The T-Mobile help desk on Twitter is fielding an influx of complaints about SIM swaps. Crypto enthusiasts are reporting that they’ve lost control of accounts on their mobile devices.
A SIM swap occurs when a mobile account (phone number) is transferred from one SIM card to another. A SIM swap scam occurs when the number is transferred to an unauthorized and fraudulent number, allowing someone other than the account holder to take over, effectively blocking the customer from accessing their own accounts. The fraudster can then siphon sensitive data from the phone, including bank account information and passwords to social media accounts. With enough digital data, thieves can also steal crypto.
Andrew Kang, the co-founder of Minerupdate.com, a crypto mining news publication, alleges that special instructions on his account were bypassed by T-Mobile employees, causing a breach.
Sim Swapped. Phone number ported. Thanks @TMobile
That’s at least 15 of us in the crypto community in the last week.
— Andrew Kang (@Rewkang) June 1, 2019
Typically the hacker can pull off a SIM swap scam by targeting a weakness in the two-factor authentication or two-step verification process by intercepting the second factor or step that involves an SMS text message.
Kang, however, says he was not using SMS.
“I did not have SMS for security on any device.”
“Yes special instructions were put in place. They were also bypassed by T mobile employees.”
John Caldwell, co-founder of blockchain turnkey solutions company ASG Blockchain, says his account was also compromised.
“This happened to me too. Also @TMobile – also someone in support made a poor decision to ignore instructions and allow a SIM swap. Happy to share info if needed.”
Kang says he used stringent practices to protect his accounts – to no avail.
“I had Auth based 2FA on every account I could. Telegram I had password based 2FA, but they were able to bypass via a loophole and delete my account without getting in. T Mobile had been given special instructions. Those were bypassed.”
Hi, Andrew! We take reports like this very seriously and would like to look into this ASAP. Our Executive Social Media team is here to help and would like to make sure we reach a resolution. Please DM me! https://t.co/Zr2aFKx4wI ^NicholasTomchik
— T-Mobile Help (@TMobileHelp) June 1, 2019
In a series of responses, T-Mobile says it has the interest of its customers and privacy in mind.
“All of our processes are designed to make sure your account is secure and looking exactly how you want. Our team is here 24/7 if we can help you with any account questions.”
Management consultant and Ethereum community member Aftab ‘DCinvestor’ Hossain suggests that T-Mobile issue a statement to address new allegations of SIM swapping and to explain best practices for customers.
“At this point, I suggest you issue a statement to the crypto community explaining what breaches of policy allowed for these SIM-jackings, along with formal guidance on what customers can do to avoid it.”
Cybersecurity company Kaspersky says wide-scale SIM card fraud is on the rise.
Users can follow various practices to avoid getting scammed.