With the introduction of two security factors, telephone numbers and SMS, they became the last bastion of security for the most varied services, including banking and cryptocurrencies. Imagine that someone pretended to be you, got a duplicate of your SIM card from the operator and started to control your life! In the case we show today, the victim was left without $60,000 in cryptocurrencies.
How is it possible to obtain a SIM card without the customer asking for it?
Although this scam is insignificant in Portugal, reading and following international news, we realize that the SIM swap scam has increased. The result is easily calculable: financial accounts “dry up” in the blink of an eye.
Sepehr Tahmasebpour was a customer of Canadian mobile communications company Freedom Mobile and was about to learn that scams like SIM swaps can cross borders very easily. The man claims that Freedom Mobile delivered a new SIM card to a person pretending to be his father, the person responsible for paying his communications bill every month.
The communications company handed over the SIM card to a participant, in a scam that is becoming common in some countries.
This whole story is now public, because it ended up in court. We have to go back to January 2021, when a criminal obtained a duplicate of the young Canadian's cell phone card and, as a result, began requesting password recovery from some services.
He started by requesting the change of Tahmasebpour's email details. He then blocked the man from accessing his accounts and managed to steal $60,000 worth of bitcoins from his crypto wallet.
In 2023, the story ended up in court, as Tahmasebpour wanted to hold the media company accountable. According to his testimony in court:
This was caused by Freedom's grossly negligent actions and inactions.
This argument seems to make sense since, without the customer's true request, the company issued the SIM card.
Court does not allow communication company to be held responsible?
Reading a little about how these criminals operate in some countries, we can deduce that there are two ways of distributing fake SIM cards.
The first, the thief pays someone working for the mobile communications company to deliver new SIM cards to a person involved in the scheme. There are reports that T-Mobile employees received unsolicited text messages offering them $300 for each SIM swap they helped pass through the operator's system.
This should alarm the company and its customers!
The second way is for someone involved in the criminal scheme to pretend to be the account owner and request a new SIM card from an employee of the communications company. A bored or lazy employee may not bother to ask for an ID to verify that person's identity.
Regardless of the method used by a criminal to improperly obtain a SIM card that is subsequently used to steal financial assets, the communications company that issues the SIM card appears to bear some responsibility.
In their court filing, Tahmasebpour and his father argued that Freedom Mobile should be liable for more than $63,000 to compensate for the value of the stolen bitcoin, legal fees and punitive damages. The complaint noted that previous news coverage and police warnings should have made Freedom Mobile more cautious and more attentive to SIM swaps.
Although Freedom was armed with this knowledge, it did not take reasonable and necessary measures to prevent a similar type of attack from occurring.
Tahmasebpour's complaint reads.
According to CBC News, Freedom Mobile managed to get a British Columbia court to stay the lawsuit, saying the victim had to first resolve the matter through arbitration process provided for in the operator's terms of service.
Freedom requested a stay in the case in September, arguing that before taking legal action, Tahmasebpour and his father Alireza should first attempt to resolve the issue through an internal arbitration process outlined in their terms of service.
Both father and son claimed to have never seen, become aware of or agreed with the document.
Still, the court stayed the case, preventing the plaintiffs from being reimbursed for any funds they lost due to Freedom Mobile's negligence.
In Portugal and from our experience, operators are strict with their rules. Whether at a personal or business level, documents are requested, as well as other ways of confirming the veracity of the request for a new SIM card. But… they should never make it easy!
Tags: Criminal requested SIM swap elses stole thousands crypto
--
