20.5k unique visitors in the last 3 days

T-Mobile Staff Receive SMS Messages Offering $300 Per SIM Swap

Telcos have often played down the significance of breaches of employee data. They should be talking about controls to stop employees colluding with fraudsters.

Regular Commsrisk readers will not be surprised to hear that criminals bribe telco staff to execute SIM swaps. This website has been saying for years that the notion of ‘hacking’ systems to execute SIM swaps is a story pushed by journalists and encouraged by telcos because it is both sensationalizes crime whilst shifting the focus away from more fundamental issues that telcos do not want to deal with. Those issues result from a combination of factors:

  • The richest customers of telcos have the same security protecting their phones as the poorest customers, even though hijacking a phone account is often a stepping stone towards an enormous payday for criminals targeting cryptocurrency investors and other individuals holding large amounts in online accounts.
  • Many staff at telcos and their retail dealers who earn a moderate or low income have access to systems that can execute the replacement of a SIM.
  • Loose data security and repeated breaches mean the criminal fraternity have obtained long lists of employees they can attempt to bribe.

It is not difficult to join the dots from a slew of previous stories on this website.

Now the scale of the problem has reached the point where the press are instead choosing to sensationalize the truth: criminals openly offer payment to telco staff willing to execute SIM swaps on command. A series of other publications have repeated a story first published by The Mobile Report:

According to multiple posts on Reddit, as well as separate individuals sending us tips here at The Mobile Report, T‑Mobile employees from all over the country are receiving texts offering them cash in exchange for swapping SIMs.

It says something about the low quality of anti-fraud collaboration that there will be anti-fraud associations that will treat this as news. The essence of this story is that so many telco staff are being offered bribes by criminals that some of the more honest ones are discussing what they were offered on social media.

The texts offer the employee $300 per SIM swap, and asks the worker to contact them on telegram. The texts all come from a variety of different numbers across multiple area codes, making it more difficult to block.

The mind boggles at the thought that one solution might involve blocking the phone number used to offer bribes. Blocking is a desperate method of last resort. It addresses one symptom of crime, not its root cause. SIM swappers can make huge amounts of money, but the tools of their illegal trade are cheap. The police officers who naively relocated Arion Kurtaj to a hotel room for his own safety because of threats of reprisals from other criminals were shocked to discover Kurtaj had walked from his hotel room to the shopping mall next door, where he purchased a mobile phone and other equipment needed to keep committing crimes. Kurtaj had previously offered USD20,000 bribes to accomplices who helped him steal cryptocurrency; why would anyone assume he lacked the funds to buy more phones if he wanted them?

I did not initially want to repeat the story of SMS messages offering bribes to employees of T‑Mobile US because it is not news. Employees of every telco are offered bribes. I know this because criminals inevitably repeat techniques that have previously proven successful, and there are obvious reasons why criminals can make a lot more money than they spend if they bribe insiders to perform SIM swaps. I relented and decided to run this story when I saw how many had already repeated it. Attitudes to this story reveal some of the reasons why criminals can be so successful. It is not news that SIM swappers offer bribes to telco insiders, just as it is not news that car thieves break the windows of cars that have valuables on display, and it is not news that shoplifters prefer to target stores that offer no resistance to them openly plucking what they want from the shelves. The facts can be worth reiterating because the public needs to be informed. However, telcos should already know and understand that SIM swap fraud is real, that customers are suffering as a result, and that insiders are often involved. Telcos should know this already, so the real news would be learning what they intend to do about it.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email