OKLAHOMA CITY - Adam Marshall served four tours in Iraq and Afghanistan and was medically discharged after suffering major brain injuries from a series of IED blasts.
“I still have problems finding words, the simplest words,” he said.
More than a decade of healing, now he's now facing a new threat- identity theft.
“They were able to get to an investment account and pull out about $4,000 out of my investment account,” Adam added. “That quick.”
One day his phone service was working, the next it was turned off, but not before receiving a text from his wireless carrier, T-Mobile, notifying him someone had changed his SIM card.
It wasn’t him.
Rob Greggs, Vice President of Information Technology at Oklahoma City Community College, says the SIM card swap scam is fairly new.
He breaks down how hackers were likely able to steal Adam's cell phone account.
“It's the idea someone can walk into your cell phone carrier and ask for a SIM card, which is the little tiny chip, looks just like the one on your credit card today that goes inside your phone and say 'I've lost my phone, my phone quit working,'" he said.
All they need is a fake ID, your phone number, and the last four digits of your social to trick your service carrier into transferring your phone number to a new account or device they have in their control.
They are then able to request a password change, which sends a text with a one-time authentication code to the hacker's new number.
“[They] had access to bank accounts, finance, all of my financials, because my iPhone is connected to my MacBook," Adam said.
Adam says several T-Mobile reps told him someone had physically walked into one of their stores in Georgia and transferred his SIM card data.
A T-Mobile spokesperson tells the In Your Corner team they are taking additional steps to keep customer data safe and combating the problem in a variety of ways, like encouraging customers to add security features to their accounts.
We know earlier this year, the phone carrier was hit by a data breach, where hackers stole customer information.
However, Adam didn't become a T-Mobile customer until weeks after that breach was announced.
He said, “Bottom line is I don't know [what happened].”
Here’s one theory.
Adam also discovered his laptop was infected with a Trojan virus, which likely gave his attacker access to a treasure trove of his personal information.
So, how do you protect yourself?
You can make it harder for hackers to steal your phone number by adding a second PIN or passcode to your account.
Greggs said, “That PIN number will put an extra layer of protection in your cellular account that requires anyone who wants to change your pin, change your SIM, will have to provide that pin number.”
Adam has since locked down his accounts, changed passwords, signed up for credit monitoring service, and hired a computer professional to wipe his computer clean and reinstall security software.
He’s recovering from a new era of warfare adding, “Four grand [lost] and it's getting close to Christmas,” he said. “It is a lot of money, but at the same time, I have money for food, for my kids, bills, I'm okay.”
- Adam also filed complaints with the Federal Trade Commission and the FBI’s internet crimes.
- Again, there is no reason you shouldn't add a PIN number to your phone carrier account.
- It’s simple to do and free.