What the most notorious case of SIM swap fraud has taught us
In this article, we will first tell you the story of one of the most severe privacy violations of our time, and then show you how we can help you prevent the same happening to you, if you have a computer network in Spokane.
Michael Terpin is a prominent cryptocurrency investor and marketer based in the United States. His phone suddenly stopped working in June 2017, losing its signal. He knew it wasn’t a good sign. Soon he learned that a hacker from Norwich, CT had gained control over his phone number, based in Las Vegas at the time. Out of the blue, the stakes suddenly became high as he was in danger of losing a cryptocurrency windfall valued at $24 million.
In a short time, the hackers took over his Gmail account, using the “Forgot Password?” feature, which allowed them access to personal info, and then to steal millions of his digital wealth. It turned out to be not as secure as Mr. Terpin believed.
Since passwords aren’t always secure enough, technology companies have been promoting an alternative way of authentication. Usually, this secondary security factor nowadays is a text message sent to a user’s mobile phone. A recent research Google has conducted showed that this authentication step can make an important difference in protecting our phone numbers. It became our final barrier against digital trespassers.
Which brings us to the most terrible part of the case. Mr. Terpin had been SIM-swapped 7 months earlier. He took it seriously, consulting relevant computer IT support. He added a security feature to his account, with a secret six-digit PIN. Moreover, he replaced the text-message step with Google Authenticator. Despite using such top security protection, his accounts STILL weren’t protected.
What is SIM swapping?
SIM swap is a type of account takeover scam that targets a weakness in the service provider’s ability to seamlessly port a phone number to a device containing a different subscriber identity module (SIM). Using the same method, hackers became able to post racist and anti-Semitic tweets to the feed of Twitter Chief Executive Jack Dorsey later in the same year.
SIM swapping is a method invented by online gamers in 2013, to steal Instagram and Twitter accounts. Though it was primarily used as a joke, some hackers realized that the tactic can be quite lucrative, if they target cryptocurrency investors. This explains why Michael Terpin became the victim.
Even though the possibility of being attacked with this kind of scam is very small, security investigators and researchers claim that it is among the most harmful ever. Ironically, it turned out that the tech industry has created another safety risk by introducing the text message authentication.
This procedure allows hackers to operate with almost a surgical precision. They can compromise any social media and bank account or cryptocurrency accounts, using the old email messages, by gathering personal details about the victim. The key factor in this operation is – speed. They operate very fast, within seconds and minutes.
Using your phone number and the “Forgot my password” tool, swappers take over your accounts. They usually start from Gmail, simply because Google allows you to reset your password as long as you control the number associated with it. When you recover your number, you still won’t be able to reset your account via text message. Another trick this digital devil pulls out is to use Authenticator, a mobile Google app. With it, even if you manage to recover your service, you can still be locked out of your Gmail.
Once they obtain information about the victim, criminals contact the mobile provider to ask the company to port the victim’s phone number to their SIM, pretending to be the victim.
Probably the most delicate fact about this type of fraud is that it is profoundly personal. Criminals can access every piece of personal information about the victim (from personal disputes to their kid’s photos), sometimes making them embarrassed to pursue charges. Most of the victims are cryptocurrency holders, but some of the SIM swap attacks are used for blackmail. It is considered to be the most hideous digital violation of privacy.
How to Protect Yourself
Though the case of Michael Terpin may discourage you, it is still possible to take steps towards super-security. It means to be able to understand different ways your account can be recovered once you forget the password. Whether you need private or business IT support in Spokane, we are always available to share advice.
- Call your carrier to add a passcode on your mobile phone account. Save it in a secure place.
- Make sure you are using different passwords for different accounts. You can also download a password manager (e.g. LastPass, Dashlane, Sticky Password, Robo Form).
- Check the ways to reset your most important accounts (such as your bank account). See how the “forgot my password” tool works on them. You are likely to find that many of them can be reset with little more than access to your email, so lock that down first.
- Add a 2 Factor code from Cycrest 2 factor system to your phone system.
For more information, don’t hesitate to contact us.
Cycrest Systems "Providing Stability and Increased Productivity to your Organization" all with our "One Call...Total Service.”