T-Mobile faces fresh scrutiny after reports of mysterious texts offering employees cash in exchange for performing unauthorized SIM swaps recently started doing rounds on social media. The messages target current and former employees across the country and offer up to $300 per SIM swap. This brazen attempt to exploit T-Mobile’s staff raises serious concerns about the carrier’s security practices and highlights the ever-present threat of SIM-swapping attacks.
What is SIM swapping, and where did employee data come from?
SIM swapping is a fraudulent act in which a bad actor tricks a cellular carrier into transferring your phone number to a new SIM card. It gives the attacker control of your phone, allowing them to intercept calls, texts, and, most importantly, two-factor authentication codes. This can lead to, among other things, financial loss, as attackers can hijack bank accounts, cryptocurrency wallets, and other sensitive online services accessible through your phone.
The big mystery is how the perpetrators got their hands on T-Mobile employee phone numbers. The company denies a recent systems breach. However, the inclusion of former employees suggests the data might be linked to previous breaches. This may also represent a new, yet undisclosed, breach—a truly troubling prospect for T-Mobile given its recent history with data breaches.
T-Mobile’s response is not entirely reassuring
While acknowledging the investigation, T-Mobile’s statement does little to calm customer nerves. According to The Mobile Report, T-Mobile has denied any possibility of another data breach. T-Mobile also claims this issue isn’t limited to the Un-carrier. “We did not have a systems breach,” part of the statement reads. However, they’ll “continue to investigate these messages that are being sent to solicit illegal activity.” They also note that “other wireless providers have reported similar messages.” Still, the ongoing nature of these texts hints at a possible attack. Or worse yet, the presence of willing accomplices within T-Mobile’s ranks.
Customer concerns and the erosion of trust
This incident adds to a growing list of security scandals that have plagued T-Mobile in recent years. The company’s once-stellar reputation is rapidly eroding, and customers are rightfully questioning whether their information is safe. SIM swap attacks are a serious problem for the entire industry, but this incident suggests that T-Mobile seems especially vulnerable.
There’s no guaranteed fix for this. However, for better security, you can avoid SMS-based two-factor authentication and switch to app-based authenticators like Google Authenticator or Authy. Always scrutinize links and phone numbers. Also, be wary of mysterious texts or calls claiming to be from T-Mobile support. Lastly, enable the SIM protection function that T-Mobile offers, and be sure to activate it on your account.
Even as the investigation continues, T-Mobile needs to be more transparent about the source of these latest SIM swapping attempts (assuming it’s not a new data breach). The company must also reassure customers that their information is truly secure and that it is taking decisive steps to prevent similar incidences in the future.
