Now T-Mobile is being sued in an Alabama federal court by a customer who lost his number when the company simply handed over his phone number to a hacker claiming to be him. Once the hacker had the number, they easily accessed the plaintiff’s email and bank accounts and transferring funds out.
This is a crime that’s increasing in frequency and can cost millions to unsuspecting phone owners.
SIM-Swapping Or SIM-Hacking
Every cell and smartphone has something called a SIM card, or Subscriber Identity Module. This is the unique identifier is a small physical card that can be removed from one phone and inserted into another to move your account—and your identity—to the new phone.
The SIM card holds all of your account information, and gives you access to make phone calls, send text messages, and other functions that require an account. Without the SIM card, your phone will take pictures and need Wi-Fi to access the Internet and apps.
When a hacker decides to steal your number, they contact your carrier to have the number transferred or “ported” to another SIM card that they have. They use several methods to get enough information to credibly sound like the person they are targeting. The information is gleaned from social media, phishing emails and texts, and even the dark web.
A hacker calls the carrier and claims to have a new SIM card to activate and that the old one is lost or went with an old phone. With enough information, the customer service representative believes the account owner is calling and hands over the number to the hacker. Your own phone is disconnected, and the hacker has as much information as they need to steal money, identity, and anything else that’s accessible.
Once the hacker has this information, all emails, texts, and two-factor authorization go to their phone with your number. When you access an account from the web or elsewhere, the hacker receives those text messages with a one-time passcode. From there, all of your account information is easily accessible.
How T-Mobile Handled One SIM-Swap
T-Mobile customer Kevin Miller found himself in just such a situation. His complaint details how in April of 2021, a customer service representative (CSR) gave his number to a hacker after he’d called them to request a “port block.”
Miller received a text message on April 14th from T-Mobile regarding his customer service call that day. He had not called customer service that day but became concerned. Miller then called to ask about the text message. The CSR put him on hold and listened to the recorded message. When the CSR returned, Miller was told that the caller was not able to provide sufficient identifying information, but that a T-Mobile representative still gave the caller Miller’s confidential information anyway.
Miller also spoke to two T-Mobile supervisors on the same day. The second supervisor confirmed that someone had impersonated Miller and was attempting to steal his number via a SIM-swap. The same supervisor told Miller that they would add a block on his account to prevent an impersonator from porting the number to a new SIM card and new phone should they call again.
Sim Swap Attorneys
Two days later, on April 16, 2021, Miller lost the connection on his phone and again contacted T-Mobile. Despite the company’s assurances and a port block, a company employee ported Miller’s cell phone number to the impersonator’s phone.
The suit details what happened next: “The imposter then used his control over Miller’s mobile phone number to access his personal and financial account, including his email and his bank account.”
Once the number porting was completed, the hacker had complete access to Miller’s bank accounts and other personal information. This included his address, the names of his children and their schools. He and his wife kept their children home for a week for fears of their safety. Miller was also forced to spend “considerable time and effort” notifying all his accounts and seeking reimbursement for the money the hacker transferred out of Miller’s personal accounts.
Miller’s lawsuit alleges that T-Mobile violated the Federal Communications Act. Additionally, the suit lists allegations of negligence and wantonness. Miller is seeking punitive damages, interest, costs of the suit, and other undisclosed amounts.
Although the suit was filed in Alabama, it included citations from a similar suit filed in Northern California. In this case, the hacker accessed the victim’s account and stole his life savings of $1M within 45 minutes. This case was recently settled.
Recognizing SIM-Swapping and Recovering Your Money
The most obvious sign is that your phone no longer makes phone calls or access apps or the web on cell service, and only works on Wi-Fi. Your first thought might be wondering if you’ve paid your phone bill. But by then, it’s too late. Notices from your carrier indicate that your SIM was activated elsewhere. Your SIM card has been deactivated, your number changed, and a hacker is using access.
Prior to a non-working phone, if you see social media postings in your account that you don’t recognize, someone has likely accessed your account and is posting as you.
You may also see transactions that you don’t recognize in bank and credit card account, which are also signs of a SIM-swap.
Contact Silver Law Group If You Lost More Than $25,000 in a Sim Hack
Silver Law Group is a nationally-recognized law firm with vast experience assisting victims of fraud. Scott Silver, Silver Law Group’s managing partner, is the chairman of the Securities and Financial Fraud Group of the American Association of Justice.
Our attorneys are admitted to practice in New York and Florida and represent investors nationwide. Most cases are handled on a contingent fee basis, meaning that you won’t owe us until we recover your money for you. Contact us today at (800) 975-4345 for a no-cost consultation.