The Growing Problem of Identity Theft—Part II: SIM Swapping

The practice of SIM swapping is relatively new, having started around 2018.

Officially a “Subscriber Identity Module,” a SIM card enables you to store things like phone numbers and security information on your cell phone. This small, flat item connects a phone with its telecom company and identifies the device as yours. If you buy a new phone, you can insert your SIM card and continue using the same service unless your phone is locked to a different carrier.

A growing concern

The practice of SIM swapping is relatively new, having started around 2018. It began as a way for people to steal cryptocurrency from others but has become more organized and pervasive. The hacker does not have to physically steal a SIM card. He or she only has to pretend to be you and use your phone number to convince your provider to issue a new SIM card. Once this happens, your service will cease but the hacker goes on to use your phone number to create chaos, from intercepting important text messages to resetting your passwords. In some cases, a hacker could even get ahold of your credit card.

One victim’s experience

Avery Hartmans is a writer who discovered more than she ever wanted to know about SIM swapping. While she was on vacation in New York, another woman was visiting a Verizon store in Columbus, Ohio, pretending to be Avery. Using a fake ID, the pretender said her phone had been destroyed and asked Verizon to activate an older phone she had brought along. She provided Avery’s phone number, and the Verizon employee obligingly put a new SIM card into operation.

The shopping spree

Armed with Avery’s phone number and her Chase credit card, the pretender went shopping. Between Gucci, the Apple store, and a men’s retail shop called Psycho Bunny, she spent nearly $10,000 within a few hours’ time. But Avery had her credit card with her in New York. So, how could the hacker use that card to make physical purchases? And why did she need Avery’s phone number to begin with?

The investigation

Avery borrowed a phone to call Verizon once she discovered her service had abruptly stopped and that’s how she learned—through a series of questions and answers—that she had been SIM swapped. Verizon then deactivated the old phone belonging to the hacker and reactivated Avery’s phone. By checking her text messages, she found that Chase had sent out fraud alerts connected to each of the hacker’s big purchases. The hacker used Avery’s phone number to respond to the alerts, so the charges seemed to be legitimate, and Chase allowed them to go through—which answered the question about needing that number. It was simply advanced planning on the part of the pretender.

The card mystery

The matter of supposedly using Avery’s Chase credit card to make physical purchases was truly puzzling until a Chase investigator provided some interesting information. Avery was still using her old card, which was due to expire in a few days. Somehow, the hacker got ahold of the new card. As it turned out, this card was plucked out of the post office near Columbus that processes all the new credit cards Chase issues. Two months after Avery’s SIM-swapping incident occurred, three postal workers were charged with stealing credit cards from the mail. They passed the cards on to “shoppers” who then purchased luxury items at stores like Gucci’s. In Avery’s case, stealing the Chase card out of the mail also provided the hacker with Avery’s address, which allowed for the creation of a fake ID to show Verizon.

The way forward

Understanding SIM swapping can help us understand how this kind of fraudulent move can lead to others that can utilize personal information to devastating effect. It reminds us to be vigilant at all times. Meanwhile, if you would like to learn further details about Avery Hartmans and her unsettling experience with identity theft, click on:
https://www.businessinsider.com/credit-card-phone-theft-sim-swap-identity-theft-investigation-2023-4

Urban E Recycling can protect end-of-use items by shredding your data devices. Don’t keep your old devices around after they are out of service. Be Safe! SHRED.