BURLINGTON COUNTY, NJ — A Burlington County man stands accused of using his position as a store manager to steal Subscriber Identity Module (SIM) numbers and putting them into a phone controlled by someone who was paying him $1,000 to do so, federal authorities announced.
Jonathan Katz, 40 of Marlton, is charged by complaint with one count of gaining unauthorized access to a protected computer, according to Acting U.S. Attorney Rachael A. Honig. He has been released on $100,000 unsecured bond.
In May, authorities said Katz used his credentials as a manager at a telecommunications store to access several customer accounts and steal their SIM numbers. Authorities didn’t say who his employer was.
He swapped the SIM numbers associated with the customers’ phone numbers into mobile devices controlled by another person who was not identified by federal authorities.
That person was then able to control the customers’ phones and access the customers’ electronic accounts, authorities said. Katz was paid in Bitcoin, which authorities said they traced back to his cryptocurrency account.
Five customers were victimized between May 11 and May 19, according to the affidavit of probable cause. Two were from New Jersey, and there was one each from California, Tennessee and Wyoming.
The technique Katz is accused of using, known as “SIM Swapping,” is often used to get past the two-factor authentication systems to access email, social media, and financial accounts, among other things, authorities said.
If convicted, Katz faces up to five years in prison and a fine of not more than $250,000 or twice the pecuniary gain to the defendant or twice the gross loss involved, whichever is greatest.
Princeton University researchers recently conducted a test of five major cell phone providers to see how easy it is to engage in this practice, according to Security National Bank. They were successful in 39 of 50 attempts.
The Federal Communications Commission has these tips on how to protect yourself against SIM fraud:
How to Protect Yourself
- Be Proactive: If you don’t already have a PIN or a password to verify your identity when calling about your account, contact your phone company and ask about adding one.
- Stay Vigilant: Enable both email and text notifications for financial and other important accounts. If you receive notice that changes to your account have been made without your knowledge, contact the business holding that account immediately to let them know that you didn’t authorize a change.
- Don’t Respond: If someone calls or texts you and asks for personal information, do not provide it. If the caller claims to be from a business you are familiar with, hang up and call that business using a number you trust, such as the number on your bill, in a phone book or on the company’s website.
- Don’t overshare: Guard personal details that can be used to verify your identity – such as the last four digits of your Social Security number, your phone number, your date of birth, the make and model of your car, your pet’s name, or your mother’s maiden name. And keep that information off social media.
Typically, loss of service on your device – your phone going dark or only allowing 911 calls – is the first sign this has happened, authorities said. Anyone who suspect they have been a victim of a SIM Swap scam should:
- Contact your phone company
- Contact your bank and other financial institutions
- File a police report
- Place a fraud alert on your credit reports and get copies of your report
Anyone who feels that they have been the victim of a SIM Swap scam can file a complaint with the FCC for free.
Credit: Source link