A woman who lives in Broward County says a scammer drained thousands from her crypto and bank accounts.
It’s a scam Yva Horrobin said started from her cellphone. On what seemed like a normal day at work in late November, she noticed her cellphone did not have signal.
“I wasn’t able to make any phone calls. I wasn’t receiving any phone calls. I could not send out any text messages, I could not call my phone carrier,” Horrobin said.
She used a Wi-Fi signal to check her email, and that’s when she found notifications from her bank warning of unauthorized activity.
“I went into my Coinbase account and I could not get in. I went to my other financial account, I could not get in. My passwords were changed, and my two-factor authentication was changed. I was literally locked out of all my accounts,” Horrobin said.
Within hours, her Coinbase crypto account was drained of $18,165. She said the scammers transferred another $3,000 from her bank account.
“I went into shock, I literally went into shock,” Horrobin said. “I laid on my couch and crawled into a ball, and I just felt like a nightmare.”
When Horrobin spoke with her cellphone provider, T-Mobile, she said a representative told her someone went into a T-Mobile store in New York and asked to activate her cellphone service on a different phone. Horrobin said she did not authorize a SIM card swap.
A T-Mobile representative told NBC 6 Responds in a statement, “We’re very sorry to hear about Ms. Horrobin’s experience. For privacy reasons, we cannot discuss individual customer accounts, but T-Mobile is working with Ms. Horrobin to resolve her concerns.”
Horrobin is one of many people reporting this issue.
Unauthorized SIM card swapping has more than quadrupled in recent years. According to the FBI’s Internet Crime Complaint Center, from January 2018 to December 2020, they received 320 complaints related to SIM swapping incidents with adjusted losses of roughly $12 million. In 2021 alone, they received 1,611 SIM swapping complaints with losses totaling more than $68 million.
“The issue is people are the soft spot and all the bad guys have figured it out and that is where the money is,” Mykolas Rambus said.
Rambus is the CEO of the digital privacy protection company Hush. He said SIM swapping starts when a scammer gets ahold of your personal information and then impersonates you while on the phone or in person with your cellphone company. The scammer reports your phone is lost or stolen. A new SIM card attached to your phone number is requested and activated on a new device.
“All of your two-factor authentication, the text message from your bank, all of that stuff goes to their device and their phone instead,” Rambus said.
To avoid becoming a victim of SIM swapping, experts suggest limiting the amount of personal information about you online. You can also add a multi-factor authentication application on your phone. This will direct passcodes to the app and not your email or text messages.
You also want to lock down your accounts, including your cellphone account. You can ask your cellphone provider to only authorize account changes when you visit in person with a photo I.D.
In Horrobin’s case, she said her bank stopped the $3,000 transfer out of her account and T-Mobile has made her a partial offer to cover some of the money taken from her crypto account.
“I save my money, I invest, I am a single mom, I work as a nurse, I trade on the side to make extra money for me and my kids. Money I saved up for years, all gone,” Horrobin said.
She now has a warning for others.
“The biggest advice I can give someone is when your phone says no service, it does not necessarily mean you are not having or you are having bad signal, or bad reception, you are probably having your entire life savings drained and you don’t know,” Horrobin said.
A Coinbase spokesperson told NBC Responds the following:
“Coinbase has a dedicated fraud investigations team and policy to ensure specialized support for our customers. We also began rolling out phone support specifically for Account Take Overs (ATOs) in August of 2021.” However, “Coinbase’s crime insurance does not cover losses resulting from unauthorized access to Coinbase accounts due to a compromise of a customer’s login credentials, which is often the cause of account takeovers.”
The company provided the following steps for consumers to secure their accounts:
- Use a strong unique password for each of your online accounts
- Do not store API key data in a public space or forum
- Ensure all financial accounts and email have 2FA (two-factor authentication) enabled, preferably using a TOTP code generator (Time Based One-Time Passcode)
- Regularly sign out of your Coinbase account
- Ensure your mobile device carrier has additional security features enabled for your cellular account