SIM Swap Fraud

Contact a SIM Fraud Lawyer

The attorneys at Stoltmann Law Offices have years of experience representing SIM Swap victims on a contingency fee basis against these telecom giants through arbitration proceedings across the country.

Name
This field is for validation purposes and should be left unchanged.

SIM Swap Fraud

In today’s world, your cell phone is everything; it’s your connection to work, email, family, social media, entertainment, and bank and financial accounts.  The security of your mobile device is therefore increasingly important to prevent unauthorized access to your phone and to prevent take-over frauds.  We secure access to our actual phone through passcodes and increasingly through biometrics like a thumb print or facial recognition. These safeguards work pretty well.  Even if someone steals your phone, it’s not likely that they will get into it.

Hackers and thieves know this too, but they figured out years ago that they don’t need to have your phone or hack into your device to gain access to information necessary to steal from consumers. Financial institutions, social media accounts, and email accounts use a security feature called Two-Factor authentication. If you need to change your password to your email or to a bank or crypto currency account, the account will trigger a password reset process which almost always triggers this 2FA passcode. This code is sent to your cell phone through a text or SMS message, with a 6 or 8 digit one-time code that you input into your account and that allows you to access the account without the password.  Intercepting that 2-Factor Authentication code is like stealing the keys to a safe and can lead to a domino effect of financial disaster for consumers.

Before the thieves can capture those critical 2FA codes, they must first convince your mobile carrier, like T-Mobile, AT&T, or Verizon, to perform a “SIM Swap”. The bad guys get the cellular provider to execute this unauthorized SIM swap by taking advantage of poor security and authentication procedures by telecom employees and agents. Once the unauthorized SIM swap is executed, your cellular service is transferred to the phone in the thief’s possession and when he gets into your Coinbase account or email account and change security settings, change passwords, execute trades, whatever it may be, the 2FA code that verifies it is “you” goes to the thief instead. Now he is into your Coinbase account, he is into your email account, and will very quickly execute a playbook to steal from you before you will even know you lost cell-service.

Chicago Investment Fraud Attorneys Offering Nationwide Representation to Investors

If you have suffered financial losses because of the negligence or fraud of your financial advisor or broker through unsuitable investment recommendations, over-concentration, churning, misrepresenting risks, conversion or selling away, you have legal rights and options to pursue recovery of those losses.

Stoltmann Law Securities Investment Fraud Attorneys

What is a “SIM” and How Do Thieves “Swap” Them to Their Device?

A “SIM” (which stands for Subscriber Identification Module) is a chip or card in your phone that contains data necessary to connect your device to the cellular network.  Without a functioning SIM, your phone cannot connect to the cellular network or the “service” you pay for.  These SIMs can also be electronic and are called eSIMs. Almost all SIM swaps are legitimate. If you buy a new phone, lose your phone, or if your phone is damages beyond repair or lost, you obviously want to keep your phone number.  To get your new phone to work on the cellular network with your number, your mobile account needs to be transferred to the SIM in the new device – A SIM Swap.  Cellular customers request SIM swaps in three primary ways.  1) through an in-store visit; 2) over the phone; or 3) through your mobile online account.  All three of these options require the telecom to authenticate the legitimacy of the SIM swap request before executing it.

If a customer wants to transfer their mobile account and number to a new device through a SIM swap, and goes to a store to do it, the telecom employees MUST request to see valid government issues identification, like a driver’s license, before executing the SIM swap. If this is the case, then how can these SIM swaps ever be executed in a store on an unauthorized basis? The truth is a little frightening. Unfortunately, many unauthorized in-store SIM swaps take place because the phone company employees – the store manager or the in-store sales rep – are in on the scam. Sometimes they are paid off to look the other way. Other times the store employee hands over their in-store tablet and lets the crook execute the Sim swap on their own. Even worse, there is a vibrant black-market on public internet channels like Telegram where T-Mobile and other phone company manager and employee credentials are marketed and sold. These “innies” are frequently to blame for many unauthorized SIM swaps. Even though the Federal Communications Act requires the presentations of a valid ID to execute a SIM swap, this requirement is ignored or bypassed when the store employee is in on the scam.

A SIM swap can also be requested or executed over the phone or through a consumer’s online account. These online or over the phone requests still require authentication, but they require a level of diligence by the telecom employee on the other end of the phone to truly inquire with the person seeking the swap. Many times, when calling a telecom company like T-Mobile, you are actually dealing with customer service representative who works for a third-party and is likely overseas in a low-wage country like India or the Philippines. The telecom company, like T-Mobile or AT&T, are ultimately responsible for the conduct of these contracted third-parties.

