Hackers are stealing cryptocurrency more often from random individual users, a Wall Street Journal (WSJ) report says.
This comes on the heels of the crypto boom among smaller “mom and pop” types of users.
Hackers have traditionally stolen from wealthy or well-known investors via SIM swaps or switching a phone number from one device’s subscriber identity to another, but they are increasingly using these methods to steal from lower-profile individuals.
Small investor attacks have led to customers disputing charges with cellphone carriers. Some change their plans. And some telecom companies, in response, have changed their security measures.
As that goes on, law enforcement is trying to foster team-ups to address the wider pool of potential victims.
The Federal Communications Commission is bolstering its rules for wireless carriers in a bid to cut down on SIM-swap fraud, which will hopefully get tighter restrictions on how numbers can be switched.
But some companies are not as happy. Among those is AT&T, which has said the agency’s proposed regulations could end up hurting customers and being a blueprint for attacks. The company said there are hundreds of thousands of requests to switch devices or carriers per month, with fewer than 1 percent of them fraudulent.
Customers undergo SIM swaps when they take their numbers to new phones. Hackers can impersonate phone users with account information or phone data. The phone companies are trying to assess ways to fight the issue, with AT&T saying it was using data analytics tools to gauge risk, Verizon saying it makes postpaid customers use a passcode to switch, and T-Mobile allowing SIM swaps via account PIN or some other authentication.
Crypto hacking is becoming more commonplace. PYMNTS writes that the Financial Action Task Force (FATF) in France is looking into more strict regulations in order to curb money laundering and other such activity.
See also: French Regulators Tout Stricter Crypto Regulations
The body has asked several dozen members to require crypto firms to make safeguards for identity verification and inform regulators about suspicious activity.