Category Archives: SIM Hijacking

Hackers breached Twitter accounts by targeting employees by phone

Posted on by

Twitter says the people who took over the accounts of high-profile users in order to launch a bitcoin scam used tactics focused on phones to trick company employees into giving them access. The attackers targeted a “small number of employees through a phone spear phishing attack,” Twitter said in a statement Thursday. Not all the affected employees had access to account management tools, the company said, but hackers used their credentials to gather information about Twitter’s internal processes. They then used that reconnaissance data to inform attacks on Twitter personnel with deeper access. “This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” the company said in a blog post. The update clarifies some of the events around a July 15 breach in which attackers took over accounts belonging to former president Barack Obama, Amazon chief […]

The post Hackers breached Twitter accounts by targeting employees by phone appeared first on CyberScoop.

Continue reading Hackers breached Twitter accounts by targeting employees by phone

Europol busts up two SIM-swapping hacking rings

Posted on by

What a nightmare: your phone goes dead, and you can’t log into your bank account because it’s controlled by a hacker who’s draining you dry. Continue reading Europol busts up two SIM-swapping hacking rings

European police nab 26 suspects in SIM swapping dragnet

Posted on by

Police in Europe have arrested 26 people in an effort against two gangs of scammers who would take over victims’ phones, then steal financial and personal data from the devices. Law enforcement in Spain and Romania, in coordination with Europol, arrested 12 and 14 people, respectively, in actions against two distinct groups of SIM swappers, Europol announced Friday. SIM swapping occurs when thieves convince phone companies to give them access to an individual’s phone number, often by impersonating the victim during a call with a customer service representative. This grants attackers access to incoming phone calls, text messages and credentials like one-time codes that various sites send via text as part of the two-factor authentication process. The group in Spain stole more than €3 million ($3.34 million) in a series 100 attacks, Europol said. In each instance, the group walked off with between €6,000 ($6,700) and €137,000 ($153,000) from hacked bank […]

The post European police nab 26 suspects in SIM swapping dragnet appeared first on CyberScoop.

Continue reading European police nab 26 suspects in SIM swapping dragnet

Google will now accept your iPhone as an authentication key

Posted on by

Google has updated its Smart Lock to let iOS users security-dongle-ize their iPhones. Continue reading Google will now accept your iPhone as an authentication key

Twitter, tightening security, stops requiring phone numbers for authentication

Posted on by

Twitter says it will allow users to remove their phone numbers from the secure login process, a move that has triggered widespread praise from the security community. Users can now use a one-time code, an app or a physical security key to as a second factor of authentication into their account. Before Thursday, Twitter customers trying to login in a secure way only could enter their username and password, then ask the site to send them an SMS message to verify their identity. The company also forced users who did use a third-party authentication app to use their phone number to sign up. Facebook announced in May 2018 it would stop requiring phone numbers for multi-factor authentication. Now, amid a growing body of evidence hackers can subvert text-based authentication, Twitter is expanding its options. We’re also making it easier to secure your account with Two-Factor Authentication. Starting today, you can […]

The post Twitter, tightening security, stops requiring phone numbers for authentication appeared first on CyberScoop.

Continue reading Twitter, tightening security, stops requiring phone numbers for authentication

Alleged SIM-swappers charged in $550,000 cryptocurrency scam

Posted on by

The U.S. Department of Justice charged two men on Wednesday in connection with a two-year-old scheme in which they allegedly stole victims’ phone numbers to steal hundreds of thousands of dollars worth of cryptocurrency. Two Massachusetts men, Eric Meiggs and Declan Harrington, tried to steal more than $550,000 in cryptocurrency from at least 10 victims throughout the U.S. since November 2017, according to the indictment. The two men were arrested Thursday and charged in U.S. District Court in Boston. The scheme relied on convincing cell phone carriers to pass on phone numbers from the SIM card in victims’ phones to SIM cards in phones the suspects controlled. Thieves allegedly targeted executives at cryptocurrency companies, and other individuals that had access to large amounts of cryptocurrency. Upon taking control of victims’ phone numbers, scammers then would pose as those individuals, access their email, social media and cryptocurrency accounts to reset passwords or credentials, and steal funds. […]

The post Alleged SIM-swappers charged in $550,000 cryptocurrency scam appeared first on CyberScoop.

Continue reading Alleged SIM-swappers charged in $550,000 cryptocurrency scam

Apple iOS 13, Venmo Scams, Simjacking Attacks

Posted on by

You’re listening to the Shared Security Podcast, exploring the trust you put in people, apps, and technology…with your host, Tom Eston. In episode 87 for September 22nd 2019: Everything you need to know about Apple iOS 13, Venmo scams you n… Continue reading Apple iOS 13, Venmo Scams, Simjacking Attacks

Hackers allegedly stole $2.4 million in cryptocurrency in a six-month SIM hijacking spree

Posted on by

Nine people were charged with crimes related to stealing more than $2.4 million in cryptocurrency by hijacking victims’ mobile phone numbers, the U.S. Department of Justice said Thursday. Six men from throughout the U.S. and one from Ireland were named in an indictment unsealed Thursday alleging wire fraud, conspiracy to commit wire fraud, and aggravated identity theft. Stealing mobile phone numbers, also known as SIM hijacking, typically involves hackers posing as their victim in order to transfer a phone number from one device to another. Once an attacker is granted access to the phone number, they can bypass two-factor authentication that relies on one-time codes delivered via SMS messages. The Justice Department indictment alleges that members of the group, known as “The Community,” bribed customer support representatives to provide phone numbers, then used the numbers to subvert two-factor authentication and infiltrate a victims’ accounts, changing their passwords along the way. Three […]

The post Hackers allegedly stole $2.4 million in cryptocurrency in a six-month SIM hijacking spree appeared first on CyberScoop.

Continue reading Hackers allegedly stole $2.4 million in cryptocurrency in a six-month SIM hijacking spree