Excerpt from this podcast:
ALEX: Yeah. So take everything he says with a grain of salt. But he told me that he and his fellow hackers actually have a pretty reliable method for how they usually get accounts. It’s called SIM Swapping.PJ: OK.ALEX: So here’s how SIM Swapping works: You, PJ, have a phone number. I’m not going to say it on the radio even though that would be such a good troll.
…ALEX: Um. So, so, what they do is they find out that you have a valuable account and they find out your number. And they call the phone company and pretend to be you and say, “I’ve got a new phone that you need to transfer my phone number to.” So the phone company transfers your phone number to the hacker’s phone.PJ: And then they have logins on all your apps?ALEX: They don’t have logins on all your apps. But since everybody uses two factor authentication on their phones–PJ: Ahhhh! Then they go to instagram and they’re like “I forgot my password!”ALEX: Exactly. And then Instagram sends a password reset text to the phone number, which they’re now in control of, and just like that, they have your account.WORTHY: You know what OGUsers is right?ALEX: Oh, do I ever.WORTHY: Yeah, so basically, OGs like that–OG handles, those are easy because it’s normal people like me and you. As long as I got the number, done. All I got to do is call T-Mobile, Verizon–any phone companies and you’ll have it for about 24 hours before they notice, you know, it was obviously a fraud. But by the time you know that happens you’ve already swapped that OG handle, you’ve got it. It’s yours. It’s done.PJ: I mean, I don’t know if this is true, but there’s probably a lot of people at T-Mobile who are trusted to port a number.ALEX: Yeah like my experience at every phone store I’ve ever been to is that the people there are moving phone numbers from one phone to another all day every day. Like, anytime you buy a new phone, that’s what they’re doing.