SIM swap

May 18, 2018

T-Mobile Employee Made Unauthorized ‘SIM Swap’ to Steal Instagram Account

This post was originally published on this siteT-Mobile is investigating a retail store employee who allegedly made unauthorized changes to a subscriber’s account in an elaborate scheme to steal the customer’s three-letter Instagram username. The modifications, which could have let the rogue employee empty bank accounts associated with the targeted T-Mobile subscriber, were made even though the victim customer already had taken steps recommended by the mobile carrier to help minimize the risks of account takeover. Here’s what happened, and some tips on how you can protect yourself from a similar fate. Earlier this month, KrebsOnSecurity heard from Paul Rosenzweig, […]
August 22, 2018

Alleged SIM Swapper Arrested in California

This post was originally published on this siteAuthorities in Santa Clara, Calif. have arrested and charged a 19-year-old area man on suspicion hijacking mobile phone numbers as part of a scheme to steal large sums of bitcoin and other cryptocurrencies. The arrest is the third known law enforcement action this month targeting “SIM swappers,” individuals who specialize in stealing wireless phone numbers and hijacking online financial and social media accounts tied to those numbers. Xzavyer Clemente Narvaez was arrested Aug. 17, 2018 by investigators working with Santa Clara County’s “REACT task force,” which says it’s targeting those involved in “the […]
August 29, 2018

Instagram’s New Security Tools are a Welcome Step, But Not Enough

This post was originally published on this siteInstagram users should soon have more secure options for protecting their accounts against Internet bad guys.  On Tuesday, the Facebook-owned social network said it is in the process of rolling out support for third-party authentication apps. Unfortunately, this welcome new security offering does nothing to block Instagram account takeovers when thieves manage to hijack a target’s mobile phone number — an increasingly common crime. New two-factor authentication options Instagram says it is rolling out to users over the next few weeks. For years, security experts have warned that hackers are exploiting weak authentication […]
September 12, 2018

U.S. Mobile Giants Want to be Your Online Identity

This post was originally published on this siteThe four major U.S. wireless carriers today detailed a new initiative that may soon let Web sites eschew passwords and instead authenticate visitors by leveraging data elements unique to each customer’s phone and mobile subscriber account, such as location, customer reputation, and physical attributes of the device. Here’s a look at what’s coming, and the potential security and privacy trade-offs of trusting the carriers to handle online authentication on your behalf. Tentatively dubbed “Project Verify” and still in the private beta testing phase, the new authentication initiative is being pitched as a way […]