Scammers hacked her phone and stole thousands - so how did they get her details?
scammers trick a network operator into thinking they're the account holder to get a new Sim card for a mobile device.
"Once they had access to Sue's phone number they were were able to intercept any security codes sent to verify her identity for her Gmail account,"
#scam #simswap #security #cybersecurity #hackers #hacking #hacked
OSINT points to possible arrest of crypto actor ‘Danny’ after seizure-style wallet flows
• $18.58M consolidated into one wallet
• Flows match known LE seizure patterns
• Links to Genesis ($243M) & Kroll SIM-swap ($300M+)
• Reported Dubai villa raid + arrests
#OSINT #ThreatIntel #CryptoCrime #SIMSwap #GenesisBreach #KrollBreach
Zwakke 2FA/MFA werkt AVERECHTS
In https://www.security.nl/posting/912441/65-plussers+gebruiken+tweestapsverificatie+minder+vaak+dan+gemiddeld#posting912477 schreef ik eerder deze week:
❝
2FA (MFA) is ruk.
Laat de overheid een wachtwoordmanager adviseren die wél op domeinnamen checkt.
❞
(Dat laatste kan standaard onder Android, iOS en iPadOS - middels "AutoFill").
Op veler "verzoek" onderbouwde ik die stelling (niet voor de eerste keer) in https://www.security.nl/posting/912441/65-plussers+gebruiken+tweestapsverificatie+minder+vaak+dan+gemiddeld#posting912530.
En in https://www.security.nl/posting/912441/65-plussers+gebruiken+tweestapsverificatie+minder+vaak+dan+gemiddeld#posting912733 legde ik uit waarom online inloggen *lastig* veilig te krijgen is - wat je ook verzint (het blijven shared secrets).
Vandaag heb ik Microsoft Authenticator ook maar weer eens getest (onder Android). Mijn bevindingen leest u in (de tweede helft van) https://www.security.nl/posting/912441/65-plussers+gebruiken+tweestapsverificatie+minder+vaak+dan+gemiddeld#posting912864 - hieronder een stukje daaruit.
#ZwakkeMFA #SMS #AuthenticatorApps #Zwakke2FA #Weak2FA #WeakMFA #MicrosoftAuthenticator #2FAsucks #MFAsucks #Phishing #NepWebsites #PhaaS #Evilginx2 #SIMswap #SS7 #AcountTakeOver #CookieTheft #AccountLockout
![Screenshot van een stukje uit https://security.nl/posting/912530
Microsoft Authenticator: stommer en lastiger kan niet
Ook account lockout is supersimpel: ik heb zojuist Microsoft Authenticator geïnstalleerd op m'n Android smartphone. Inderdaad stond "Cloud backup" standaard uit: aangezet.
Daar moest ik een Microsoft account voor hebben: voor "create" gekozen en een test-Gmail account opgegeven. De bevestigingsmail met pincode arriveert in mijn spambox.
Mijn nieuwe MS account heb ik verder aangemaakt zonder dat er ergens om een wachtwoord werd gevraagd (alles, behalve m'n gmail checken, vond overigens plaats in de Microsoft Authenticator app). Na het aanmaken van het account krijg ik een melding dat de backup is mislukt. En de knop "Cloud backup" is weer uitgezet.
Microsoft Authenticator gesloten en weer
[...]](https://files.mastodon.social/cache/media_attachments/files/115/548/906/844/600/094/original/9dd2b836c93dc3a3.jpeg)
🧩 1️⃣ Europol desmantela red de tráfico de tarjetas SIM.
Europol anunció la caída de una organización criminal que traficaba miles de tarjetas SIM para cometer fraudes financieros, suplantar identidades y distribuir malware.
Las SIM eran usadas para burlar verificaciones bancarias y robar dinero mediante ataques coordinados.
🔒 Incluso tu número puede ser usado para delinquir sin que lo sepas.
#Ciberseguridad #Privacidad #Europol #SIMSwap #FraudeDigital
https://blog.elhacker.net/2025/10/europol-desmantela-banda-trafico-tarjetas-sim.html
Hack bij Orange, maar "geen kritieke gegevens bemachtigd"
Nee, enkel naam, voornaam, telefoonnummer, simkaartnummer, PUK-code en het tariefplan
#simswap anyone?
SIM swap fraud is exploding in 2025 AI + data leaks = instant identity theft.
- Hackers hijack your number, bypass 2FA, and drain accounts in minutes.
- Use app/hardware 2FA, lock your SIM, and stay alert for sudden signal loss.
