SIM swapper jailed over $1M theft


Jordan Persad, a 20-year-old from Orlando, US, was sentenced to 30 months over his involvement in a SIM-swapping scheme that cost victims nearly $1 million.

It took Persad and his co-conspirators 15 months to steal what many would have earned in decades, a recent press release from the US Attorney’s Office of the District of Arizona shows.

Between March 2021 and September 2022, during the height of the pandemic, Persad and other hackers breached victims’ email accounts and hijacked their phone numbers to access their targets’ crypto accounts.

ADVERTISEMENT

The modus of the attack is referred to as a SIM swapping attack. These types of attacks happen when a fraudster convinces a cell phone provider to give them access to a phone number and swap it for a new SIM card or phone.

Since many users employ phone numbers as a means to receive one-time access codes, SIM-swapping attacks allow hackers to change account passwords on multiple user accounts, hijacking everything from emails to crypto wallets.

According to the US Attorney’s Office, some of Persad’s victims lost as much as $30,000, with total losses nearing $1 million. However, Persad would share the spoils with his lackeys, and authorities believe he himself netted $475,000.

SIM-swapping attacks have been a major headache for organizations. For example, last year, attackers breached Verizon users and used exposed credit card details in SIM-swapping attacks. Earlier, the same type of attacks plagued T-Mobile as well.

While using two-factor authentication (2FA) is highly advisable, hackers have discovered multiple ways to bypass 2FA when the authentication method consists of one-time codes sent as an SMS message.

Bad actors use inexpensive mirroring apps to monitor SMS activity and grab SMS authentication codes without users knowing. Those that sync SMS messages with other devices, such as tablets and laptops, also increase their risk if a device is stolen by a hacker who can easily access codes.

Alternatives to SMS-based 2FA, such as Authy, Microsoft Authenticator, or Google Authenticator, deny threat actors the capabilities of carrying out SIM swapping attacks and may reduce the risk of being hacked.

ADVERTISEMENT