Serviceteam IT Security News
The suspect is believed to have carried out the scam on no fewer than six executives in the Bay Area, albeit ultimately with varying success

A 21-year-old man from New York is facing charges over the alleged theft of $1 million from a Silicon Valley executive after taking control of his phone number in a scam known as “SIM swap” and going on to invade his accounts with two digital currency exchanges, according to a CNBC report citing court records and officials.

Nicholas Truglia is said to have lifted $500,000 from each of two accounts that Robert Ross, a father of two from San Francisco, held in US dollars at the Coinbase and Gemini cryptocurrency exchanges. He went on to convert the haul into digital money and to deposit it into his personal account, according to authorities, which said that the robbery had taken place on October 26. Truglia was arrested on November 14.

The Manhattan resident is now facing a grand total of 21 felony charges, including identity theft, fraud, embezzlement, and attempted grand theft. In fact, according to reports, Truglia exploited the same tactic to target five more executives in the cryptocurrency arena. He reportedly managed to take over their phone numbers too, although his attempts to rob them ultimately failed.

Officials obtained a warrant and searched Truglia’s condo, and were eventually able to recover $300,000 worth of cryptocurrency from his hardware wallet. It’s not immediately clear what’s happened to the rest of the loot.

In a SIM swap (aka SIM splitting) scheme, a criminal impersonates a target to dupe the cellphone provider’s tech support staff into reassigning the victim’s phone number to a SIM card owned by the attacker. This usually requires answering a few security questions to verify the victim’s identity, but the criminal is often well prepared, having obtained the information through social engineering or mined it from social media, among other methods.

This access to the victim’s phone number can then help the attacker circumvent various security measures, including SMS-based two-factor authentication. Victims don’t usually realize that something is amiss until phone calls and messages won’t go through. By that time, however, the attacker may have invaded their bank or cryptocurrency accounts, including, for example, by resetting the password to any account associated with the phone number.


Source: HERE

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!