- One dropped bar could cost you everything.
#SIMSwap #CyberSecurity #eSIM #2FA #DataBreach #AIThreats #StaySafe #PrivacyMatters #DigitalSecurity #infosec
Read Full Article Here :- https://www.techi.com/sim-swapping-digital-crime-protection-guide/
SIM scammer’s sentence increased to 12 years, after failing to pay back victim $20 million - Read more in my article on the Hot for Security blog. https://www.bitdefender.com/en-us/blog/hotforsecurity/sim-scammers-sentence-increased-to-12-years-after-failing-to-pay-back-victim-20-million #nicholastruglia #cryptocurrency #guestblog #lawℴ #simswap #mobile
Heads up, crypto fam! 🚨 Nicholas Truglia, a SIM-swapping scammer, had his sentence increased to 12 years after failing to fulfill his restitution deal. Crypto crime doesn't pay! #CryptoScams #SIMswap #CryptoNews
AT&T rolls out Wireless Account Lock protection to curb the SIM-swap scourge https://arstechni.ca/An7s #wirelesscarrier #Security #simswap #Biz&IT #fraud
50 customers of French bank hit after insider helped SIM swap scammers - French police have arrested a business student interning at the bank Société Générale who... https://www.bitdefender.com/en-us/blog/hotforsecurity/50-customers-of-french-bank-hit-after-insider-helped-sim-swap-scammers #guestblog #lawℴ #simswap #mobile #france
Security researcher brutecat discovered a vulnerability that allowed brute-forcing the phone number linked to any Google account using display names and partial number hints. Google has patched the flaw. #Cybersecurity #Google #Infosec #DataPrivacy #SIMswap #BugBounty #SecurityNews
M&S cyber-attack: how to protect yourself from sim-swap fraud
#Tech #CyberSecurity #SIMSwap #DataProtection #2FA #Smartphones #SIMCards #MSCyberAttack #IdentityTheft #OnlineSafety #Authentication #FraudPrevention #TechSecurity #CyberAttack
https://the-14.com/ms-cyber-attack-how-to-protect-yourself-from-sim-swap-fraud/
SK Telecom confirmed its data breach disclosed in April began in June 2022, exposing USIM data—including IMSI and authentication keys—of 27 million subscribers. The malware compromised 23 servers and raised SIM-swapping risks. #SKTelecom #DataBreach #Cybersecurity #SIMSwap #InfoSec
✨ Golpe do SIM Swap: Justiça em Ação!
📝 Um ex-funcionário da SEC foi condenado por seu envolvimento em um ataque de SIM swap, revelando os perigos que ameaçam a segurança cibernética. Descubra como esse crime afeta suas informações pessoais e quais medidas você pode tomar para se proteger. Não fique no escuro sobre segurança digital! Clique para saber mais!
.
.
.#SegurançaCibernética #SIMSwap #Ju...
https://inkdesign.com.br/homem-do-sec-e-sentenciado-por-ataque-de-sim-swap/?fsp_sid=32091
End-to-end encryption doesn’t mean end-to-end protection.
Yes, WhatsApp encrypts your messages. But hackers don’t need to break the encryption.
They just need to break you.
That’s how most attacks happen.
Not with code — with clever manipulation.
A fake support message.
A phishing link.
A friend’s hijacked account asking for a code.
And the real damage comes after:
- Access to your chats
- Identity theft via your photo, name, and contacts
- Password resets and account takeovers (thanks to 2FA tied to your number)
- SIM swap attacks that bypass your entire digital perimeter
What makes it worse?
Most users never touch their privacy settings.
They leave “Last Seen,” profile photo, and group invites open to everyone.
They don’t enable 2FA.
They don’t encrypt backups.
They don’t lock the app or check for spyware.
And then they’re shocked when everything unravels in hours.
WhatsApp gives you the tools — but they don’t turn them on for you.
Here are 8 settings you should activate today:
1. 2FA PIN
2. Profile visibility: Contacts only
3. Group invite restrictions
4. Security code change alerts
5. Biometric app lock
6. Disappearing messages
7. Encrypted backups
8. App updates to patch spyware exploits
Cybercriminals don’t break into accounts.
They walk right through the front door — because it’s usually wide open.
Your security is only as strong as the habits behind it.
When encrypted government communications get hacked… what chance do the rest of us have?
TeleMessage — a Signal-based app used by U.S. officials — has just been breached.
The attacker didn’t just grab some harmless metadata. They accessed contact lists, backend credentials, and entire conversations across modified versions of Signal, WhatsApp, Telegram, and even WeChat.
