Thousands of consumers hit by the insidious crime called "SIM swapping" are out millions of dollars, drained by thieves who took control of victims’ phones and accessed their financial accounts.
Because of the ongoing threat that "SIM swapping" poses to consumers, federal lawmakers are now asking whether wireless companies need to provide better protections to their customers when it comes to the technique.
Here in the Chicago area, an NBC 5 Responds viewer from Plainfield would say the answer is a resounding “yes.”
Jamie Gonzalez says he was sitting on his couch, watching his favorite TV show, when it happened: a text from an unrecognized number.
“All of a sudden I get a text from a 574 area code. I have no idea where that’s at. It just said ‘M’…I deleted it,” Jamie told NBC5 Responds. “I was afraid something weird was going on.”
Something weird was going on: Jamie’s phone was taken over by thieves who had somehow tricked his wireless provider Verizon into a SIM swap. A SIM card holds all of the information on a wireless device. It sits inside your phone, but a cell provider does not need the physical SIM card to swap all of the information onto another device.
Jamie says his phone then showed “No Service.” A sudden development followed almost immediately by startling emails to his inbox.
"Your password was changed, your Yahoo account was changed… followed by a Verizon email that said, ‘Here’s your access code, please tell this to a Verizon agent, “Jamie said. “That is when I freaked out."
Jamie says he then drove to his nearby Verizon store, where he learned his SIM card had been swapped onto an unknown person’s phone.
“Whoever got into my phone, they didn’t have a PIN number, they didn’t have an ID. They were let into my account, “Jamie said.
The FBI says SIM Swaps are a crime on the rise, and on its radar.
“I don’t want people to become paranoid that every time they see 'No Service' a SIM swap is underway. But that can be an indicator,” FBI Special Agent Ali Sadiq told NBC5 Responds.
SA Sadiq says fraudsters can trick wireless providers into a SIM swap one of two ways: by impersonating the actual user, or by bribing a company insider into doing the swap for them. And once in, they only need minutes to do damage.
“They know the clock is ticking for them. Given all the effort they’ve already put in up to this point and the potential payout they see on the horizon, one should assume they are moving as quickly as they can,” SA Sadiq said. “Minutes until they do the damage they are intending to do.”
SA Sadiq says consumers need to stop using their cell phone number as a factor in two-factor authentication to protect themselves from a SIM swap. Once thieves have control of your phone, those 2FA codes and push alerts intended to protect you go straight into their hands.
"All we can really do is make it impractical. The more complexity you add, the more impractical it becomes for the fraudster to try to break it," Sadiq said.
Back in Plainfield, Jamie Gonzalez said Verizon refused to tell him any of the details of how his SIM card was swapped. He told NBC5 Responds he was in dark about how it happened, and whether the rest of his identity was at risk.
NBC5 Responds learned that according to the federal Fair Credit Reporting Act, victims are entitled to the information involved in an identity theft incident like this one, and companies are required to give victims those details.
We asked Verizon why it has not provided Jamie Gonzalez with the details of the incident, which occurred last November. A spokesperson told us Verizon takes account security seriously, and the company continues to work with the customer to provide the required details.
Jamie Gonzalez disagrees, and says Verizon told him last December the case was closed. Jamie says that changed only after he contacted NBC5 Responds.
His request for information is now underway, according to the Verizon spokesperson.