Collective Intelligence Podcast, Allison Nixon on SIM Swap Fraud
By Mike Mimoso
SIM swap is a powerful fraud technique that has largely gone under the radar, despite devastating consequences to some of its victims, and losses that are quickly multiplying.
For criminals, SIM swapping is a gateway to account takeover. Attackers can either socially engineer a telecommunications provider, or recruit an insider at a telco, to transfer a victim’s phone number to a SIM card under the attacker’s control. From there, the attacker can cause all manner of havoc. For the most part, criminals will use a SIM swap to receive two-factor authentication codes in order to reset passwords and control email, online banking, and other sensitive personal accounts.
The victim, meanwhile, is left in dire straights. They often don’t know their accounts have been hijacked until it’s too late. Sometimes they are extorted in order to regain control of their accounts, or have could lose insurmountable amounts of money or personal data forever.
In this episode of the Collective Intelligence Podcast, Flashpoint Director of Research Allison Nixon discusses SIM swap in detail, walking listeners through what one of these schemes might look like, why they’re fairly effective, and what defenders at the telcom level in particular must do to shore up security in order to prevent this type of fraud.
Nixon also discusses recent indictments against nine individuals charged with wire fraud for allegedly using SIM swapping to hijack mobile and personal accounts. The indictments are important because they attach a dollar value to this type of fraud—in this case $2.4 million in stolen cryptocurrency.
Earlier this year, the first sentencing in a SIM swapping case was handed down against a 20-year-old college student, Joel Ortiz, who pled guilty and was handed 10 years in prison. Ortiz was convicted of stealing more than $5 million in cryptocurrency after he used SIM swapping to steal 40 phone numbers to enable the thefts.
“The indictments prove this capability exists and that it needs to be prioritized and dealt with,” Nixon said during the podcast. “When people are looking at the costs of fixing the system versus letting it be, when you look at the indictments and see the ridiculous dollar values and how easy it was to do, that really gets people’s attention.”
The Collective Intelligence Podcast, presented by Flashpoint and hosted by Editorial Director Mike Mimoso, features regular interviews with a diverse set of industry experts and Flashpoint analysts on the latest information security news and industry trends.
Michael Mimoso brings over a decade of experience in IT security news reporting to Flashpoint. As Editorial Director, he collaborates with marketing, analyst, and leadership teams to share the company’s story. Prior to Flashpoint, Mike was as an Editor of Threatpost, where he covered security issues and cybercrime affecting businesses and end-users.
Prior to joining Threatpost, Mike was Editorial Director of the Security Media Group at TechTarget and Editor of Information Security magazine where he won several ASBPE national and regional writing awards. In addition, Information Security was a two-time finalist for national magazine of the year. He has been writing for business-to-business IT publications for 11 years, with a primary focus on information security.
Earlier in his career, Mike was an editor and reporter at several Boston-area newspapers. He holds a bachelor’s degree from Stonehill College in North Easton, Massachusetts.