Now that Bob knows he has been attacked, how does he attempt to recover his identity?
Recovery from the Attack
Bob begins by trying to reach customer support centers at his financial institutions, but couldn’t reach anyone who could help.
He could find no way to quickly reach anyone at Google support after hours via phone or email.
Initially, the wireless carrier customer service center was unable to help. Being telecom savvy, Bob was persistent in escalating to get to someone who could help.
Bob had an extra SIM card in the office that he could use to move his number back to his own mobile device.
It took Bob over an hour to regain control of his phone number working with his backup SIM card.
Bob lost control of Gmail for over 2 hours before he was able to get Google to shut down his account.
Unfortunately, hacked Gmail accounts are considered poisoned by Google, and can not be recovered. With no backup, Bob lost years of emails and pictures of his family due to the incident.
The Damage is Done
While the average person may not be aware of SIM swap fraud, much less how to prevent it, Bob was fortunate in that his knowledge allowed him to quickly regain his phone number and limit his damages. He lost his Gmail account but had no financial loss and was not personally attacked. Bob is not alone. Attacks occur every day around the world.
What happens when fraudsters steal your mobile identity by committing Porting or SIM swap fraud? The following is a true real-life example of SIM swap fraud. This attack happened to “Bob”, a key employee of a security and risk prevention company.
The Fraudster Attacks
The fraudster initiated a swap of Bob’s mobile phone number to a different phone/SIM.
Bob had a pin code on his account to presumably prevent any activity with his mobile number but the wireless carrier allowed a one-time exception.
The swap was completed on a Friday night just before retail customer service centers closed allowing the fraudster more time to exploit Bob’s identity before he became aware.
Once in control of the mobile phone number, the fraudster reset Bob’s Gmail password to gain full access utilizing two-factor authentication involving a text message sent to the mobile phone.
The fraudster reset not only the Gmail password but the mobile phone number associated with the account to a different phone number, locking anyone else out of the account.
With access to Bob’s Gmail the fraudster quickly data-mined the email for banking information (e.g., US Bank, Wells Fargo, Paypal, Coinbase, etc.)
Using Bob’s email as the username to target banking and bitcoin accounts, the fraudster systematically attacked for password resets via two-factor authentication.
The Fraud is Discovered
Bob realizes he has been attacked when he can’t use his phone to make a call. Then he realizes he can’t access his email.
How does he recover?
Read our next blog “Mobile Identity Nightmare - Response”