SIM swapping attacks can be devastating for their victims. Actors can bypass two-factor authentication steps, take over valuable accounts, and even indulge in a catastrophic impersonation. As much as people are nervous about this possibility, and courts are punishing SIM swapping actors harshly, telecom firms aren’t doing much to address the problem. In this context, AT&T now faces a lawsuit that is asking $1.8 million in damages, as the company is accused of not doing enough to prevent SIM swapping attacks targeting its customers.
More specifically, Seth Shapiro, a resident of California, has filed a complaint in his district’s court, demanding a trial by jury. Among his demands are the awarding of monetary damages, punitive damages, cessation of AT&T’s unsafe practices, and the introduction of safety measures for keeping confidential customer info protected. As the man clarifies, he has fallen victim to the same attackers multiple times, losing a total of $1.8 million in both cryptocurrency and cash. Shapiro was robed, extorted, threatened, and generally victimized in multiple levels. Despite his numerous reports to AT&T, the telecommunications giant declined to address the matter and conduct an internal investigation to figure out which employees participated in the fraud.
Mr. Shapiro was hacked a total of four times. After the first two incidents which took place on the same day, he got a new phone number by AT&T, only to be hijacked again after a while. According to the findings of the investigation that followed, two Arizona AT&T employees helped facilitate the SIM swapping attack and were bribed with the amounts of $4,300 and $585.25 respectively. It is evident that AT&T is not monitoring what its employees are doing with the tools that have access to, is not supervising them, and is not recognizing any liability when proof of such actions emerges.
Most probably, AT&T will now seek to agree on an extra-judicial settlement with Mr. Shapiro, and then revisit their SIM swapping protection practices. As we discussed recently, T-Mobile already offers a “NOPORT” feature that makes it very hard for malicious actors to achieve the porting of another person’s number to a new SIM card, so that could be one system to adopt. Even T-Mobile, though, is inexplicably keeping this feature a secret which says something about how telecom firms handle the rising SIM swapping threat right now.
Have you ever fallen victim to a SIM swapping attack? Let us know of the details in the comments section down below, or on our socials, on Facebook and Twitter.