20.5k unique visitors in the last 3 days

Thieves Target Phone Numbers of Cryptocurrency Geeks

Criminals systematically acquire control of key phone numbers by duping weak call center staff.

The New York Times reports that identity thieves are increasingly using ‘SIM swap’ phone account takeovers in order to access the electronic wallets of individuals known to possess large amounts of cryptocurrency. Having taken control of a phone number, the criminals can then gain access to the victim’s online accounts by instigating password resets which rely on sending details to the victim’s phone. People who deal in cryptocurrency can be identified by information they share on social networks, and are at risk because they may hold large amounts in online accounts which are relatively easy to take over. Huge sums of money can potentially be transferred in an instant, and the dangers are heightened by the fact that cryptocurrency transactions cannot be reversed.

Per the NYT, organized criminals have systematically targeted their victims:

“Everybody I know in the cryptocurrency space has gotten their phone number stolen,” said Joby Weeks, a Bitcoin entrepreneur.

Mr. Weeks lost his phone number and about a million dollars’ worth of virtual currency late last year, despite having asked his mobile phone provider for additional security after his wife and parents lost control of their phone numbers.

The attackers appear to be focusing on anyone who talks on social media about owning virtual currencies or anyone who is known to invest in virtual currency companies, such as venture capitalists.

To my mind, this further demonstrates why the anti-fraud teams in telcos need to measure the losses suffered by customers as well as the losses suffered by the business. Though the additional security burden may increase some of the telcos’ costs, it is good for them to be associated with confirming the identity of every individual. SMS messages for one time passwords may not be a huge source of additional revenues, but telcos will benefit if everybody in society increasingly relies upon devices connected to our networks.

If the phone is a hub for many aspects of a person’s life then telcos have superior opportunities to provide products and services built upon our unique knowledge of the customer. That opportunity will be jeopardized if customers need to switch to alternative methods to authenticate themselves that lie beyond the visibility of the telco. Whatever the objectives of the criminals, SIM swapping will always be blamed on telcos who make it too easy for imposters to take control of somebody else’s phone number. This is a weakness that telcos need to address, even if we will never suffer the losses directly.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

1 COMMENT

  1. I have dealt with this type of fraud in the past and it also goes back to customers being Phished. There are a number of steps in the process which allows the fraudster to carry out the fraud, ultimately it will lead to a sim swap but if the Phishing emails are thorough enough and depending on the online services offered by Telcos, a sim swap may occur without ever getting to a ‘weak’ call centre agent. Although, Social Engineering has its part to play in this also. Banks have pushed the blame to Telcos and in some cases to Customers for not taking the proper precautions when responding to the phishing emails.

Comments are closed.

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email