The SIM-Swap Crypto Scam Out to Take Your Bitcoin

Unfortunately crims will be crims and are out to scam you in new and inventive ways. A scam, called “phone porting” is being used via your banking apps or your crypto apps.

The scam is also known as a port-out scam, phone porting, SIM splitting, simjacking, and SIM swapping.

This new scam is yet another ploy to steal your funds. CoinJar has seen a rise in this scam here’s what you need to know to minimise your chances of this happening.

Phone porting scam

Recently, a [CoinJar customer] (https://au.trustpilot.com/users/65f9fad3822b270012e6fe4d) had the heart-stopping experience of a hacker trying to break into her crypto account. She urgently contacted CoinJar in a panic to try to stop it.

Mirjana said that the hackers had accessed her phone, and locked her out of it.

Then, they changed her phone number and details to their details. They had already got into her bank accounts and managed to withdraw money. And they were actively working to break into her crypto account.

Mirjana messaged CoinJar urgently, and CoinJar then started their protective process to freeze her account and verify her identity.

She said, “Lucas was switched on and used video ID to save my account. The hacker was probably male, and did not look like me or my ID that he stole.”

What is phone porting?

Phone porting is when criminals try to steal your phone number by calling your phone company claiming to be you. They say they have bought a new phone and need to switch the old number to the new phone.

All they need to steal your number like this is to get hold of your name, address, and birthdate. They can then switch your phone number to their own phone.

How do you know this has happened? Suddenly, your phone stops working. It’s because they start receiving all your calls and messages.

After this, they can reset your banking passwords, access your crypto accounts, or even pretend to be you online.

How CoinJar deals with phone porting

Aaron McDonald is the Compliance Manager for CoinJar. He has been dealing with phone porting in increasing numbers.

“Phone porting is where your number is ported and moved to a different provider. And once it's moved, your SIM card in your phone doesn't work anymore. So you can't get calls. You can't get text messages.”

McDonald said that when Mirjana contacted CoinJar, she was really solely focused on saving her crypto. “There have been cases where someone has gotten into a bank account through this exact method. And they've taken all the money. Sometimes the bank will refund this, but sometimes they don’t.”

McDonald said that the first thing that CoinJar did was verify Mirjana’s identity. “We always want to make sure we're talking with the correct person because in these cases, when someone takes over your identity, we do have cases where a fraudster will actually write in as that person. They will say, ‘Why can't I sell my crypto? Why can't I send it to another wallet? What's going on?’ They try to trick us into removing those restrictions.”

Be ready to show ID

The first thing you need to know is that if you need help from CoinJar, be ready to prove who you are, and have your ID ready.

Meanwhile, the criminals were working fast. Says McDonald, “In the midst of Mirjana contacting us, the fraudsters managed to get into her CoinJar account and they changed the email attached to her account to a different one.”

CoinJar then received emails from the fraudster. Meanwhile Mirjana had created a new email account to be able to talk to CoinJar staff, and was saying, “Please freeze my account! Don't let anything happen to it!”

There were also emails from the fraudster saying, “Unfreeze my account, why can't I send my money? If you don't do this, I'm going to report you to the regulator!”

McDonald says that the fraudsters “really love turning those psychological screws.”

However Mirjana, via her new email account, was already sending identity documents and she went on a live video chat to prove that she was a real person.

McDonald added, “Ultimately we were able to get her account back.”

This complete identity takeover all started from her phone number being ported. But there are things that are still a mystery: How did they get her date of birth? How did they get other details? Did they get her passwords? There are a lot of unknowns.

How would hackers know my details?

SIM swap scams have become a threat to our personal security. But why should you care? Because you could lose your money to the scammers and the institutions that are drained of your funds don’t often pay this back to you.

Major companies and even government agencies have fallen victim to data breaches.

These incidents compromise user data on a massive scale. Your personal information — name, date of birth, address, document numbers, expiry dates, mobile numbers, and email addresses — can end up for sale on the dark web.

Armed with your personal data, hackers impersonate you by convincing your mobile carrier to transfer your phone number to a new SIM card under their control.

