Sim swapping may be a new term to many, but it’s not to the rising number of criminals using it every day to try and steal money, and now cryptocurrency, from innocent people. Now, one Ohioan has become New York’s first individual charged with using the method in order to steal tens of thousands of dollars’ worth of crypto. Dawson Bakies, 20, was indicted on fifty-two charges in relation to over fifty thefts including grand larceny, identity theft, and computer tampering on his way to stealing Bitcoin and holding users to ransom.
What is Sim Swapping?
Sim swapping involves calling the chosen victim’s wireless provider and impersonating them in order to get their phone number ported over to the thief’s device. Bakies used this method to access the users’ two-factor authentication (2FA) app, allowing him to log into any number of sites and accounts, including cryptocurrency exchanges and wallets. In some cases he simply drained the funds, whereas with others he changed the password and demanded a ransom, to be paid in Bitcoin, to unlock it. Bakies, who has pled not guilty, walks in the footsteps of 20-year-old Joel Ortiz who pleaded guilty yesterday to theft of $5 million worth of cryptocurrency using the same method. Ortiz accepted a plea deal of ten years in prison for his crimes.
Minimizing the Risk
2FA has been touted as the most robust method of protecting any kind of online account, but as this case shows it is not fallible. Wireless providers have been urged for some time to increase their security measures when it comes to individuals requesting cell phone number porting, but as these cases prove their policies and procedures are not yet up to scratch. Thankfully, the number of such cases is extremely low, but the fact remains that if you are targeted there is not a lot you can do – you just have to hope that your wireless provider has strict enough measures in place to foil the hacker.
There are alternatives to mobile-based 2FA apps, such as TypingDNA for computers, but these come with their own risks, meaning that a certain element of your security will always be out of your control – your job is to make that element as minimal as possible by keeping passwords complex, secure, and hidden.