The plaintiff, Michael Terpin, sued AT&T last year alleging that hackers were able to change the password to his cell phone remotely either with the assistance of AT&T employees or through the company's negligence, and as a result, he lost millions of dollars worth of cryptocurrency.
The judge dismissed most of the claims in a recent ruling but left the door open for amending the petition to include more information that might allow the claims to be reinstated.
But what the heck is a sim swap? The FTC has a short tutorial at SIM Swap Scams: How to Protect Yourself:
So how do scammers pull off a SIM card swap like this? They may call your cell phone service provider and say your phone was lost or damaged. Then they ask the provider to activate a new SIM card connected to your phone number on a new phone — a phone they own. If your provider believes the bogus story and activates the new SIM card, the scammer — not you — will get all your text messages, calls, and data on the new phone.
The scammer — who now has control of your number — could open new cellular accounts in your name or buy new phones using your information.
Or they could log in to your accounts that use text messages as a form of multi-factor authentication. How? Because they’ll get a text message with the verification code they need to log in.
They suggest ways to avoid being a victim:
Don’t reply to calls, emails, or text messages that request personal information.
Limit the personal information you share online.
Set up a PIN or password on your cellular account.
Consider using stronger authentication on accounts with sensitive personal or financial information.
It's a jungle out there.
------
4:13 PM 11/16/2019
Comments