Verizon notified an unknown volume of its prepaid customers that attackers breached Verizon accounts and were able to activate SIM-swapping using the exposed last-four digits of customer credit cards. Verizon has blocked further unauthorized access to customer accounts and reset the Account Security Codes (PINs). They assured customers they had no reason to believe any malicious activity was continuing, and that any SIM-swapping that had occurred has been reversed.
SIM Swapping, aka SIM porting, in this instance is a fraudulent activity whereby malicious actors try to take over an account usually using some kind of weakness in the 2-step authentication or social engineering to redirect the account to another device. In plain English, stealing access to your SIM account and sending it to a device they can use. This is the same process phone companies legitimately use if someone loses their phone, switches service, or to recover from theft.
A Verizon customer was quoted on Bleepingcomputer.com as having experienced the SIM Swapping scam a week before Verizon notified their customers. The customer noted that the attackers attempted to use the ill-gotten information to access his crypto wallet and suspected their attempts were a combination of information gathered from the Verizon breach and an earlier Coinbase breach.
Here are our top tips for protecting yourself against SIM Swapping Scams:
- Ensure you have all the appropriate security features enabled for your service. For example, AT&T and T-Mobile both offer customers a special Number Transfer PIN that would need to be used to port the SIM to another device. These are features that need to be activated or requested and are not default.
- Try to use non-SMS multi factor authentication. For example, an authenticator app, a hardware token, or fingerprint.
- Stay alert to social engineering attacks. Be it phishing, vishing or smishing (!). Don’t give out personal information, passwords or access details. Question the legitimacy of emails, callers and downloads!
Stay smart, keep safe, and remain informed with Centraleyes Daily Cyber Intel reports.
Start Getting Value With
Centraleyes for Free
See for yourself how the Centraleyes platform exceeds anything an old GRC
system does and eliminates the need for manual processes and spreadsheets
to give you immediate value and run a full risk assessment in less than 30 days