In a nutshell: T-Mobile employees across the country are being tempted with cash offers via text message to perform illegal SIM card swaps. The anonymous texters claim to have gotten a target’s number from the T-Mobile employee directory, and offer up a $300 cash reward for each SIM card swap performed. Interested parties are encouraged to reply and do business over encrypted messaging platform Telegram.
The texts reportedly come from different numbers across multiple area codes, making them more difficult to trace or block. The Mobile Report points to multiple Reddit posts and tips from readers regarding the matter.
SIM card swapping is a scam in which a bad actor convinces a service provider to switch a victim’s service to a SIM card that they control. The attacker can then use the hijacked line to infiltrate other valuable accounts like crypto wallets or bank accounts.
SIM swapping can be quite lucrative. In 2018, a 20-year-old was arrested and charged with hacking more than 40 phones and stealing $5 million in cryptocurrency.
If the phone numbers are indeed being sourced from a T-Mobile employee directory, it could mean a few things. Perhaps we’re looking at yet another data breach. Worse yet, it may mean the attackers have constant access to the directory, suggesting an inside job.
It’s worth noting that some of the people contacted for the illegal work are former T-Mobile employees that haven’t been with the company for months, perhaps pointing to a dated list. The Mobile Report said at least some of those contacted are third-party employees, but confirmed that current corporate staffers have also received offers.
When reached for comment, T-Mobile told the pub it did not experience a system breach. Nevertheless, the carrier is continuing to investigate the matter, adding that “we understand other wireless providers have reported similar messages.”
The strategy isn’t just a problem for T-Mobile, but its customers as well. Knowing that your carrier is being targeted by this type of attack would be unnerving and as The Mobile Report points out, it’s conceivable that at least some of the employees could take the attackers up on their offer to make some quick cash.
Image credit: Andrey Matveev