Hacker almost takes over Singtel user's phone number, claims to have access to Singtel backend

The method of doing so is known as 'Sim Swap'.

Zhangxin Zheng | July 15, 2020, 09:47 AM

Cyber crimes are getting more sophisticated in Singapore.

One Singtel user, Dave Tai Wei Jie, recently took to Facebook to share about his encounter with a hacker who caused his Singtel phone number to be terminated.

The Facebook post started with an alarming claim: "Our telcos have been compromised. Please be careful."

It has since been shared over 3,000 times.

To warn others about such scams, Tai shared a few observations from his conversation that he had with the hacker over text.

He had originally posted some screenshots of the conversation but they have been taken down for security reasons.

Singtel user encounters a Sim Swap hacker

Tai learnt from the hacker that a method known as "Sim Swap" was used to take over Tai's number.

Sim Swapping is an account takeover fraud that has been increasingly prevalent worldwide.

It started off as a popular prank to take over iconic social media accounts, but has evolved into a method to steal money as well.

Last year, Twitter's Chief Executive Officer Jack Dorsey fell for Sim Swap and had his Twitter account hijacked as well.

Dorsey's Twitter account posted a series of offensive tweets when it was hacked, Business Times reported.

Hackers are able to take over a number after gathering sufficient information such as birth dates to pretend to be the owner of the number to trick mobile operators to transfer the victim's number to them.

This is how Sim Swapping works.

After taking over the mobile number, they will then attempt to log into other accounts, such as social media, email and bank accounts, which can be verified or are linked to the mobile number.

It can be difficult for people to stay vigilant against Sim Swap scams.

Managed to terminate number but required a code to complete takeover

In Tai's case, the hacker claimed to have access to "Singtel's support portal" and told Tai that he had his NRIC number, email address and birth date.

The hacker also claimed that he can retrieve information from other Singtel users as long as Tai provides him with the number. Tai did not do so.

From the conversation with the hacker, Tai also realised that the hacker was unable to complete the takeover, unless Tai provided him with a code, which he asked for persistently and even offered money to Tai to entice him to cooperate.

Tai's number was, however, successfully terminated by the hacker within a day.

The hacker did not appear to know if Tai's number was successfully terminated though.

Tai also noted that the hacker transacts via Bitcoins to maintain anonymity.

It does not appear that Tai's other accounts were compromised as a result of this encounter.

However, it posed some inconvenience to him as he highlighted that he could not access his SingPass or change any of his passwords because of the termination.

Investigations ongoing

When this incident happened to Tai, he called Singtel's hotline to alert the telco about modus operandi.

His number was reactivated later that day but he took up the telco's offer to change number.

Tai also said that a way to prevent such incidents from happening is to opt-in to only allow changes made to the contract or plan in-store, and not over the phone, so that any hacker will not be able to pretend to be the user to pull off a Sim Swap.

In response to Mothership's queries, Singtel said that they are conducting a thorough investigation and a police report has been made.

Here's the full response from the spokesperson of Singtel:

“We refer to Mr Dave Wei Jie Tai’s post that has been circulating on Facebook. We are sorry that Mr Tai had this unfortunate experience and have assisted him in resolving the issues with his account. We are conducting a thorough investigation and have reported the incident to the police.”


Top photo via Singtel Facebook and Unsplashed