Well, whatever else can be said of hackers, they never lack for creative new ways to separate people from their hard-earned money. The newest trick?
Stealing consumer phone numbers and using the access that comes with that to reset the entirety of a consumer’s online life.
The way the scam works is that a thief contacts a victim’s phone company and asks to transfer their old phone number to a new phone — one under the thief’s control. Then, once they control the phone number, they can use it to reset the passwords on every account where the phone is the security backup.
“My iPad restarted, my phone restarted and my computer restarted, and that’s when I got the cold sweats and was like, ‘O.K., this is really serious,’” said Chris Burniske, a virtual currency investor who lost control of his phone number late last year, to the New York Times.
And the practice is becoming more common — the chief technologist of the Federal Trade Commission was one of the latest victims. In January 2013, there were 1,038 such incidents reported; by January 2016, that number had increased to 2,658.
But not all accounts are created equal for data thieves — and the most valuable online accounts to steal are like the ones belonging to Mr. Burniske, who is a cryptocurrency fan. In the few minutes of it took to get control of his phone, the virtual currency investor saw his virtual currency password change and its accounts drained of $150,000.
How common these attacks are remains a bit of a question mark since victims are hesitant to come forward — but “dozens of prominent people” told the Times that the attacks were real and that they had been victim to them.
“Everybody I know in the cryptocurrency space has gotten their phone number stolen,” said Joby Weeks, a Bitcoin entrepreneur.