Cryptocurrency Entrepreneur and Investor Michael Terpin Sues âToo Big to Careâ AT&T for Permitting $23.8 Million Theft in âSIM Swapâ Scam by Authorized Agent
Mobile security experts from OneSpan and Comparitech commented today on news that cryptocurrency entrepreneur and investor Michael Terpin is suing AT&T for negligence in a “SIM Swap” scam. Terpin Also Seeks $200 Million in Punitive Damages as AT&T Alleged to Tolerate Insider Criminal Activity in Recent Arrests of SIM Swap Criminal Gangs
John Gunn, chief marketing officer, OneSpan:
“If carriers, ISPs, and MNOs had to bear full financial responsibility for every crime and act of fraud committed across their networks, they would all cease to exist. Viewing this under the doctrine of assumed risk, it would be very difficult for the plaintiff in this action to prove they were unaware of the inherent risks of mobile and online transactions.”
Paul Bischoff, privacy advocate, Comparitech.com:
“SIM-jacking arose as a response to the growing adoption of two-step verification (also referred to as two-factor authentication) as a means to protect online accounts from hackers. Most two-step verification requires entering a PIN number sent to the user’s phone number. Unfortunately, employees who work at stores run by mobile carriers like AT&T have free reign to “hijack” a SIM card and transfer the phone number to a different device. This can be done unbeknownst to the user, so thieves will seek out store employees who can be bribed to assist with SIM jacking.
By using a fully automated service like Google Voice, there’s simply no one to bribe. Personally, I recommend utilizing an app like Google Authenticator or Authy whenever possible. These apps can receive a PIN over the internet and thus cannot be SIM-jacked, so they’re much more secure. Unfortunately, most sites, services, and apps rely solely on SMS verification and don’t yet support those apps.”