SIM swap scams can lead to devastating consequences. Imagine waking up to drained bank accounts, unauthorised credit card transactions, and compromised social media profiles. Your identity is at risk, and the fallout can be financially and emotionally distressing. If you need help please contact 988 Lifeline or another support service in your country.

How to report scams

If this happens to you it is important to report it.

McDonald says that for people who have suffered through this, don't delete any text messages. “Don't delete phone call records either, just keep everything and give it to the police.”

Contacting CoinJar quickly is important. “If someone contacts us saying their account has been compromised, we're very quick to respond as we get instant real-time alerts. Usually we can respond much quicker than a bank. Sometimes you can be waiting for 20 minutes calling a bank, just to get through to someone to say, ‘My account has been compromised!’ Every second counts.”

Tips to avoid being scammed

Never reuse passwords

Use a password manager to have unique passwords for every single account you own. Options here include Dashlane, and 1Password.

Don’t use SMS to verify your password.

Instead, use an authenticator app.

Get a second mobile number for crypto accounts and banking.

This can be a number for SMS only that nobody knows about. Most phones can have two SIMcards.

Supermarkets and other stores usually offer some very cheap SIM cards. For example, if you are in the US, Walmart have a range of deals. Amazon also offer cheap SIM cards.

Just simply don’t talk about your crypto.

Don’t tell people you have online accounts or hard wallets. Don’t make yourself a target.

Use a different email for different services

For example, you might use one email address for shopping, another for social media, and yet another for work-related matters. This way, if one email address gets compromised, it doesn’t affect the others. You can set up a new email address and get all emails forwarded on to your main email address, for example.

The “+” trick: Some email providers, like Gmail and Google Workspaces, allow you to use a clever trick. You can add a plus sign (+) and any word after your email address before the “@” symbol.

For instance, if your email address is youremailaddress@gmail.com, you can create variations like youremailaddress+shopping@gmail.com or youremailaddress+work@gmail.com.

These variations all lead to the same inbox but act like separate compartments. So, emails sent to youremailaddress+shopping@gmail.com will still arrive in your main inbox, but you can easily filter and organise them.

By using this trick, you don’t need to set up completely new email addresses for different services. Instead, you create virtual compartments within your existing inbox.

If you sign up for an online service (let’s say a cryptocurrency platform like CoinJar), use the youremailaddress+coinjar@gmail.com variation. If you start receiving spam or want to organise your emails better, you can filter based on these variations.

WiFi, DNS and Firewall protection

Imagine your home network as a fortress. It has two critical parts: your Wi-Fi (the wireless connection) and your DNS (the system that translates web addresses into actual website locations).

Keeping both secure is essential to prevent cyber threats.

Firewalla Purple is an example of a product that makes public and shared Wi-Fi networks safer. It creates a special area within your network called a trusted LAN. Everything in this area is fully protected by Firewalla, and you can see and control what flows through it.

So, when you’re out and about, your devices are shielded from hackers.

Identity and credit monitoring

Credit and identity monitoring is usually a subscription service designed to help you manage your credit profile and reduce the risk of identity theft. Here are some comapnies that offer it.

These services help by doing dark web monitoring. They checks if your info shows up on shady parts of the internet.

And, you’ll get notified if anything important changes in your credit report. You can insure against identity theft too.

Hardware wallets and backup phrases

If you have a hardware wallet (a secure device for storing your cryptocurrency), it’s crucial to save your backup phrase.

A backup phrase is like a secret code that allows you to recover your crypto if you lose access to your wallet.

You can use products like Cryptosteel Capsule Solo or Cryptotag Zeus to securely store this backup phrase. Hide it somewhere safe where nobody else can find it.

When purchasing a hardware wallet, always buy directly from the official Ledger or Trezor website. Be cautious because there are fake wallets out there that look identical but can steal your funds.

Sharing access

If you’re using a hardware wallet or any other self-hosted wallet, ensure your friends and family know how to access your crypto. This way, if something happens to you, they can still retrieve it.

However, if you store your crypto in your CoinJar account, you don’t need to worry about this step.

Some extra resources:

Unique passwords: Click here.

Risks of non-unique passwords: Click here.

Creating strong passwords: Click here

Scams advice: Click here

2FA (Enhanced Security): Click here

One-time password: Click here