Safe Not Scammed

Cybercriminals Offer $300 per SIM swap

Published about 2 months ago • 1 min read

Issue #12

Cybercriminals Offer $300 per SIM Swap

Ahoy there, fellow Netizens! This week, let’s talk about how cybercriminals are bribing employees of major cell carriers to carry out SIM swaps.

What is a SIM swap?

First, a bit of background. A SIM swap allows an attacker to steal your phone number. It happens when a cybercriminal convinces your cell carrier to transfer your number to their phone, meaning all your calls and texts go to them.

If you receive 2-factor authentication (2FA) codes via text, then a SIM swap is one way cybercriminals can bypass your 2FA and hijack your account. This can have devastating consequences. For example, earlier this week a California man reported losing $21,000 thanks to a SIM-swap that allowed hackers to hijack his bank account.

Cybercriminals offering $300 per SIM swap

Cybercriminals can successfully pull off a SIM swap by either convincing your cell carrier they are you or by bribing employees to do it.

Earlier this week, The Mobile Report reported that T-Mobile employees “from all over the country” have been contacted via text and offered $300 for each SIM swap they perform. Bleeping Computer also reported that Verizon employees have been receiving the same offer.

This could easily lead to an increase in SIM swap attacks if employees at T-Mobile and Verizon want to make some extra money.

Switch to more secure methods of 2FA

If you receive 2FA codes sent via text, now is an excellent time to switch to a more secure form of 2FA, like an authenticator or a security key.

An authenticator is an app that generates one time codes on your phone, similar to the codes that are sent via text. However, a SIM swap won’t allow attackers to gain access to the codes generated by your authenticator.

A security key is a small device you plug into your computer and tap to authenticate. As it’s completely separate from your phone, a SIM swap won’t affect a security key at all. Security keys are also phishing resistant and won’t allow you to log in on a phishing site, which is another benefit of using them.

If you want to learn more about these methods of 2FA, you can check out my guide to authenticators, as well as my tutorials for setting up security keys on X/Twitter and Discord (the setup process will be similar at other services, too).

You can also always drop me a line if you have questions as I’d be happy to help!

Until next time, stay safe out there!

113 Cherry St #92768, Seattle, WA 98104-2205
Unsubscribe · Preferences

Safe Not Scammed

Rebecca Morris

Subscribe to my weekly newsletter to keep up with the latest hacks, scams and privacy violations, plus what you can do to protect yourself!

Read more from Safe Not Scammed

Issue #16 Is Recall Worth the Risk? Image made using Canva Ahoy there, fellow Netizens! This week, let’s talk about Microsoft’s latest controversial feature: Recall. Recall is currently available on Microsoft’s AI powered Copilot+ PCs. It allows you to retrace what you were doing on your computer up to three months ago. It does this by taking screenshots every five seconds and storing them locally on your machine, allowing you to explore them later in a timeline format or via search. While...

12 days ago • 1 min read

Issue #15 Be Wary of Google's AI Overview Image made using Canva Ahoy there, fellow Netizens! Today, let’s talk about Google’s AI Overview, which you’ll soon see integrated into Google Search. As its name suggests, AI Overview (previously known as SGE or Search Generative Experience) provides an AI generated summary of the search results for certain queries. And, to make sure you can’t miss it, Google places it right at the top of the search results page. When experimenting with AI Overview,...

26 days ago • 1 min read

Issue #14 Vastaamo Hacker Sentenced Image made using Canva Ahoy there, fellow Netizens! Before getting to this week’s story, I have a quick announcement. Going forward, I’ll be sending this newsletter out once every two weeks instead of once every week. I hope you’ll continue to enjoy the newsletters, even though they’ll be a little less frequent! Now, let’s talk about Julius Kivimäki, a 26-year-old Finnish hacker who was sentenced to prison earlier this week for his attack on Finnish...

about 1 month ago • 1 min read
Share this post