Florida police arrested a man involved in a hacking group that used hijacked SIM cards to steal over $400,000. The hackers would use social engineering techniques to convince phone carriers to register a targets phone number to a new SIM card in their possession. The hackers would then use the phone number to gain access to the targets bank accounts and in some cases cryptocurrency exchanges. The Florida man, Ricky Joseph Handshumacher, was arrested after his mother called the cops on him when she heard him impersonating an AT&T employee on the phone.
A phone’s SIM card is a gold mine in the hacking world for breaching your accounts. Phone numbers are one of the most popular options when it comes to two-factor authentication(2FA). Say that a hacker had your phone number and wanted to reset your password on Gmail. If your phone number is associated with that email account, he will get a text message with a one time code that will allow him to change the password. Once inside, a bad actor can use your email to extract personal information that can be used to access other accounts, like Amazon, Netflix, and even your bank.
The security breach that occurred on Reddit happened due to phone numbers being used as part of the 2FA process. A safer method for 2FA is to use token-based authentication instead of your phone number. If you see a message from your wireless service provider stating that your SIM card information has been updated, assume the worst. Contact your email and bank provider and let them know you might have been the victim of a hack.
Leave a Reply
Thank you for your response.
Please verify that you are not a robot.