San Francisco resident Robert Ross first realised something odd was going on when his iPhone lost its signal on 26th October.
But his cellphone signal wasn’t all that Ross had lost. Within minutes he had also lost his entire $1 million life savings, including the money he had stashed away for his two daughters’ college education.
According to media reports, prosecutors believe 21-year-old Manhattan resident Nicholas Truglia targeted the cellphones of Ross and a number of others in “SIM-swapping” attacks.
SIM swap attacks (also sometimes called Port Out scams) are where fraudsters manage to trick the customers service staff of cellphone operators into giving them control of someone else’s phone number.
This is sometimes done by a fraudster reciting personal information about their target to the cellphone company to convince them of their identity.
When an online account subsequently sends its authentication token to the user’s phone number via SMS it ends up in the hands of the criminal.
A Santa Clara County court has heard claims that Truglia used a SIM swap attack to commandeer control of Ross’s phone, and then gain unauthorised access to accounts.
It is claimed that Truglia was able, from the comfort of his swanky high-rise apartment in the heart of Manhattan, to withdraw $500,000 in each of two digital banks, Gemini and Coinbase, convert it into cryptocurrency, and move it into his personal account.
Court records claim that Truglia’s other targets included 0Chain CEO Saswatu Basu; Gabrielle Katsnelson, the co-founder and COO of SMBX (Small & Medium Business Exchange), and hedge funder Myles Danielsen.
Detectives arrested Truglia at his condo on 42nd Street on 14th November, and during a search allegedly found a hardware wallet containing $300,000 worth of cryptocurrency.
Bizarrely, this is not the first time that Truglia has made the (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/featured/sim-swap-man-charged-cryptocurrency-theft/