Cybercriminals Offer $300 per SIM swap


Issue #12

Cybercriminals Offer $300 per SIM Swap

Ahoy there, fellow Netizens! This week, let’s talk about how cybercriminals are bribing employees of major cell carriers to carry out SIM swaps.

What is a SIM swap?

First, a bit of background. A SIM swap allows an attacker to steal your phone number. It happens when a cybercriminal convinces your cell carrier to transfer your number to their phone, meaning all your calls and texts go to them.

If you receive 2-factor authentication (2FA) codes via text, then a SIM swap is one way cybercriminals can bypass your 2FA and hijack your account. This can have devastating consequences. For example, earlier this week a California man reported losing $21,000 thanks to a SIM-swap that allowed hackers to hijack his bank account.

Cybercriminals offering $300 per SIM swap

Cybercriminals can successfully pull off a SIM swap by either convincing your cell carrier they are you or by bribing employees to do it.

Earlier this week, The Mobile Report reported that T-Mobile employees “from all over the country” have been contacted via text and offered $300 for each SIM swap they perform. Bleeping Computer also reported that Verizon employees have been receiving the same offer.

This could easily lead to an increase in SIM swap attacks if employees at T-Mobile and Verizon want to make some extra money.

Switch to more secure methods of 2FA

If you receive 2FA codes sent via text, now is an excellent time to switch to a more secure form of 2FA, like an authenticator or a security key.

An authenticator is an app that generates one time codes on your phone, similar to the codes that are sent via text. However, a SIM swap won’t allow attackers to gain access to the codes generated by your authenticator.

A security key is a small device you plug into your computer and tap to authenticate. As it’s completely separate from your phone, a SIM swap won’t affect a security key at all. Security keys are also phishing resistant and won’t allow you to log in on a phishing site, which is another benefit of using them.

If you want to learn more about these methods of 2FA, you can check out my guide to authenticators, as well as my tutorials for setting up security keys on X/Twitter and Discord (the setup process will be similar at other services, too).

You can also always drop me a line if you have questions as I’d be happy to help!

Until next time, stay safe out there!

113 Cherry St #92768, Seattle, WA 98104-2205
Unsubscribe · Preferences

Safe Not Scammed

Subscribe to my weekly newsletter to keep up with the latest hacks, scams and privacy violations, plus what you can do to protect yourself!

Read more from Safe Not Scammed

Issue #18 Why You Can’t Trust Caller ID Image made using Canva Ahoy there, fellow Netizens! This will be the last Safe Not Scammed newsletter for a while, as I’ll be going on hiatus over the summer (and potentially beyond) due to family obligations. Thank you so much for being a subscriber! I hope you’ve found the newsletters useful! Now, let’s talk about why you should never trust Caller ID… What happened to Mark Cuban? Last weekend, Mark Cuban, the Shark Tank star and co-founder of Cost...

Issue #17 This Authenticator App Did What? Image made using Canva Ahoy there, fellow Netizens! This week, let’s talk about what happened with Raivo, a popular authenticator app for iOS. Raivo’s nasty surprise Raivo users had a nasty surprise at the end of May. After updating the authenticator app, they found their 2FA codes had been deleted, locking them out of their online accounts. Mobime, the company who owns Raivo, announced they found a way for users to restore their codes if they had...

Issue #16 Is Recall Worth the Risk? Image made using Canva Ahoy there, fellow Netizens! This week, let’s talk about Microsoft’s latest controversial feature: Recall. Recall is currently available on Microsoft’s AI powered Copilot+ PCs. It allows you to retrace what you were doing on your computer up to three months ago. It does this by taking screenshots every five seconds and storing them locally on your machine, allowing you to explore them later in a timeline format or via search. While...