Protect Your SIM Card: Hackers Are Targeting Your Cellphone
SIM swapping is on the rise and those with sensitive data—including lawyers—are big targets for such schemes, cybersecurity experts said.
February 08, 2019 at 11:00 AM
4 minute read
Experts say that swapping SIM cards is on the rise as hackers try to gain access to a phone user's finances, unbeknownst to those users.
SIM (subscriber identity module or subscriber identification module) cards are the small smart cards that contain information identifying a specific phone network that allows the user to use most functions on their device. Hackers are contacting a target's cellphone carrier, answering simple security questions and swapping the phone number associated to a SIM card they control.
“Then the perpetrator has control of that phone number for however long it takes the victim to realize their phone number has been hijacked,” explained Scott Greene, founder of Evidence Solutions Inc., a digital forensics firm.
The rise in SIM swapping is in response to many organizations requiring multifactor authentication to access accounts, experts said. For instance, along with requiring a password, a bank may also require sending a temporary passcode or hyperlink to a phone number or email address to verify the user.
“More companies have been adding multifactor; now the attackers have to find a way to bypass that,” said Joshua Crumbaugh, CEO of PeopleSec. “The path of least resistance is SIM swapping and getting their hands on that code and getting into your account.”
As companies attempt to strengthen their cybersecurity, hackers' methods will evolve, Crumbaugh added. Likewise, prosecutors across the nation have responded and announced the arrest of alleged SIM hackers.
In San Francisco, the U.S. Department of Justice indicted two men accused of SIM swapping executives of cryptocurrency-related companies and cryptocurrency investors. In January, Santa Clara County, California, law enforcement were the first in the U.S. to convict a SIM swapper after a Boston-area man pleaded no contest to using SIM swapping to allegedly steal $1 million worth of bitcoin, according to media reports.
The Manhattan District Attorney Office announced on Feb. 1 the first prosecution of SIM swapping in New York state when it indicted a 20-year-old Ohio man for allegedly stealing roughly $10,000 in cryptocurrency from three victims. Manhattan District Attorney Cyrus Vance Jr. noted in the press release announcing the indictment, “We're also asking wireless carriers to wake up to the new reality that by quickly porting [transferring] SIMs—in order to ease new activations and provide speedy customer service—you are exposing unwitting, law-abiding customers to massive identify theft and fraud.”
Indeed, the multifactor authentication process required by most companies usually only entails answering personal questions that may be easily gleaned from social media or requires access to a phone number.
“That's why they are targeting telecommunication providers,” PeopleSec co-founder Crumbaugh said. “They will allow you access to the account, with minimal information about the person.”
SIM swapping targeting cryptocurrency has made the news recently, but those contacted by Legaltech News said anyone with access to finances or sensitive data can be targets, including those in high-profile occupations such as lawyers.
“Two trends I've seen here are people who are more financially affluent, either perceived or actual, are heavily targeted,” Crumbaugh noted. “They are already a target in that regard and on top of that, it tends to be people active on social media.”
As organizations find new ways to protect users' data and hackers find loopholes for those safeguards, the cybersecurity professionals suggested using voice over IP (VoIP) or Google Voice for accounts so those accounts aren't associated with a SIM.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1Call for Nominations: Elite Trial Lawyers 2025
- 2Senate Judiciary Dems Release Report on Supreme Court Ethics
- 3Senate Confirms Last 2 of Biden's California Judicial Nominees
- 4Morrison & Foerster Doles Out Year-End and Special Bonuses, Raises Base Compensation for Associates
- 5Tom Girardi to Surrender to Federal Authorities on Jan. 7
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
