Hackers Circle as Individual Investors Pour Cash Into Crypto

(snip)

Criminals have a history of stealing money from wealthy or well-known crypto investors through SIM swaps, or switching a phone number from one device’s subscriber identity module to another. But the crypto boom among mom-and-pop investors has led hackers to increasingly circle targets like Ms. Maguina, according to cybersecurity experts, lawyers and law-enforcement officials.

The attacks on small investors have sparked legal battles with cellphone carriers, led customers to change plans and pushed some telecom companies to tweak security measures. Law-enforcement agencies are trying to team up across jurisdictions in response to a broadening pool of potential victims. The Federal Communications Commission is honing rules for wireless carriers aimed at limiting SIM-swap fraud, proposing tighter restrictions on how they switch numbers between devices and carriers.

Some wireless companies say federal rules could make matters worse for consumers AT&T Inc. on Monday said the agency’s proposed regulations could give hackers a blueprint for attacks and add friction for legitimate customers who need to switch devices or carriers. AT&T said customers make hundreds of thousands of such requests a month. A fraction of 1% of them—potentially totaling thousands—are fraudulent, the company said. The company warned against some measures floated by the FCC, such as notifications to phone users of SIM-swap requests and potential 24-hour delays to execute them. Customers conduct SIM swaps when they take their numbers to new phones, while the related act of “porting out” switches numbers to different carriers. Hackers can impersonate phone users with various types of account information or personal data, said Kevin Lee, lead author of a 2020 Princeton University study on SIM swaps.

(snip)

AT&T told the FCC that it uses data-analytics tools to gauge the risk of postpaid customers’ SIM-swap requests. A spokesman for Verizon said it requires postpaid customers to use a one-time passcode when attempting to switch to another carrier. T-Mobile allows customers requesting SIM swaps by phone to use their account PIN, a one-time passcode or two-factor authentication, a representative said. The firm discontinued the use of logs showing recent incoming or outgoing call numbers in its authentication process following the Princeton study. US Mobile, an upstart New York-based carrier with about 150,000 customers, has prohibited SIM swaps by phone and directs customers to its app, where it can vet their internet-protocol addresses and biometric data, Chief Executive Ahmed Khattak said.

(snip)

Amid mounting complaints, the FCC in September proposed regulations mandating wireless companies verify users’ passwords or send one-time passcodes. The rules would also require companies to tighten procedures for changing lost or stolen passwords, and restrict what data employees could divulge by phone or in stores. An official for the FCC, which warns that consumer data breaches can give fraudsters information they need for SIM swaps, said the rule making could take several months.

More..

https://www.wsj.com/articles/hackers-circle-as-individual-investors-pour-cash-into-crypto-11637499603 (subscription)

=====

I just post the story. I have no idea what it is about..