Two Charged in SIM Swapping, Vishing Scams – Krebs on Security – Krebs on Security

Two young men from the eastern United States have been hit with identity theft and conspiracy charges for allegedly stealing bitcoin and social media accounts by tricking employees at wireless phone companies into giving away credentials needed to remotely access and modify customer account information.

phonescam ProxyEgg Two Charged in SIM Swapping, Vishing Scams – Krebs on Security - Krebs on Security

Prosecutors say Jordan K. Milleson, 21 of Timonium, Md. and 19-year-old Kingston, Pa. resident Kyell A. Bryan hijacked social media and bitcoin accounts using a mix of voice phishing or “vishing” attacks and “SIM swapping,” a form of fraud that involves bribing or tricking employees at mobile phone companies.

Investigators allege the duo set up phishing websites that mimicked legitimate employee portals belonging to wireless providers, and then emailed and/or called employees at these providers in a bid to trick them into logging in at these fake portals.

According to the indictment (PDF), Milleson and Bryan used their phished access to wireless company employee tools to reassign the subscriber identity module (SIM) tied to a target’s mobile device. A SIM card is a small, removable smart chip in mobile phones that links the device to the customer’s phone number, and their purloined access to employee tools meant they could reassign any customer’s phone number to a SIM card in a mobile device they controlled.

That allowed them to seize control over a target’s incoming phone calls and text messages, which were used to reset the password for email, social media and cryptocurrency accounts tied to those numbers.

Interestingly, the conspiracy appears to have unraveled over a business dispute between the two men. Prosecutors say on June 26, 2019, “Bryan called the Baltimore County Police Department and falsely reported that he, purporting to be a resident of the Milleson family residence, had shot his father at the residence.”

“During the call, Bryan, posing as the purported shooter, threatened to shoot himself and to shoot at police officers if they attempted to confront him,” reads a statement from the U.S. Attorney’s Office for the District of Maryland. “The call was a ‘swatting’ attack, a criminal harassment tactic in which a person places a false call to authorities that will trigger a police or special weapons and tactics (SWAT) team response — thereby causing a life-threatening situation.”

The indictment alleges Bryan swatted his alleged partner in retaliation for Milleson failing to share the proceeds of a digital currency theft. Milleson and Bryan are facing charges of wire fraud, unauthorized access to protected computers, aggravated identity theft and wire fraud conspiracy.

The indictment doesn’t specify the wireless companies targeted by the phishing and vishing schemes, but sources close to the investigation tell KrebsOnSecurity the two men were active members of OGusers, an online forum that caters to people selling access to hijacked social media accounts.

Bryan allegedly used the nickname “Champagne” on OGusers. On at least two occasions in the past few years, the OGusers forum was hacked and its user database — including private messages between forum members — were posted online. In a private message dated Nov. 15, 2019, Champagne can be seen asking another OGusers member to create a phishing site mimicking T-Mobile’s employee login page (t-mobileupdates[.]com).

Sources tell KrebsOnSecurity the two men are part of a larger conspiracy involving individuals from the United States and United Kingdom who’ve used vishing and phishing to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks.

Source of this news: https://krebsonsecurity.com/2020/11/two-charged-in-sim-swapping-vishing-scams/

Related posts:

Is Your Measurement Provider Giving You A Compass Or A GPS? – AdExchanger - AdExchanger
“Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media. Today’s column is written by Marc Goldberg, CRO at Method Media Intel...
404 and 503 errors: Cracking the HTTP status codes - CNET
404 is a common sign that the page cannot be found on the web.  CNET It was Feb. 16 and I had two alarms set on my phone for Beyoncé's Formation tour tickets. As they were bound to sell out in ...
Fix Ubisoft Connect app not working on Windows PC - TheWindowsClub
This guide features different workarounds you can try if the Ubisoft Connect app is not working on Windows 11/10. Ubisoft Connect is an ecosystem for Ubisoft games and helps different players to conn...
The safety Implications of Application Progress | eWEEK - eWeek
Particulars Point No . 4: Associations don’t feel confident of the security. A little less than part of surveyed organizations said these are definately very or extremely proficient about the...
Baltimore to allow indoor and exterior lighting dining to resume Friday, with one hour time limit fo...
A few of the owners have opted you can temporarily shut down their business opportunities rather than attempt to eke obtainable a living on carryout order placed and limited capacity. Most notabl...
Log4j: List of vulnerable products and vendor advisories - BleepingComputer
News about a critical vulnerability in the Apache Log4j logging library broke last week when proof-of-concept exploits started to emerge on Thursday. Log4j is an open-source Java logging framework p...
Private Proxy: Expectations vs. Reality - The Future of Things
A proxy server is an essential part of how we use the Internet and a very useful tool for accessing unauthorized content. It is an intermediary between the user and the website that facilitates web s...
MacOS How to Hide Your IP Address - Alphr
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way. Websites keep track of your IP address for various reasons, and in most cases, it’s n...
IcedID Thread-Hijacking Attack Uses Penetrated Exchange Servers - Duet Security
Attackers are using compromised Microsoft Exchange computers to send phishing emails, such as malicious attachments that invade victims with the IcedID or spyware. The latest campaign, which wa...
Waikato cyberattack: Servers in question not culprit, DHB says - RNZ
A set of Waikato District Health Board servers were at end-of-life and unpatched when hackers struck in the early hours of 18 May, a source claims. A sign at Waikato Hospital in May. Photo: RNZ /...
VPN or Proxy? Which Is More Secure? - Techstry - Techstry
Which is the actual one to use in your system? Many of you must have heard about both myspace proxy and VPN. Many people are not able to decide which one should be used for something that purpose...
Supply server chip startup Ampere is headed for an IPO - Protocol
"We are seeing that makers are selling their videos but memes as NFTs, type Wojcicki told livestreamer Ludwig Ahgren on a recent podcasting episode of The Yard . type If makers are selling the...
Open Secure Plant Migration | WWD - Water & Wastes Digest
Migrating from legacy system to modern controls The PLCs that the East Cherry Creek Valley (ECCV) Water & Sanitation District had been using to control the potable water treatment facilities and ...
Transitions: Eric Cantrell, 7thSense - InPark Magazine
Interview by Jordan Zauha Eric Cantrell has worked for show control solutions company Medialon since 2008. Founded in 1992, Medialon was acquired by imaging technology company Barco in 2016, and subs...
8 Easy Ways to Stay Anonymous Online - PCMag AU
Some might say the internet was built on anonymity, paving the way for a place where free speech reigns supreme. But after years of learning about who's snooping into everything we do online, privacy...
Ultrafast Doppler imaging and ultrasound localization microscopy reveal the complexity of vascular r...
All experiments performed in this study were in accordance to the French and European Community Council Directive of September 22 (2010/63/UE). They were also approved by the local Institutional Anim...
400 Banks' Customers Targeted who have Anubis Trojan - Threatpost
Its administrator of your personal reports will be Threatpost, Inc., 60 Unicorn Park, Woburn, EPPURE 01801. Detailed information on some processing of personal data is in the privacy policy . I...
Fix Steam Captcha not working - TWCN Tech News
Steam is one of the most popular and widely used gaming apps out there, and for good reason too. Not only can you play games there but also create them. While some games are free, others are to be pa...

IP Rotating Proxy Onsale

SPECIAL LIMITED TIME OFFER

00
Months
00
Days
00
Hours
00
Minutes
00
Seconds
First month free with coupon code FREE30