This wasn’t a rogue app.
This was the messaging tool used inside the White House.
Used by National Security Advisor Mike Waltz.
Used to discuss military operations.
And now it’s suspended — too late.
Here’s the real problem:
Even apps built “for privacy” can be fatally compromised when they store data insecurely, create archiving loopholes, or leave cryptographic back doors open for enterprise compliance.
And once that data is exposed?
- It gets matched with phone numbers
- It reveals high-value targets
- It paves the way for SIM swapping and full digital impersonation
This is how it starts — with a breach of trust.
Then comes the breach of your phone, your accounts, your identity.
We often think of mobile security as a software problem.
But the real threat lies deeper — in the number that ties everything together.
The lesson here is simple:
If world leaders can be exposed, so can you.
If their privacy is fragile, what about yours?
At @Efani, we believe your mobile number shouldn’t be your weakest link.
She lost access to her bank, her crypto wallet, and her identity — all because of one overlooked setting in WhatsApp.
It started with a simple message:
“Hey, can you send me the code you just received? I sent it to your number by mistake.”
It looked like it came from a friend.
She sent the code.
Moments later, her WhatsApp was hijacked.
But that was just the beginning.
- The attackers used her chats to impersonate her
- Requested money from her contacts
- Took over linked accounts with 2FA tied to WhatsApp
- Even escalated the attack with a SIM swap
All of this — preventable.
Most people assume WhatsApp is “secure enough” because of end-to-end encryption.
But the truth is: your own settings can be your biggest vulnerability.
If you haven’t turned on these 8 protections, you’re not secure:
* 2FA with a custom PIN
* Privacy limits on who can see your photo, status, and online activity
* Group restrictions to prevent mass-add scams
* Encryption alerts for contact changes
* Biometric lock for the app
* Disappearing messages for sensitive chats
* Encrypted cloud backups
* Regular updates to patch spyware exploits
This isn’t just advice. It’s damage control — before the damage hits.
Your WhatsApp isn’t just a chat app anymore.
It’s your digital fingerprint.
Don’t wait for a hacker to remind you of that.
They weren’t saving for themselves.
They were saving for their mom.
Justin Chan and his sister shared a bank account — it was used to pay for their elderly mother’s care.
One night, while they were asleep, a stranger stole their phone number.
Not their phone.
Not their passwords.
Just their number.
With that, the attacker intercepted their 2FA codes, broke into their Bank of America account, and executed three wire transfers totaling $38,000.
- $20,000 went to a known felon’s account
- $18,000 was funneled through Robinhood and cashed out
All in under three hours.
The bank didn’t respond at first. Robinhood denied responsibility.
It wasn’t until media pressure mounted that the money was finally returned.
But imagine the stress, the helplessness — when the money meant to care for someone you love vanishes.
That’s the hidden cost of SIM-swapping.
It’s not just financial. It’s emotional. It’s destabilizing.
And most people don’t see it coming until it’s too late.
This entire situation could’ve been avoided with better safeguards at the carrier level — or stronger default protections from mobile providers.
At @Efani, we exist because this story keeps repeating.
Because no one should lose their peace of mind — or their parent’s care funds — to something as preventable as a SIM-swap attack.
Secure your number like your future depends on it.
Because sometimes, it does.
SMS 2FA isn’t security — it’s an illusion.
WWE star AJ Styles had two-factor authentication enabled.
It didn’t matter.
His X account was hijacked through a SIM swap — a common but devastating attack where hackers convince a mobile carrier to transfer your number to their SIM.
From there, they intercepted his 2FA codes and took control of his entire digital presence.
Racist tweets.
Crypto scam links.
Brand damage in real-time.
AJ later said:
“They stole my SIM card. Somebody at AT&T allowed it to happen.”
Let that sink in.
He did everything right — or so he thought.
But SMS-based 2FA didn’t protect him. It opened the door.
This isn’t rare.
It’s not bad luck.
It’s a broken system.
Here’s the hard truth:
- SMS 2FA can be socially engineered
- It depends on your mobile carrier’s weakest employee
- And once your number is stolen, every linked account is at risk
If you’re still using SMS for 2FA on high-value accounts — crypto, email, social, banking — you’re playing defense with a paper shield.
Here’s what to do instead:
- Use an app-based authenticator (like Authy or Google Authenticator)
- Better yet, use a physical security key (like YubiKey)
- Assume your number will be targeted — and plan accordingly
Because in 2025, SMS 2FA isn’t protection.
It’s a liability in disguise.
