May 14, 2019

Wireless insiders charged in phone-access scam

hand putting a SIM card into a phone

SIM card. Photo: Paul Zinken/picture alliance via Getty Images

The Department of Justice filed charges against a Verizon employee and 2 employees of stores selling AT&T service for using their access to hijack customer accounts.

Why it matters: Especially in the AT&T case where the accused were employees of a contractor and not AT&T itself, the cases raise questions about companies' ability to control employee behavior when the workers are able to steal data or funds from a customer.

Background: The scam, known as SIM-swapping, involves hackers breaking into victim's cellphone accounts to reset passwords on other accounts.

  • From there, the hijackers can reset passwords on email, bank and other accounts that allow a phone number to serve as a form of identification.

Details: The 3 employees charged join 6 people who were indicted last week, all connected to a SIM-swapping ring.

  • Those charges came a day before bitcoin investor Michael Terpin won $75 million in a lawsuit against a SIM-swapping criminal who stole millions from his cryptocurrency wallets.
  • Axios Codebook profiled Terpin in September as he launched lawsuits against AT&T for allowing employees and contractors to transfer accounts without following security procedures advertised to customers.
Go deeper