Man's $1M Life Savings Stolen as Cell Number Is Hijacked - NBC10 Boston
NBC10 Boston Responds

NBC10 Boston Responds

Responding to your consumer needs and connecting you to your money

Man's $1M Life Savings Stolen as Cell Number Is Hijacked

Carrier workers bribed or tricked into helping hackers

Find NBC Boston in your area

Channel 10 on most providers

Channel 15, 60 and 8 Over the Air

    processing...

    NEWSLETTERS

    Man's $1M Life Savings Stolen As Cell Number is Hijacked

    Hackers are exploiting a system designed to make your financial, social media, and e-mail accounts safer. Security experts recommend everyone take action now to protect themselves. Consumer investigator Chris Chmura reports. (Published Friday, April 26, 2019)

    Rob Ross freaked out.

    One minute, the San Francisco man’s investment accounts added up to a million dollars; the next moment they had a zero balance.

    "I was devastated," he said. “It was about 90 percent of my net worth.”

    Ross was a victim of the “SIM Swap Scam.” His story is a warning for everyone. If you have a mobile phone, you are a potential target in this fraud.

    Astronauts Make History With NASA's First All-Female Spacewalk

    [NATL] Astronauts Make History With NASA's First All-Female Spacewalk

    American astronauts Jessica Meir and Christina Koch made history Friday with NASA's first all-female spacewalk. The astronauts walked outside the International Space Station to replace a faulty battery.

    (Published Friday, Oct. 18, 2019)

    Thieves have hacked this extra layer of protection known as two-factor authentication. You’ve probably seen "2FA" in the form of a message from your bank account, social media, or email provider suggesting something along the lines of “adding a phone number adds security.”

    But thieves have hacked it.

    First, they hijack your mobile phone number. At that point, your email, social media, and financial password reset codes go to them. And that's all they need to take control of all those accounts and steal from you.

    “They don’t care about the damage they are doing to other people’s lives,” Ross said.

    The scam starts when your cellphone suddenly shows “No Service.” After Ross discovered that message on his phone, he contacted his carrier.

    “AT&T said there had been a SIM swap request,” Ross said. “I had never heard the term SIM swap.”

    South Philly Explosions Seen from Inside the Facility

    [NATL-PHI] Philadelphia Refinery Explosions Seen From Facility Cameras

    Cameras inside the Philadelphia Energy Solutions refinery caught on video the massive blasts early June 21 from just yards away. Here is what explosions of hundreds of thousands of pounds of explosive chemicals looks like up close. The video is from Philadelphia Energy Solutions, via the U.S. Chemical Safety Board.

    (Published Thursday, Oct. 17, 2019)

    The SIM is the small card that contains your phone number. When the hackers got Ross’s carrier to swap his number off his SIM and put it on their phone, they redirected Ross’s calls and text messages. And that’s all the hackers needed to clear him out.

    “My worst fears were being played out in real time,” he said. “They traded the money into bitcoin and then they withdrew it all.”

    We searched our nationwide database of consumer complaints and found viewers around the country complaining of the same SIM swap scam.    

    “Why would they take control over my phone number,” asked a New York woman whose credit was compromised after a SIM swap. A viewer near Los Angeles lost money just as quickly as Ross did. “They stole $4,000 in less than 2 minutes,” she wrote.

    Law enforcement sources estimate 1,000 victims, conservatively.

    We wondered how hackers are gaining access to so many people’s wireless accounts to swap SIMs. We found Trickery and bribery.

    Tentative Deal Reached Between UAW and GM

    [NATL] Tentative Deal Reached Between UAW and GM

    A tentative deal between General Motors and the United Auto Workers has been reached and could bring an end to a strike which began in September.

    (Published Wednesday, Oct. 16, 2019)

    We pulled records for a few SIM Swap cases that are in court. They show one hacker simply "pretending to be an AT&T agent" on the phone with AT&T to access a target’s cellular account and hijack their number.

    Other hackers in online chats brag of paying off carrier salespeople or call center workers with a few bucks or even a small bag of pot. Hackers call them “plugs.” One hacker wrote, “My Sprint plug is legit.”

    Ross fears low level carrier employees, some of whom are overseas, are too easily compromised into swapping SIMs.

    “A lot of people," he said, "are susceptible to bribery.” Ross said the world's wireless carriers need to step up. “To my knowledge, [the carriers] are not doing anything.”

    We asked AT&T, Verizon, Sprint, and T-Mobile how they’re combatting unauthorized SIM swaps. AT&T said in a statement, “We continually look for ways to enhance our policies and safeguards to protect against these sorts of scams.”

    Verizon recommended users put an administrative block on their account. T-Mobile offered the same solution plus an account PIN. Sprint’s website also suggests a PIN for any changes to your service or SIM.

    But court records we covered show at least one SIM swapper’s “plug” simply handing it over.  

    “[The plug] just gives me the PIN,” one hacker wrote.

    Justin Dolly, chief security officer at a cybersecurity firm SecureAuth, told us wireless carriers track their workers at almost every turn. So now they need to cross reference that big data with unusual transactions and weed out whoever is assisting scammers.

    “The information is there," he said. “There’s definitely some responsibility that they need to take."

    So, what do you do about those password resets by text that can open the door for hackers? Consider some changes, right now.

    Ask your bank, brokerage, email, and social media companies if they can send unlock codes via email, not SMS. Or, text them to a secondary number — like Google Voice — instead of your cell.

    Death Toll, Damages Climb From Typhoon Hagibis

    [NATL] Death Toll, Damages Climb From Typhoon Hagibis

    The death toll from Typhoon Hagibis climbed to 53 on Tuesday, days after it tore through Japan and left hundreds of thousands of homes wrecked, flooded or out of power. Hagibis caused more than 200 rivers to overflow when it hit the island nation on Saturday.

    (Published Tuesday, Oct. 15, 2019)

    Dolly endorsed that idea.

    “You’re one more hop away from the hacker, and they might not be able to reach you there,” he reasoned.  

    Ross launched a website, StopSIMcrime.org, to raise awareness of the SIM Swap Scam. The site warns people that your phone could one day read “No Service.” And then, no matter how much or how little money you have, SIM swapping hackers will try to steal it.

    "They don’t always know what they’re going to get until they get into the financial accounts,” Ross said. And yet, they keep trying. "They’re doing this all day long.”

    Detectives recovered some of Ross’s savings. But most of it is still missing. The accused thief is facing prosecution in Santa Clara County.

    If you suddenly see “No Service” on your cellphone, call your carrier right away — from a different phone — to see if your SIM has been swapped. If so, insist they undo it immediately. Then lock down your financial accounts ASAP. Block withdrawals. Check your balances. And report any missing money on the spot.

    If you've been the victim of a SIM swap, let us know. Call 888-996-TIPS. Or go to NBCBayArea.com/Responds.