One adaptation telecoms began using over the last few years to improve over the phone and internet SIM swap security, is to require the use of a One-Time-Pin (OTP) to authenticate the customer. These are delivered to the customer’s email or to a second phone-number via SMS. The reality of these OTPs however is the telecom security apparatus allows for this requirement to be overridden. So, if an employee wants to override the OTP requirement to execute an unauthorized SIM swap, she can do just that. This ability to override the OTP requirement for verification is a huge hole in these telecom’s SIM swap security and it is exploited by bad actors to execute unauthorized SIM swaps.

Consumers are being robbed blind by sophisticated crooks who use SIM swaps to gain access to 2FA codes and hack into crypto currency accounts. Crooks get into a consumer’s Coinbase account and before the account owner knows it, his password has been changed, his email blocked, and his account cleaned out usually all within minutes of the SIM swap taking place.

There are several causes of action we bring on behalf of our SIM Swap client victims. First, telecoms like T-Mobile are required by Section 222(a) of the Federal Communications Act to maintain the confidentiality of its customer’s proprietary information. The Federal Communications Commission has also promulgated several rules that require telecoms to maintain the security of what is called “CPNI” – Customer Proprietary Network Information. Disclosing CPNI on an unauthorized basis is a big problem for telecoms and is a violation of the Federal Communications Act. CPNI is broadly defined by the FCC and when your SIM is swapped on an unauthorized basis, your CPNI is accessed by the employee or bad actor because it exposes your mobile account information and credentials. Furthermore, the FCA has a broad “catch all” provision in Section 201(b) which prohibits telecoms from employing unjust or unreasonable practices, which includes deficient data security practices. There are several options to pursue under the FCA to bring a statutory claim against the telecoms.

The second cause of action we typically bring is a negligence claim. A mobile carrier like T-Mobile fails to adhere to the standard of care required of telecom carriers when they execute an unauthorized SIM swap. The duties and obligations are set forth in the FCA and its rules and regulations, industry accepted best-practices, and the mobile carrier’s internal rules and procedures for executing SIM swaps.

The third cause of action we bring is a breach of contract claim. Yes, whether you know it or not, you agreed to all sorts of contractual terms when you signed up for your AT&T account, and by using the service and paying bill every month, you are agreeing to whatever changes they make too. It doesn’t matter that you never read the 70 page “terms and conditions” and never signed it. These telecoms also include a “privacy policy” which typically makes representations about data security which we take advantage of for our clients and bring a claim for breach of contract.

If you are the victim of an unauthorized SIM swap, and your financial or crypto currency accounts were breached resulting in a theft of funds, first, call Stoltmann Law Offices for a free consultation to determine whether you have a valid claim. You should contact your telecom and inform them that you were the SIM swapped and that it was not authorized. You should alert your financial account institutions and let them know you were Sim swapped. And you should contact law enforcement. It is important to act fast, because the evidence that supports your claims against the Telecoms dissipates over time. Telecoms like AT&T only keep in-store video, for example, for so long before they’re destroyed.

When you are the victim of an unauthorized SIM swap that leads to the theft of account assets, it is scary and devastating. Many victims feel helpless because in almost every case, there is nothing law enforcement can do because these hackers are extremely difficult to track. T-Mobile or AT&T certainly will not assist you.

Contact a SIM Swap Lawyer

T-Mobile, AT&T, Verizon, or whatever company was responsible for swapping your SIM, has liability for their roles in facilitating the theft of your funds. The attorneys at Stoltmann Law Offices have years of experience representing SIM Swap victims on a contingency fee basis against these telecom giants through arbitration proceedings across the country.

Let’s Connect and Talk

Since its inception in March 2005, Stoltmann Law Offices, P.C. has dedicated its practice to representing investors in lawsuits and arbitration claims against brokers, financial advisors, investment advisors, and the companies they work for. Our Chicago investment fraud attorneys offer their clients a combined 35 years of experience fighting for investor rights from offices in Chicago, Illinois and suburban Barrington, Illinois and Downers Grove, Illinois.

The attorneys at Stoltmann Law Offices have dedicated their life’s work to representing investors who have been cheated or defrauded by those professionals they trusted with their hard-earned money and retirement savings, recovering in excess of $100 million for investors over the years.

Tell us your story

The #1 Most Trusted Investment Fraud Attorneys in Chicago

This field is for validation purposes and should be left unchanged.

Trusted Investment Fraud Attorneys Chicago IL