Jack Monroe, a popular food blogger and activist, recently revealed that she lost about £5,000 (around US$ 6,395) from her bank account after being hit by a SIM-Swapping attack. The British-based writer stated that her phone number was seized and re-activated on another SIM card, despite using two-factor authentication (2FA).
Monroe stated the attackers were able to receive her two-factor authentication messages and access her bank and payment accounts.
“It seems my card details and PayPal info were lifted from an online transaction. The phone number was ported to a new SIM, meaning crims access/bypass authentication and authorize payments. I’m an autistic, methodical, ruthless investigator, and I have a LOT of info to go on,” Jack Monroe tweeted.
“The money stolen has run into thousands of pounds–I’m a self-employed freelancer and I have to absolutely hustle for every single pound I earn. And someone has just HELPED THEMSELVES to around five thousand of them. The total figure not in yet. I’m so white-hot angry,” Monroe added.
SIM Swapping fraud is one of the simplest ways for cybercriminals to bypass users’ 2FA protection. Recently, unknown hackers used SIM Swapping Attack technique to take over Jack Dorsey’s, Twitter’s CEO & Co-founder, Twitter account by exploiting the cell carrier vulnerability, which enabled them to post anti-Semitic comments in his account feed.
According to an official report, Dorsey’s account was compromised by a hacking group named Chuckle Squad. However, Twitter officials clarified that Jack’s account is now fixed and there is no sign that Twitter’s systems have been hacked.
Describing how the account got hacked, Twitter said, “The phone number associated with the account was compromised due to a security oversight by the mobile provider. This allowed an unauthorized person to compose and send tweets via text message from the phone number. That issue is now resolved.”