Edgar Cervantes / Android Authority
TL;DR
- Current and former T-Mobile employees are receiving text messages offering them $300 for every SIM swap they perform.
- SIM swapping allows a bad actor to gain access to a phone line, which they can use to obtain two-factor authentication codes sent to the victim.
- It appears the criminals were able to contact these employees with the help of a leaked employee directory.
Update, April 15, 2024 (03:42 PM ET): A T-Mobile spokesperson issued a statement to Android Authority on the matter discussed in the original article below. Here is the statement, in full:
We did not have a systems breach. We continue to investigate these messages that are being sent to solicit illegal activity. We understand other wireless providers have reported similar messages.
Our original, unedited article follows the break.
Original article, April 15, 2024 (02:43 PM ET): From new fees to a default “on” profiling toggle, the news surrounding T-Mobile lately hasn’t exactly been great. Adding fuel to the fire, there’s now a new report that current and former employees are being offered money to perform SIM swaps on user’s phone lines.
If you’re not familiar with the act of SIM swapping, it’s a technique bad actors use to gain access to someone’s phone line. This is done by switching the SIM card registered for the line to one owned by the bad actor. With control over the phone line, that bad actor can intercept verification codes sent to the victim to gain access to accounts protected by two-factor authentication (2FA).
According to The Mobile Report, T-Mobile employees from across the country are receiving text messages offering them money for every illegal SIM swap they perform. Screenshots of these text messages read:
I got your number from the T-Mo employee directory. I’m looking to pay someone up to $300 per sim swap done, if you’re interested, reply and we can talk.
These messages are said to have come from a variety of numbers and different area codes. As such, it’s unknown if this is the work of multiple people or one bad actor who’s spoofing phone numbers.
What seems clear, however, is that T-Mobile’s employee directory — which contains the phone numbers of all of its employees — may have leaked somewhere. It appears that not just current employees are being contacted by the scam, but also employees who left the company months ago are getting the messages as well. This suggests that the bad actor, at least, doesn’t have live access to the directory and that the information may not be recent.
Although many of the recipients have rejected the offer and reported the scam, there isn’t a guarantee that some current employees won’t take up the offer to make some extra money on the side. If you’re a T-Mobile customer, you can protect yourself from this type of fraud by using the company’s free SIM protection service, which it describes on its website. It’s also recommended that you use some other method of 2FA instead of SMS.