated security solution on your phone and all other personal devices.
Almost half of consumers in a recent survey commissioned by Bitdefender admitted to not using a dedicated security solution on their mobile device, even though the vast majority use their phone for sensitive transactions.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsDecember 19, 2024
November 14, 2024