Issue #12

Cybercriminals Offer $300 per SIM Swap

Ahoy there, fellow Netizens! This week, let’s talk about how cybercriminals are bribing employees of major cell carriers to carry out SIM swaps.

What is a SIM swap?

First, a bit of background. A SIM swap allows an attacker to steal your phone number. It happens when a cybercriminal convinces your cell carrier to transfer your number to their phone, meaning all your calls and texts go to them.

If you receive 2-factor authentication (2FA) codes via text, then a SIM swap is one way cybercriminals can bypass your 2FA and hijack your account. This can have devastating consequences. For example, earlier this week a California man reported losing $21,000 thanks to a SIM-swap that allowed hackers to hijack his bank account.

Cybercriminals offering $300 per SIM swap

Cybercriminals can successfully pull off a SIM swap by either convincing your cell carrier they are you or by bribing employees to do it.

Earlier this week, The Mobile Report reported that T-Mobile employees “from all over the country” have been contacted via text and offered $300 for each SIM swap they perform. Bleeping Computer also reported that Verizon employees have been receiving the same offer.

This could easily lead to an increase in SIM swap attacks if employees at T-Mobile and Verizon want to make some extra money.

Switch to more secure methods of 2FA

If you receive 2FA codes sent via text, now is an excellent time to switch to a more secure form of 2FA, like an authenticator or a security key.

An authenticator is an app that generates one time codes on your phone, similar to the codes that are sent via text. However, a SIM swap won’t allow attackers to gain access to the codes generated by your authenticator.

A security key is a small device you plug into your computer and tap to authenticate. As it’s completely separate from your phone, a SIM swap won’t affect a security key at all. Security keys are also phishing resistant and won’t allow you to log in on a phishing site, which is another benefit of using them.

If you want to learn more about these methods of 2FA, you can check out my guide to authenticators, as well as my tutorials for setting up security keys on X/Twitter and Discord (the setup process will be similar at other services, too).

You can also always drop me a line if you have questions as I’d be happy to help!

Until next time, stay safe out there!