Well also learn what steps you’re able to take to safeguard your own accounts.
[00:00:02] They call it flexing.
I have a task for you."
(MUSIC SEGUE)
[00:00:40] Bob: Welcome back to The Perfect Scam.
Im your host, Bob Sullivan.
Your smartphone is the password to your whole digital life, maybe your whole real life too.
That’s why today’s story is so important.
It involves a technique that lets criminals steal your smartphone, even though it never leaves your pocket.
Think about what kinds of things someone could do to you if they had control of your smartphone.
For starters, they could give a shot to steal money from your bank accounts.
And the crazy things they did like pouring expensive champagne onto Rolex watches.
So we’ll talk about ways you’re free to protect yourself.
[00:02:27] Bob: The victim said his phone just died.
But that’s not all.
[00:02:44] Samy Tarazi: So this was weird to us.
A dead phone, a bunch of hacked accounts, and then, stolen cryptocurrency.
And soon millions of dollars would be at stake.
Well like, oh my God, the entire world’s like security infrastructure has this gigantic flaw.
[00:03:37] Bob: The entire world’s security infrastructure has this gigantic flaw?
This flaw is known as SIM swapping.
Every smartphone has one.
In other cases, SIMs are updated, swapped virtually.
Most of the time we want this.
It’s the easiest way to modernize your phone.
But when criminals do it, disaster can strike.
And now you’re authenticated.
They know your email address.
Say it’s, you know, @Google.
But they sort of have the key to the kingdom now that they’re in your email.
[00:06:39] Bob: They have the key to the kingdom.
[00:06:40] Samy Tarazi: Yeah.
[00:06:50] Samy Tarazi: Correct, yeah.
[00:06:52] Bob: SIM swapping criminals didn’t initially set out to steal cryptocurrency.
At first it was more of a game, well a vanity.
Original SIM swappers were just trying to steal hard to get Instagram and Twitter handles.
Then they’d see the valuable handles on sites like OGUsers.
It was a little like the domain name land rush of the internet’s early days.
[00:07:45] Samy Tarazi: So they started SIM swapping for that purpose.
This started in, you know, 2016, maybe 2015.
They steal it, they’re rich.
[00:08:14] Bob: Steal millions pretty easy.
But they need targets, and the obvious targets are early investors in cryptocurrency.
[00:08:59] Bob: And what do you do?
[00:09:01] Michael Terpin: I am a technology investor and advisor.
I’ve been involved in the cryptocurrency markets since early 2013.
I mean you were there at the very beginning.
[00:09:17] Michael Terpin: The first bitcoin was mined in 2009.
Super early would be somebody who was like 2010 when it was like under a penny.
A year later it was under a dollar.
A year after that, it was under $10.
When I got in, it was about $100.
It’s $35,000 right now.
[00:09:35] Bob: Michael bought bitcoin when one coin was worth $100.
It’s priced at about $35,000 a bitcoin now.
And remember, he is a high-profile tech advisor.
So SIM swapping criminals find him an attractive target.
But Michael doesn’t know what to think that day in 2017 when suddenly his phone simply goes dead.
My wife and I were developing a property in Guaynabo.
It was a Sunday afternoon.
It takes a while for you to get a hold of anybody.
[00:10:48] Michael Terpin: I was already on my email.
[00:10:49] Bob: Oh you were.
Okay, so this all happened within a few moments then.
[00:10:51] Michael Terpin: Yes, yes.
[00:10:57] Bob: Oh God.
[00:10:57] Michael Terpin: And that’s when I realized that I’d been hacked.
[00:11:01] Bob: He’d been hacked.
What are the criminals after?
Within a few hours, Michael is able to get his phone service restored.
Michael doesn’t just let it go however.
He’s worried thieves might strike again.
So he calls both his cellphone providers.
And that’s when they told me about the celebrity plan.
Every phone company has one, it’s the higher level of authentication.
And I asked point blank, you know, if I do this, will this protect me?
And they, they both said yes.
[00:12:29] Michael Terpin: I would say so.
[00:12:30] Bob: Yeah.
[00:12:30] Michael Terpin: I thought so.
We’re seeking the records for that account."
It’s unique to all phones.
No matter where they’re manufactured, an IMEI will be unique to a specific phone.
So now we knew, hey, this, this absolutely happened.
Someone took over this guy’s account.
Why is that important?
That tells us generally speaking where the phone was at that date and time.
How can that be?
We just have never done; we’ve never taken those investigative steps.
[00:15:57] Bob: The suspect is literally caught with his own selfie.
[00:16:16] Samy Tarazi: Then we basically start stumbling on his social media accounts.
Instagram, he had the Instagram 0, just, uh just the number 0.
And I thought that was strange, like how does he have a one-digit Instagram account?
So he had three one-digit Instagram accounts.
So it started delving us down another avenue of vanity handles on social media.
[00:17:41] Bob: $5 million.
[00:17:43] Samy Tarazi: $5 million.
Gone in a flash.
[00:17:45] Bob: Wow.
[00:17:47] Bob: And Samy also gets an unfiltered look into the world of SIM swapping criminals.
[00:17:54] Samy Tarazi: We’re still following him on Instagram.
So right…
[00:18:19] Bob: Wait, I’m sorry.
This is not a world I’m familiar with.
[00:18:49] Samy Tarazi: Correct, exactly.
Um, why not?
What, what’s happening now?
Do we extradite him?
Get him on a plane back to California?
We’re still in the evidence collection process at this time.
They’re dropping 50-, 60-, $70,000 a night at a night club.
And they’re buying, you know, $100,000 watches without even thinking about it.
This time, the suspect calls police himself.
