One man lost his life savings in a SIM hack. Here's how you can try to protect yourself

Article Image

Rob Ross lost his life savings when a hacker tricked his cell phone provider into an illegal SIM swap. Here's how you can protect yourself.

Posted: Mar 13, 2020 8:51 PM
Updated: Mar 13, 2020 8:51 PM

Robert Ross was sitting in his San Francisco home office in October 2018 when he noticed the bars on his phone had disappeared and he had no cell coverage. A few hours later, he had lost $1 million.

Ross was the victim of a SIM hack, an attack that occurs when hackers take over a victim's phone number by transferring it to a SIM card they control. By taking over his cellphone number, a hacker was able to gain access to his email address and ultimately his life-savings, Ross said in an interview with CNN Business.

"I was at home at my desk and I noticed a notification on my iPhone for a withdrawal request from one of my financial institutions, and I thought, 'That's weird. I didn't make a withdrawal request,'" Ross recalled. "Then I looked back at my phone and I saw that I had no service."

In recent years, cybersecurity breaches have become so common that some consumers may almost take for granted their information has been compromised at some point. The list of massive data breaches includes a major hotel chain, a credit reporting firm, a bank and a social network. But SIM hacks are both less talked about and yet potentially more devastating.

There is limited data on the prevalence of SIM hijacking nationally, but during the last year, the US Department of Justice has indicted numerous people for crimes associated with SIM swapping.

Some of the most high-profile SIM hijacks have targeted people with money stored in cryptocurrency exchanges. Ross had approximately $1 million stored in two exchanges when he was attacked, according to a report by investigators.

An arrest was made in Ross' case, and the suspect has pleaded not guilty.

The attack on Ross followed a standard SIM hack playbook: The alleged hacker called up Ross' cellphone service provider, in this case AT&T. (WarnerMedia, the parent company of CNN, is owned by AT&T.) Pretending to be Ross, the alleged hacker successfully convinced AT&T that he was Ross and took control of Ross' phone number, an investigation by authorities in California later found. That's when Ross' own phone went dark.

Ross may have been using AT&T, but SIM hijacks have been reported on all major US cell phone networks.

How to try to protect yourself against SIM swaps

Think of everything you do on your phone and everything that is associated with your phone number. When you forget your email passwords or have trouble accessing your online bank accounts, many services send you a text message with a code to help verify your identity — a form of multi or two-factor authentication.

When a hacker gets access to your phone number, they get the keys to the castle. They potentially have the ability to take over a victim's social media and other accounts by using text message password recovery features.

CNN asked the four major networks what steps their customers could take to protect themselves from SIM hacks. While all offered some options, few seem to have a solution that would provide complete peace of mind.

Sprint appears to have the most comprehensive solution, requiring customers to complete two-factor authentication in order to SIM swap. The customer must first give a PIN number or answer a security question and then provide a one-time passcode that is sent to their device via text message.

"We strongly encourage our customers to protect and regularly update their passwords, and never share account details, names, or other personal information with a third party without verifying the request came from a trusted source," a Sprint spokesperson told CNN Business.

An AT&T spokesperson said the company advises against using mobile phone numbers as the single source of security and authentication." AT&T encourages customers to add "extra security" measures to their accounts, such as creating a password.

A Verizon spokesperson said it offers customers a "Port Freeze" that will prevent their number from being moved to another network.

T-Mobile pointed CNN Business to a post on the company's website that outlines what its customers can do. In the event of an "account takeover fraud," the company said it would "work with customers individually to apply additional security measures."

Dealing with the fallout of a SIM hack

More than a year after suffering the SIM hack, Ross is still seeking justice.

He is suing AT&T for what he alleges was a failure by the company to protect his "sensitive and confidential account data" that resulted in "massive violations" of his privacy and "the theft of more than $1 million," according to the lawsuit.

"Fraudulent SIM swaps are a form of theft committed by sophisticated criminals. We are working closely with our industry, law enforcement and consumers to stop and prevent this type of crime," an AT&T spokesperson told CNN Business.

"It is unfortunate that Mr. Ross experiences this, but we dispute his allegations and plan to disprove them in court," the spokesperson added.

Minnesota Coronavirus Cases

Data is updated nightly.

