Thieves Target Phone Numbers of Cryptocurrency Geeks

The New York Times reports that identity thieves are increasingly using ‘SIM swap’ phone account takeovers in order to access the electronic wallets of individuals known to possess large amounts of cryptocurrency. Having taken control of a phone number, the criminals can then gain access to the victim’s online accounts by instigating password resets which rely on sending details to the victim’s phone. People who deal in cryptocurrency can be identified by information they share on social networks, and are at risk because they may hold large amounts in online accounts which are relatively easy to take over. Huge sums of money can potentially be transferred in an instant, and the dangers are heightened by the fact that cryptocurrency transactions cannot be reversed.

Per the NYT, organized criminals have systematically targeted their victims:

“Everybody I know in the cryptocurrency space has gotten their phone number stolen,” said Joby Weeks, a Bitcoin entrepreneur.

Mr. Weeks lost his phone number and about a million dollars’ worth of virtual currency late last year, despite having asked his mobile phone provider for additional security after his wife and parents lost control of their phone numbers.

The attackers appear to be focusing on anyone who talks on social media about owning virtual currencies or anyone who is known to invest in virtual currency companies, such as venture capitalists.

To my mind, this further demonstrates why the anti-fraud teams in telcos need to measure the losses suffered by customers as well as the losses suffered by the business. Though the additional security burden may increase some of the telcos’ costs, it is good for them to be associated with confirming the identity of every individual. SMS messages for one time passwords may not be a huge source of additional revenues, but telcos will benefit if everybody in society increasingly relies upon devices connected to our networks.

If the phone is a hub for many aspects of a person’s life then telcos have superior opportunities to provide products and services built upon our unique knowledge of the customer. That opportunity will be jeopardized if customers need to switch to alternative methods to authenticate themselves that lie beyond the visibility of the telco. Whatever the objectives of the criminals, SIM swapping will always be blamed on telcos who make it too easy for imposters to take control of somebody else’s phone number. This is a weakness that telcos need to address, even if we will never suffer the losses directly.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), an association of professionals working in risk management and business assurance for communications providers. RAG was founded in 2003 and Eric was appointed CEO in 2016.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press.

Related Articles

1 COMMENT

  1. I have dealt with this type of fraud in the past and it also goes back to customers being Phished. There are a number of steps in the process which allows the fraudster to carry out the fraud, ultimately it will lead to a sim swap but if the Phishing emails are thorough enough and depending on the online services offered by Telcos, a sim swap may occur without ever getting to a ‘weak’ call centre agent. Although, Social Engineering has its part to play in this also. Banks have pushed the blame to Telcos and in some cases to Customers for not taking the proper precautions when responding to the phishing emails.

Comments are closed.

Get Our Weekly Newsletter by Email