And Joel Ortiz, not being a sophisticated criminal, calls the police.
I know this because Joel Ortiz that night posts to his Instagram account that he was robbed.
And it didn’t really matter too much because it’s just money.
He’s just been victimized of a robbery.
So we coordinated pretty quickly.
I called the Hollywood division of LAPD and talked to the detective who had interviewed him.
So now we have a list of other suspects that will, will become important later.
But now we’re sort of in a rush to get Joel in custody before he leaves.
[00:24:16] Bob: What did you think when you first saw him?
[00:24:18] Samy Tarazi: I sort of already knew what he looked like.
[00:24:32] Bob: He didn’t resist or, or did, did he talk to you?
[00:24:34] Samy Tarazi: He did not resist.
That’s why we waited for him to voluntarily remove it from his person.
But yeah, he didn’t resist.
So we say, “Hey, where’s, where is the money now?”
And in his backpack, he had a, a cryptocurrency hardware wallet.
So he tells us the code to unlock it.
Where’s the rest of the money?"
[00:26:55] Bob: Is it a Sunday again?
[00:26:56] Michael Terpin: Sunday again.
[00:26:57] Bob: Middle of the afternoon?
[00:26:58] Michael Terpin: Middle of the afternoon.
[00:26:59] Bob: Where were you?
[00:27:00] Michael Terpin: I was in Las Vegas.
But all of a sudden, no signal right?
So I, I basically noticed that something was wrong by the password resets.
You know I had a number of password resets that happened again.
[00:27:38] Michael Terpin: Yeah, exactly.
I was like, again?
[00:27:45] Bob: Michael knows he’s in a race against the criminals now.
He assumes they’re after his cryptocurrency.
That’s something you could’t hack without having the physical gear.
I had my own conference on Monday.
And I was like, what?
And that’s when I realized that I had lost, you know, $24 million.
[00:28:42] Bob: $24 million dollars, stolen in an instant.
But his case is important.
[00:29:12] Bob: He was the poster child for SIM swapping at the moment, right?
[00:29:14] Samy Tarazi: Correct.
[00:29:40] Bob: But Michael has advantages that other victims do not.
After he goes public, tips start rolling in.
Pinsky also reveals a lot about how SIM swapping gangs work.
[00:32:05] Bob: 1 in 5.
[00:32:07] Michael Terpin: 1 in 5, yeah.
He said he had no problem finding people willing to do it.
[00:32:24] Samy Tarazi: So we’re still continuing.
He gets booked into the jail in New York, and eventually he gets extradited back to California.
Truglia is currently in prison serving an 18-month term.
[00:34:03] Bob: And arresting Truglia turns out to be a breakthrough.
[00:34:08] Samy Tarazi: We’ve arrested Nick.
He’s, evidence we’ve collected from there has led us to another, another suspect in Connecticut.
So he had hidden his crypto and we were interviewing him, but he was pretty defiant.
But his parents were shocked, you know, he’s a juvenile living with his parents.
So they, you know, sort of insist on the son that he cooperate.
And he tells us, “Hey I gave my real-life friend my crypto wallet.
He lives a couple blocks away.”
So he goes and gets it, we bring it back to the house.
[00:35:49] Bob: Wow.
[00:35:57] Samy Tarazi: This was a victim out of San Francisco who lost a million dollars.
It wasn’t laundered yet, and basically went from the victim’s wallet to this wallet in Connecticut.
So now we, hey, there’s a million dollars.
We finally found a complete seizure.
We were very, very excited for that win, and it was a call I looked forward to.
I figured they’d want to hear the news.
[00:36:47] Samy Tarazi: And see, yeah, exactly.
And we are able to finally catch someone in time before they wasted it.
[00:37:04] Bob: Eventually a set of crypto criminals are prosecuted and justice is swift and firm.
[00:38:02] Bob: SIM swappers are a threat to society and to you.
But make no mistake, you don’t need cryptocurrency to be a victim.
A SIM swap incident can cause distress to victims in plenty of ways.
[00:38:36] Samy Tarazi: Yeah, they can absolutely destroy your lives in half an hour.
[00:39:28] Bob: Oh my God, that’s so, so heartbreaking.
And this one here is something that you have, theoretically is the phone.
That doesn’t mean SIM swapping has gone away.
[00:40:47] Bob: So where are we at now?
Have, have things calmed down in the SIM swapping world?
And if they’re bribed or whatever, they can do it.
[00:42:26] Samy Tarazi: Yes.
[00:42:27] Bob: Okay, so how do people protect themselves?
Most people, the first step is their email.
You know a lot, I would say the biggest, most common email provider we have is Google.
The main message is just remove any ability to access your accounts online via a text message.
Like if that’s what happens, that’s fine.
Your email account can be reset simply by being SIM swapped.
[00:45:20] Bob: Michael Terpin meanwhile has kept up the fight.
He still wants AT&T to pay for the cryptocurrency that was stolen from him.
Earlier this year a judge dismissed his lawsuit against the firm, but he’s appealing that decision.
Number one, I want my money back.
I already have some of it back, but I’d like more.
I may end up getting, you know, my money back from the criminals vs. AT&T.
I get my money back, I’m happy.
So that’s number one.
Number two, I want the laws to change.
People should not have to go through this.
[00:46:50] Bob: For The Perfect Scam, I’m Bob Sullivan.
Call the AARP Fraud Watch connection Helpline at 877-908-3360.
Their trained fraud specialists can provide you with free support and guidance on what to do next.
That address again is: theperfectscampodcast@aarp.org.
Be sure to find us on Apple Podcasts, Spotify, or wherever you listen to podcasts.
For AARP’s The Perfect Scam, I’m Bob Sullivan.
