SIM-Card Hackers’ Phone Fraud Is Costing Mobile Carriers a Fortune; Carriers around the world will suffer an estimated $3.6 billion in losses from fraudulent account takeovers

October 18, 2013 Leave a comment

SIM-Card Hackers’ Phone Fraud Is Costing Mobile Carriers a Fortune

By Jordan Robertson October 17, 2013

tech_hacking43graph_315inline1

Wireless carriers including AT&T (T) and South Africa’s Vodacom Group (VOD:SJ) are facing a new threat: the illegal hacking of SIM cards, the small plastic chips that verify the identity of customers on mobile networks. Globally, carriers are expected to rack up $3.6 billion in losses from account fraud this year, nearly triple the amount in 2011, according to the Communications Fraud Control Association. “Attackers are definitely getting more advanced,” says Lawrence Pingree, a mobile-security researcher at Gartner. “It’s almost like stealing at a bank—going right in and doing it in person. It’s very personal.”The scammers who targeted Keith Carter were pretty sophisticated. On Aug. 12 the Atlanta resident answered a call from someone purporting to be an AT&T representative. The caller, who already knew Carter’s address and other personal information, promised him a discount on his bill in exchange for completing a customer survey. It all seemed aboveboard to Carter, who provided the last four digits of his Social Security number—the information the thief needed to access Carter’s AT&T account and reassign his SIM card to another smartphone.

The next day, Carter’s iPhone had no service. Overnight, however, his account began accumulating charges for calls to Cuba, Guinea, and Gambia. Carter got a new SIM card, yet the international calls continued—the final tally came to $2,600. He plans to dispute the charges and drop his carrier. “I thought when I got the new SIM card that the old one would be disassociated with it, but clearly this bad boy is still rockin’ and rollin’,” he says.

AT&T declined to comment on Carter’s case but said such scams are being driven by groups that profit from selling stolen cellular services through online marketplaces. “We’re working to educate our customers on how to protect their information,” said the company in an e-mail. Sprint (S) and T-Mobile US (TMUS) said they hadn’t seen this type of attack. Verizon Wireless (VZ) declined to comment.

Photograph by Alamy

In South Africa, criminals are hacking SIM cards of Vodacom customers whose bank accounts have also been compromised through other means, so they can intercept text alerts that banks send to verify transactions, says company spokesman Richard Boorman. That gives them cover to make several withdrawals without tipping off the account’s owner. While Boorman says the attacks are “extremely rare,” the carrier now sends text messages requiring confirmation of SIM-card swaps, which are routine when a customer upgrades a phone.

Mari and Candace Sawyer, two sisters who own a dessert catering business in Atlanta, say AT&T isn’t doing enough to safeguard customers. Shortly after noon on Sept. 3, a man called their mother’s phone and asked for Mari, who holds the family’s account. He had personal information, and the call appeared to come from AT&T’s customer-service line. Because it seemed legitimate, Mari supplied the last four digits of her Social Security number.

The caller wasn’t from AT&T. The number had been spoofed, a process where a call is routed through a service that makes it appear to come from somewhere else. By 10 p.m., all four phones on the family plan were dead. Hundreds of calls to Gambia subsequently appeared on their account.

The sisters did some digging online and discovered they were the victims of a scam. They filed a complaint against AT&T with the Federal Communications Commission for failing to alert them about SIM-card swaps. Emily Edmonds, an AT&T spokeswoman, declined to comment on the complaint. She directed questions to the FCC, which didn’t return a message amid the government shutdown. “It’s not right to drive by an accident where someone’s hurt, and it’s not right if your SIM card gets hacked and you don’t do something to prevent it from happening to someone else,” says Mari.

The bottom line: Carriers around the world will suffer an estimated $3.6 billion in losses from fraudulent account takeovers.

Filed under TMT Trends

Unknown's avatarAbout bambooinnovator
Kee Koon Boon (“KB”) is the co-founder and director of HERO Investment Management which provides specialized fund management and investment advisory services to the ARCHEA Asia HERO Innovators Fund (www.heroinnovator.com), the only Asian SMID-cap tech-focused fund in the industry. KB is an internationally featured investor rooted in the principles of value investing for over a decade as a fund manager and analyst in the Asian capital markets who started his career at a boutique hedge fund in Singapore where he was with the firm since 2002 and was also part of the core investment committee in significantly outperforming the index in the 10-year-plus-old flagship Asian fund. He was also the portfolio manager for Asia-Pacific equities at Korea’s largest mutual fund company. Prior to setting up the H.E.R.O. Innovators Fund, KB was the Chief Investment Officer & CEO of a Singapore Registered Fund Management Company (RFMC) where he is responsible for listed Asian equity investments. KB had taught accounting at the Singapore Management University (SMU) as a faculty member and also pioneered the 15-week course on Accounting Fraud in Asia as an official module at SMU. KB remains grateful and honored to be invited by Singapore’s financial regulator Monetary Authority of Singapore (MAS) to present to their top management team about implementing a world’s first fact-based forward-looking fraud detection framework to bring about benefits for the capital markets in Singapore and for the public and investment community. KB also served the community in sharing his insights in writing articles about value investing and corporate governance in the media that include Business Times, Straits Times, Jakarta Post, Manual of Ideas, Investopedia, TedXWallStreet. He had also presented in top investment, banking and finance conferences in America, Italy, Sydney, Cape Town, HK, China. He has trained CEOs, entrepreneurs, CFOs, management executives in business strategy & business model innovation in Singapore, HK and China.

Leave a comment