Woman Falls Victim to $17K SIM Card Swap Fraud Despite Two-Factor Authentication
In recent times, the convenience of mobile banking and two-factor authentication has made managing finances easier for many. However, a recent incident in Maryland highlights the growing threat of SIM card swap fraud, a scheme that nearly cost one woman $17,000, even with robust security measures in place.
SIM CARD ALERT: Sharon Hussey, who lives in Maryland, lost thousands after someone walked into a Verizon store in California & got a new sim card using her phone number. She breaks it all down. @7NewsDC pic.twitter.com/C8vKJX2wM0
— Scott Taylor : 7 News - WJLA TV (@ScottTaylorTV) January 24, 2024
Sharon Hussey of Bethesda, Md., experienced a nightmare when she received an email thanking her for a phone purchase at Verizon, a transaction she had not initiated. Minutes later, her contact information at Bank of America had been changed. Despite having two-factor authentication on her accounts, Hussey found herself helpless as her phone went dead, and $17,000 vanished from her account.
The assailants had executed a SIM card swap, a fraudulent technique where scammers convince a phone company to transfer the victim's phone number to a new device under their control. In Hussey's case, the criminals went to a Verizon store in California, purchased a new phone and SIM card, and activated them using her current phone number. The moment the new phone was turned on, Hussey's phone became inactive, leaving her at the mercy of the fraudsters.
Alex Quilici, CEO of YouMail, emphasized the alarming rise of SIM card swap scams in recent years. In 2021, the amount stolen through this method increased sixfold compared to previous years. Quilici explained that once scammers gain control of a victim's phone number, they exploit two-factor authentication to access sensitive accounts, similar to what happened to Hussey.
Hussey's experience sheds light on the vulnerability of relying solely on mobile phones for two-factor authentication. The security feature, meant to enhance protection, can ironically become a gateway for fraudsters if they gain control of the victim's phone number through a SIM card swap. In the woman's case, it took three months for Bank of America to initially deny her claim before finally reversing its decision and refunding the $17,000.
To protect yourself from SIM card swap fraud, security experts recommend several proactive measures. Consider using authenticator apps, hardware tokens, or biometric features like fingerprint or facial recognition instead of relying solely on text messages for two-factor authentication. Moreover, it's crucial to keep personal information hidden, avoid posting assets online, and be cautious about sharing sensitive details.
Quilici suggests a vital precaution: Obtain a PIN or number porting PIN from your mobile carrier. This special code, known only to you, must be provided to the carrier before any SIM card swap can occur, adding an extra layer of security to prevent unauthorized transfers.
In response to the incident, Bank of America emphasized its commitment to tackling identity theft, acknowledging the complexity of resolving such issues. Similarly, Verizon assured customers of its dedication to privacy and security, urging them to stay informed about potential fraud and social engineering tactics.
As technology evolves, so do the methods employed by cybercriminals. The lesson from Hussey's harrowing experience is clear – while technological conveniences enhance our lives, it's crucial to remain vigilant and adopt multifaceted security measures to protect ourselves from evolving threats in the virtual environment.