Robert Ross was sitting at his San Francisco office in October 2018 when he noticed that his phone coverage had disappeared and he had no cellular coverage, a few hours later he lost a million dollars.
Ross has become a victim of a SIM hack, an attack that occurs when a hacker gets the victim’s phone number and transfers it to a phone control they control. Ross told CNN in an interview that by seizing his mobile phone number, a hacker had access to his email address and ultimately his savings.
Ross recalled, “I was at home on my desk and noticed a notice on my iPhone to request a withdrawal from one of my financial institutions, and I thought,” This is strange, I did not ask to withdraw funds. ”
Cyber security violations in recent years have become so common that it is almost universally recognized that some consumers’ information has been compromised at some point. The list of big data violations includes a major hotel chain, a credit reporting company, a bank and a social network. Although the hacks are less widespread, they may be more destructive.
Cell phone hijackings have targeted people with money stored on crypto exchanges. According to a report by the investigators, Ross had nearly a million dollars when he was attacked.
A suspect in the Ross case was arrested, as the hacker contacted the mobile provider for Ross, AT&T, and succeeded in convincing the service provider that he was Ross and asked for a new chip to reach the address the hacker put.
How to protect yourself from penetration of the SIM card?
If the hacker got your phone number is only the first step, think about everything you do on your phone and everything related to your phone number. For example, when you forget your email passwords or have difficulty accessing your online bank accounts, many services send you a text message with a code to help verify your identity, which is a form of multiple or two-factor authentication.
When a hacker gets the phone number he will likely have the ability to log in to the victim’s social media and other accounts using the password recovery features via text messages.
CNN asked that the four major telecom companies in the United States about the steps their customers could take to protect themselves from penetration of the SIM card, and while all of them offered some options, few seemed to have a viable solution.
A spokesman for Etisalat Sprint told CNN that “We strongly encourage our customers to protect their passwords and update them regularly, and not to share account details, names or other personal information with a third party without verifying that the request came from a trusted source.”
A spokesperson for AT&T said that the company recommends not to use mobile phone numbers as a single source of security and authentication, as the company encourages customers to add additional security measures to their accounts, such as creating a password.
While a Verizon company spokesman said that it provides customers with a “Port Freez” service that prevents their numbers from being transferred to another network.
A T-Mobile spokesperson referred to a post on the company’s website explaining what its customers could do in the event of an “account fraud”, the company said it would “work with clients individually to implement additional security measures.”
More than a year after his SIM card was hacked, Ross is still in search of justice, and he is suing AT&T for allegedly failing by the company to protect his “sensitive and confidential account data” that resulted in “gross breaches” of his privacy and “Theft of more than a million dollars,” according to the lawsuit.