Latest in Gear

Image credit:

Police expose SIM card hijacking ring

They arrested a man who used SIM swap tricks to steal cryptocurrency.
Jon Fingas, @jonfingas
August 11, 2018
Share
Tweet
Share

Sponsored Links

Thomas Trutschel/Photothek via Getty Images

There's a good chance you've had to ask your carrier for a SIM swap, whether it's to replace a faulty card or to switch to another size (say, from micro SIM to nano SIM). Crooks, however, are increasingly abusing those swaps to steal from unsuspecting cellphone users. Florida police have arrested Ricky Handschumacher on grand theft, money laundering and unauthorized computer access charges after law enforcement across the country discovered evidence of a fraud ring that relied on SIM hijacking.

Handschumacher and "at least" eight others would make phony SIM card swap requests, sometimes in collusion with carrier store employees, to tie service to a new phone that the intruders controlled. That, in turn, made it easy to rob a victim's virtual wallet -- if an account required two-factor authentication using text messages, the ring members could see the necessary code in time to use it.

The first evidence of the group surfaced in Michigan, where a mother overheard her son pretending to be an AT&T employee. Discoveries in that state led to identifying Handschumacher and the rest of the ring, which used Discord and Telegram chats to conduct business. It's not certain how long the ring had been active, but it scored as much as $470,000 in a single heist. The group had even toyed with compromising the accounts of bitcoin magnate Tyler Winklevoss, although they don't appear to have followed through.

Handschumacher has pleaded not guilty, although he reportedly confessed to participating in the ring and laundering over $100,000 in digital currency using his phone.

Regardless of the outcome of the case, the arrest suggests that SIM hijacking is becoming more of a problem in the US. It also underscores the importance of moving away from SMS in two-factor authentication. While SMS is far superior to relying solely on a password, it's still vulnerable to tricks like SIM hijacking. Apps and other alternative verification methods can prevent attackers from easily compromising your accounts using other devices, even if they have control over your phone number.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Live PlayStation 5 photos reveal a truly giant console

Live PlayStation 5 photos reveal a truly giant console

View
Microsoft releases a final preview for Windows 10's October update

Microsoft releases a final preview for Windows 10's October update

View
Verizon's $30 Unlimited Plus tablet plan offers 5G access

Verizon's $30 Unlimited Plus tablet plan offers 5G access

View
MIT algorithm finds subtle connections between art pieces

MIT algorithm finds subtle connections between art pieces

View
Sony apologizes for botched PlayStation 5 pre-orders

Sony apologizes for botched PlayStation 5 pre-orders

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr