In a proactive move to safeguard consumers from emerging digital threats, the U.S. Federal Communications Commission (FCC) has proposed new regulations aimed at curbing the rise of “SIM swap” and “port-out scams.”

These malicious activities have been on the rise, with fraudsters exploiting vulnerabilities in mobile communication systems to gain unauthorized access to victims’ personal and financial information.

What is a “SIM Swap” attack?

SIM swapping occurs when scammers or a bad faith actor happens to get their hands on either your phone number or your phone’s SIM card, allowing them to access your accounts or “reroute” that now stolen SIM card to a phone that is now in that scammer’s hands (port-out scam).

Once your phone number has been rerouted to that hacker’s phone, this allows them to now take advantage of a weakness in your “two-factor authentication” (2FA) and verification by using your phone number to access your accounts – ranging from your social media accounts and banking accounts to your crypto accounts/wallets, any other online website or platform that requires you to enter a username and password.

Notable examples

Over the course of the past few years, SIM swap attacks have witnessed a monumental surge, most notably in 2018 when crypto investor Michael Terpin fell victim to a $23.8 million SIM swap attack that was perpetrated by an 18-year-old living in New York named Ellis Pinsky. 

Terpin is also the co-founder of the blockchain public relations firm Transform Group, as well as the crypto investor network BitAngels.

Through his legal counsel, Terpin filed a lawsuit against his phone carrier, AT&T, alleging that the telecom giant had failed to conduct their due diligence and helped facilitate the SIM swap scheme that resulted in him losing close to $2 million in various crypto assets through negligence, breach of contract, and violation of the Communications Act.

However, a California judge just ruled in favor of AT&T after six years of pending litigation back in April, determining that there was no evidence to support Terpin’s claims. 

British hacker Joseph O’Connor, known as “PlugwalkJoe,” was sentenced to five years in U.S. prison after stealing $794,000 in cryptocurrency through a SIM swap attack in 2019. Arrested in Spain in 2021 and later extradited to the U.S., O’Connor pleaded guilty to multiple charges, including conspiracy to commit computer intrusions, wire fraud, and money laundering.

Quite a few brands and individual accounts across the Crypto and NFT space have fallen victims to these attacks over the past year as well.