22 Dec SIM Swap hacks
Hi, I should have posted sooner. I see others getting SIM Swap attacked so I wanted to add here.
I was SIM Swap attacked as well. Here are key points.
1) USE GOOGLE AUTHENTICATOR (or any authenticator). If you do, you should be OK. They were able to change my Coinbase password, but without my physical phone (this is how authenticator works), they were not able access my account.
2) FOR CASH APP, YOU ARE VULNERABLE. REMOVE YOUR PHONE NUMBER FROM YOUR EMAIL ACCOUNT. For some reason (still scratching my head), Cash App doesn’t have authenticator option. It uses a PIN to approve bitcoin withdrawals. Here’s how they stole my bitcoin.
The KEY is to hack your email. This is easy because many people use a phone number as a password recovery option. Once the hacker got control of my phone number, it was easy for them to hack into my email using the phone recovery option. Once they had control of my email, they could now do Password Recovery for a lot of other sites that I use with this email. For Cash App, once they got control of my phone number and email account, it was easy to change the PIN. Then *poof*, bitcoin is gone. REMOVE YOUR PHONE FROM EMAIL PASSWORD RECOVERY AND THE HACKER IS STYMIED.
3) REPORT TO POLICE. If you had a loss of funds, call the non-emergency line. The actual call takes less than 5 minutes. They will just ask for report. The lady stated that if they need any more info, someone will contact me. No one followed up. But this doesn’t matter so much as the fact that you now have a legal record. And you can get report copy easily. THIS IS IMPORTANT if you wish to follow other avenues (e.g., wireless carrier, etc.). I made multiple calls to my carrier (metroPCS). I was shocked that there didn’t seem to be any follow up (they should at least investigate who changed my phone number to a different device). Finally, the rep told me to send a letter, along with police report, to a fax number. They said police report is needed for them to investigate further. *shrug*, so I did.
If you do #1 and #2, you should be OK.
Always, caveat emptor !