Man's $1M Life Savings Stolen as Cell Number Is Hijacked - NBC Southern California
National & International News
The day’s top national and international news

Man's $1M Life Savings Stolen as Cell Number Is Hijacked

Carrier workers bribed or tricked into helping hackers

    processing...

    NEWSLETTERS

    Man's $1M Life Savings Stolen As Cell Number is Hijacked

    Hackers are exploiting a system designed to make your financial, social media, and e-mail accounts safer. Security experts recommend everyone take action now to protect themselves. Consumer investigator Chris Chmura reports. (Published Thursday, April 25, 2019)

    Rob Ross freaked out.

    One minute, the San Francisco man’s investment accounts added up to a million dollars; the next moment they had a zero balance.

    "I was devastated," he said. “It was about 90 percent of my net worth.”

    Ross was a victim of the “SIM Swap Scam.” His story is a warning for everyone. If you have a mobile phone, you are a potential target in this fraud.

    Footage Shows Mom's Pleas as Baby is Rescued From Hot Car

    [NATL] Footage Shows Mom's Emotional Pleas After Baby Rescued From Hot Car

    Police released footage of a mother who said she accidentally left her 5-month-old in a car for half an hour in a Goodyear, Arizona, parking lot when she, her sister and other daughter went into the store. Officers are heard on camera saying it was about 99 degrees outside. 

    (Published Thursday, Aug. 22, 2019)

    Thieves have hacked this extra layer of protection known as two-factor authentication. You’ve probably seen "2FA" in the form of a message from your bank account, social media, or email provider suggesting something along the lines of “adding a phone number adds security.”

    But thieves have hacked it.

    First, they hijack your mobile phone number. At that point, your email, social media, and financial password reset codes go to them. And that's all they need to take control of all those accounts and steal from you.

    “They don’t care about the damage they are doing to other people’s lives,” Ross said.

    The scam starts when your cellphone suddenly shows “No Service.” After Ross discovered that message on his phone, he contacted his carrier.

    “AT&T said there had been a SIM swap request,” Ross said. “I had never heard the term SIM swap.”

    Campaign Teaches Bystanders to Save Lives During Shootings

    [NATL] 'Stop the Bleed' Campaign Teaches Bystanders How to Save Lives During Shootings

    There's a renewed push for first aid training following the recent mass shootings in El Paso and Dayton—specifically training in techniques that slow or stop heavy bleeding. The training itself is just five steps. 

    (Published Thursday, Aug. 22, 2019)

    The SIM is the small card that contains your phone number. When the hackers got Ross’s carrier to swap his number off his SIM and put it on their phone, they redirected Ross’s calls and text messages. And that’s all the hackers needed to clear him out.

    “My worst fears were being played out in real time,” he said. “They traded the money into bitcoin and then they withdrew it all.”

    We searched our nationwide database of consumer complaints and found viewers around the country complaining of the same SIM swap scam.    

    “Why would they take control over my phone number,” asked a New York woman whose credit was compromised after a SIM swap. A viewer near Los Angeles lost money just as quickly as Ross did. “They stole $4,000 in less than 2 minutes,” she wrote.

    Law enforcement sources estimate 1,000 victims, conservatively.

    We wondered how hackers are gaining access to so many people’s wireless accounts to swap SIMs. We found Trickery and bribery.

    S.C. Storm Lifts, Throws Restaurant Worker Onto Roof

    [NATL] S.C. Storm Lifts, Throws Restaurant Worker Onto Roof

    Two employees at a South Carolina restaurant were injured after a strong gust of wind from a storm lifted them into the air as they tried to secure a tent. Samuel Foster was one of the injured when he was lifted into the air and hit the gutter on the roof on his way down. 

    (Published Wednesday, Aug. 21, 2019)

    We pulled records for a few SIM Swap cases that are in court. They show one hacker simply "pretending to be an AT&T agent" on the phone with AT&T to access a target’s cellular account and hijack their number.

    Other hackers in online chats brag of paying off carrier salespeople or call center workers with a few bucks or even a small bag of pot. Hackers call them “plugs.” One hacker wrote, “My Sprint plug is legit.”

    Ross fears low level carrier employees, some of whom are overseas, are too easily compromised into swapping SIMs.

    “A lot of people," he said, "are susceptible to bribery.” Ross said the world's wireless carriers need to step up. “To my knowledge, [the carriers] are not doing anything.”

    We asked AT&T, Verizon, Sprint, and T-Mobile how they’re combatting unauthorized SIM swaps. AT&T said in a statement, “We continually look for ways to enhance our policies and safeguards to protect against these sorts of scams.”

    Verizon recommended users put an administrative block on their account. T-Mobile offered the same solution plus an account PIN. Sprint’s website also suggests a PIN for any changes to your service or SIM.

    Philadelphia Police Commissioner Has Resigned Over Mismanagement Of Sexual Harassment Allegations

    [NATL]  Philadelphia Police Commissioner Has Resigned Over Mismanagement Of Sexual Harassment Allegations

    The Mayor, Jim Kenney, said Richard Ross did not put policies in place to protect its employees from sexual harassment and racial discrimination.

    (Published Tuesday, Aug. 20, 2019)

    But court records we covered show at least one SIM swapper’s “plug” simply handing it over.  

    “[The plug] just gives me the PIN,” one hacker wrote.

    Justin Dolly, chief security officer at a cybersecurity firm SecureAuth, told us wireless carriers track their workers at almost every turn. So now they need to cross reference that big data with unusual transactions and weed out whoever is assisting scammers.

    “The information is there," he said. “There’s definitely some responsibility that they need to take."

    So, what do you do about those password resets by text that can open the door for hackers? Consider some changes, right now.

    Ask your bank, brokerage, email, and social media companies if they can send unlock codes via email, not SMS. Or, text them to a secondary number — like Google Voice — instead of your cell.

    Video Shows Man Swinging Sword During Fla. Dispute

    [NATL] Video Shows Man Swinging Sword During Fla. Dispute

    Police are looking for a man seen swinging a sword during an altercation in Florida over a trash pile.

    (Published Monday, Aug. 19, 2019)

    Dolly endorsed that idea.

    “You’re one more hop away from the hacker, and they might not be able to reach you there,” he reasoned.  

    Ross launched a website, StopSIMcrime.org, to raise awareness of the SIM Swap Scam. The site warns people that your phone could one day read “No Service.” And then, no matter how much or how little money you have, SIM swapping hackers will try to steal it.

    "They don’t always know what they’re going to get until they get into the financial accounts,” Ross said. And yet, they keep trying. "They’re doing this all day long.”

    Detectives recovered some of Ross’s savings. But most of it is still missing. The accused thief is facing prosecution in Santa Clara County.

    If you suddenly see “No Service” on your cellphone, call your carrier right away — from a different phone — to see if your SIM has been swapped. If so, insist they undo it immediately. Then lock down your financial accounts ASAP. Block withdrawals. Check your balances. And report any missing money on the spot.

    If you've been the victim of a SIM swap, let us know. Call 888-996-TIPS. Or go to NBCBayArea.com/Responds.