Posted on December 20, 2021 at 2:37 PM
Sim swap attacks are some of the worst hacking exploits because of both the financial and identity theft loss suffered by the victims. The latest victim of a sim swap attack is Mark Donnelly, a nurse based in Sydney.
A report from 9news states that the hacker/hackers behind this attack emptied the bank accounts of Donnelly and managed to take control of other applications on his device.
Nurse suffers immense losses from sim swap attack
Donnelly discovered something was wrong with his sim card when he suddenly lost phone service on his iPhone 12 Pro. The phone only displayed an “SOS” message, showing that the phone could not access the network.
What was suspicious was that the network provider had not issued any explanation on the network loss. Moreover, Donnelly’s connection to Optus was also affected in the event.
The hacker managed to drain his life savings of around $35,000. This amount was deposited into a cryptocurrency exchange and converted into Bitcoin.
A sim swap, also known as simjacking or a sim hijack, is when another unauthorized individual uses a false identity to activate an eSIM through the Optus online message system. The hacker manages to do this without undergoing physical verification in an Optus store. One can easily steal a phone number and use it to access different accounts.
In this case, after the hacker stole Donnelly’s phone number, they accessed his bank accounts and exploited other applications such as ZipPay and AfterPay. They also gained access to his immigration details, such as his UK passport. The hacker unsuccessfully tried to create a new bank account using Donnelly’s name.
Donnelly engaged his bank regarding the incident, where he managed to recover most of the stolen life savings. ANZ bank refunded $26,000 to him, while ING refunded $4000. The remaining balance on Bendigo Bank is still under investigation.
Optus fails to offer much help
Optus, the platform that permitted the sim swap, offered the nurse $80 compensation. Because of the loopholes exploited by the hacker on the Optus platform, Donnelly is seeking help from the Telecommunications Industry Ombudsman (TIO) regarding the process followed by Optus to facilitate sim swaps.
Donnelly has stated that it has been a daunting process engaging Optus on the matter. “They told me they would call me back in 24 to 48 hours, and they would discuss it, but there was nothing,” he said.
After unsuccessfully trying to resolve the matter online with Optus, Donnelly visited a physical Optus store. He made several visits to the store to understand why he had lost service to his phone. Eventually, his phone service was restored.
However, Donnelly noted that the staff who replaced his SIM did not evaluate what had caused the loss of service. Had they been keen to identify the root cause of the matter, they would have uncovered how the hack happened.
After Donnelly regained access to his sim details, the hacker realized this, and they attempted to regain control. The hacker contacted an agent at Optus requesting activation of the eSIM.
The hacker used the documents stolen from Donnelly to pass the verification process. The request was accepted, after which the activation of the eSIM was to happen after a few hours.
The online services offered by Optus can easily be bypassed by a hacker who has all the needed details. One simply has to provide their name, date of birth and mobile number. In the case of an eSIM, one needs further verification by answering several questions to prove your identity.
After the hacker regained access to the network, Donnelly once again lost his phone connection, and an SOS message reappeared on his phone. When he visited the Optus store again, he was informed that his SIM would not be replaced.
According to the Optus employee who tendered to him, his iPhone caused the issue, and he was advised to contact Apple.
After gaining access to Donnelly’s SIM network for the second time, the hacker accessed his bank accounts and drained funds, later sent to the CoinJar exchange. Donnelly unsuccessfully tried to contact the exchange to prevent the transaction, but his attempts were futile.
While Donnelly has recovered most of his funds, he is still worried about the information the hacker possesses. Donnelly’s IMMI account was compromised in the process; hence the hacker had access to his identity documents. Such documents are sold on the dark web. Donnelly painfully notes that he has lost his identity because of this ordeal.