Cases: 697182

Reported Deaths: 8169
CountyCasesDeaths
Hennepin1427711862
Ramsey59431953
Dakota53075503
Anoka48987486
Washington31228315
Stearns25428242
St. Louis20900339
Scott20039146
Wright18954165
Olmsted16269112
Sherburne13840106
Carver1237052
Clay936897
Rice9278125
Blue Earth888747
Crow Wing8070102
Kandiyohi753292
Chisago733858
Otter Tail689897
Benton6653102
Mower576238
Winona564852
Goodhue560581
Douglas549484
Beltrami534672
Itasca532572
Steele520221
McLeod519665
Isanti500470
Morrison478263
Nobles455650
Becker455060
Polk444575
Freeborn438142
Lyon402454
Carlton399160
Nicollet387848
Pine384026
Mille Lacs363860
Brown358244
Cass355536
Le Sueur348230
Todd333034
Meeker314049
Waseca297626
Martin271633
Wabasha25005
Dodge24865
Hubbard241941
Roseau238224
Houston211217
Redwood206642
Fillmore204510
Renville204248
Pennington196022
Wadena192927
Faribault184925
Sibley180310
Cottonwood179424
Chippewa173439
Kanabec168329
Aitkin159239
Watonwan157211
Rock142919
Jackson136112
Pope13378
Yellow Medicine128720
Pipestone126126
Koochiching125119
Swift120319
Murray117610
Stevens110011
Clearwater109218
Marshall107619
Lake94321
Wilkin91014
Lac qui Parle89424
Mahnomen7339
Big Stone7024
Grant6938
Norman6829
Lincoln6724
Kittson54222
Unassigned52893
Red Lake5067
Traverse4375
Lake of the Woods4204
Cook2150

Iowa Coronavirus Cases

Data is updated nightly.

Cases: 443535

Reported Deaths: 6420
CountyCasesDeaths
Polk69441683
Linn26618363
Scott23312265
Black Hawk19397338
Woodbury17483233
Johnson1698692
Dubuque14775221
Pottawattamie13369186
Dallas13048102
Story1211448
Warren707893
Webster6479103
Cerro Gordo6370105
Clinton635898
Des Moines618084
Muscatine5985109
Marshall586981
Sioux547676
Jasper532076
Lee529084
Wapello5230128
Unassigned50150
Buena Vista479442
Marion464086
Plymouth442185
Henry351341
Jones341159
Bremer331365
Washington330454
Crawford326844
Carroll326553
Benton325756
Boone318636
Mahaska282754
Dickinson276547
Kossuth257471
Clay255629
Jackson253844
Tama246073
Hardin244547
Buchanan244238
Delaware240143
Cedar228025
Fayette227945
Page225724
Wright221741
Winneshiek219237
Hamilton216752
Harrison205476
Madison199920
Clayton199758
Floyd195742
Butler191936
Poweshiek188837
Mills188225
Iowa185927
Cherokee184740
Allamakee181152
Jefferson178238
Lyon178041
Calhoun172213
Hancock170336
Winnebago170131
Cass164356
Louisa161651
Grundy161335
Appanoose158149
Shelby156539
Emmet153241
Franklin152224
Humboldt151626
Union149937
Sac147922
Mitchell146143
Guthrie142132
Chickasaw141618
Palo Alto134527
Clarke130226
Montgomery127940
Keokuk121332
Monroe118733
Howard118422
Ida109838
Davis105025
Greene103012
Pocahontas102623
Monona99034
Lucas98523
Adair97734
Worth9558
Osceola84717
Decatur76710
Fremont76511
Van Buren75221
Taylor73412
Wayne66323
Ringgold63027
Audubon60114
Adams4254
Rochester
Clear
68° wxIcon
Hi: 79° Lo: 55°
Feels Like: 68°
Mason City
Clear
65° wxIcon
Hi: 85° Lo: 51°
Feels Like: 65°
Albert Lea
Partly Cloudy
63° wxIcon
Hi: 82° Lo: 53°
Feels Like: 63°
Austin
Partly Cloudy
66° wxIcon
Hi: 81° Lo: 52°
Feels Like: 66°
Charles City
Partly Cloudy
68° wxIcon
Hi: 85° Lo: 51°
Feels Like: 68°
Warmup ahead of workweek
KIMT Radar
KIMT Eye in the sky

Latest Video

Image

Product shortages reminiscent of early 2020 are returning

Image

School COVID-19 policies concerning parents

Image

Why are we seeing product shortages again?

Image

Product Shortages

Image

Full Weather Forecast

Image

Sean's Weather 9/27

Image

Minnesota drivers are violating school bus laws

Image

10 Minnesota educators have now died from COVID-19

Image

CMX Chateau Movie Theater now open to the public

Image

Full Forecast 9/26/21

Community Events