SIM swap hack money taken from Kraken to Revolut, how to proceed?

Nicehouse

Hi there,

I was the victim of a 'SIM swap' a few weeks ago, first of all a warning to anyone receiving a text message from their mobile provider saying 'your request to transfer your number is underway' or similar, that means this is happening and you need to act fast(this is when a provider such as giffgaff is totally flawed as no one to talk to directly).

I wont go into all the various things that went on including attempts to take moneys using WISE and Paypal that failed. But the one above was that I had a relatively small amount of money in Crytocurrencies held on the Kraken platform. This was cashed out and withdrawn, no one seems to know how and Kraken have stopped replying. I was able to discover that withdrawl went to a Revolut account and I also screen shot the last four numbers of the account it was transferred to before Kraken insisted I delete all the transactions. I then contacted Revolut who were initially helpful but couldn't disclose details of the account holder to me, understandably I suppose but I just wondered if anyone had this issue and what would the next course of action be? Is there any organisation who would tackle this issue? Contact Revout for instance and get the information pertaining to the account used? They have that information of course but I assume need an official approach.

Thanks to anyone who can help with this, the SIM swap seems like something relatively new and giff gaff, Kraken and Revolut don't seem to have any answers as to how it happened or really what can be done to safeguard in the future. As I said above I would now be very wary of a phone provider who you cannot talk to directly, it was an absolute nightmare anyway but made far more complicated by the lack of information and access to anyone because the messages from them came through their app which of course I then had no access to.

grumpy_codger

Nicehouse said:

... giff gaff, Kraken and Revolut don't seem to have any answers as to how it happened ...

Well, they must investigate and give answers. 
Giffgaff are definitely at fault, but claiming financial loss from them can be problematic.
With Kraken and Revolut, I gues, a mobile phone (number) is only one factor of two-factor authorisation, isn't it?

friolento

I am afraid I don't have any information that could help with your current situation.

Just to say though that SIM swap fraud has been around for a long time and there are some key preventative measures people can take to reduce their risk of falling prey to it:

1. put a PIN on your SIM
2. add a second password to your mobile phone account
3. use 2 factor authentication for logging into all your accounts

https://www.met.police.uk/SysSiteAssets/media/downloads/force-content/met/campaigns/fraud/cyber-protect_protect-yourself-from-sim-swap-fraud.pdf

Nicehouse

Hi there, thank you for the link and tips, very much appreciated.

SiliconChip

Kraken's crypto activities are not regulated by the FCA and funds are not protected by FSCS so if they refuse to do anything you may be stuck. Depending on how much a "relatively small amount" is it may not be worth pursuing much further, but use it as a lesson to make sure you're fully aware of the regulation that applies to the platform you're using.

"Payward Ltd (trading as Kraken) is registered as a cryptoasset firm with the Financial Conduct Authority (FRN: 928768) registered office at 6th Floor, One London Wall, London, United Kingdom, EC2Y 5EB. Cryptoasset services offered by Payward Ltd are unregulated and not covered by the Financial Services Compensation Scheme as well as the FCA’s consumer protection regulations."

gary1312

friolento said:

Just to say though that SIM swap fraud has been around for a long time and there are some key preventative measures people can take to reduce their risk of falling prey to it:

1. put a PIN on your SIM
2. add a second password to your mobile phone account
3. use 2 factor authentication for logging into all your accounts

https://www.met.police.uk/SysSiteAssets/media/downloads/force-content/met/campaigns/fraud/cyber-protect_protect-yourself-from-sim-swap-fraud.pdf

I like to think I'm pretty savvy but this is a new one on me so I appreciate this post - I didn't even know one could put a PIN on a sim. Thanks for posting.

GreenScepter

Nicehouse said:

a warning to anyone receiving a text message from their mobile provider saying 'your request to transfer your number is underway' or similar, that means this is happening and you need to act fast

This is an issue I believe needs much more improvement in the industry, as it can vary from provider to provider. I've swapped providers a fair bit and not all providers are as good at informing users if porting has begun, so you might not know it's even happening until it's already too late. I know someone myself who was a victim of this, as she was a bit older so she didn't understand what was happening and wasn't able to cancel it without contacting them (but their lines were closed outside her working hours.) And someone else I know recently changed provider but didn't get any notification about the porting process at all, and this was from a major provider too!

Considering how many things are tied to your mobile number, security needs to be much tighter. In my opinion, providers should send a mandatory text and email (maybe even a letter) letting you know a PAC has been requested and the same for when the process starts. There needs to be easier ways of cancelling it if you didn't request it, and maybe a longer minimum delay for the porting process. I'd rather wait an extra few days to move provider if it meant better protection from SIM swapping.

DullGreyGuy

gary1312 said:

friolento said:

Just to say though that SIM swap fraud has been around for a long time and there are some key preventative measures people can take to reduce their risk of falling prey to it:

1. put a PIN on your SIM
2. add a second password to your mobile phone account
3. use 2 factor authentication for logging into all your accounts

https://www.met.police.uk/SysSiteAssets/media/downloads/force-content/met/campaigns/fraud/cyber-protect_protect-yourself-from-sim-swap-fraud.pdf

I like to think I'm pretty savvy but this is a new one on me so I appreciate this post - I didn't even know one could put a PIN on a sim. Thanks for posting.

It was common in the 90s as was pretty much the only security option you had back then to stop someone using your phone . Its similar to other things, sims can store modest numbers of SMS messages and contact details, but as time went on phones got better and we stopped relying on stuff the sim can do and moved to FaceID and storing gigabytes of messages, photos etc on the phone itself and/or the cloud. 

Things often come full circle though, as in the 80/90s people often used stoplocks and other such things on their car steering wheel. They went out of fashion as alarms and immobilisers got better. Now a good 30% of cars on our road have them again because keyless entry and repeaters etc have lead to spates of car thefts so old fashioned physical devices are back in trend. 


You can report the matter to Action Fraud who'll determine if there is anything to go on but realistically expect them to ultimately come back and say the case is closed. It's fairly likely that the Revolut account owner is just a random person that themselves have fallen for some form of scam. Technically being a money mule is a crime in itself but these are just people answering social media posts for making money quick and arent the ones actually masterminding the thing and there is no end of desperate people who'll fall for a story and agree to receive £100 and then transfer £90 of it via Western Union or such keeping the delta as a fee until the full £100 is clawed back to compensate the original victim

Olenna

grumpy_codger said:

Nicehouse said:

... giff gaff, Kraken and Revolut don't seem to have any answers as to how it happened ...

Well, they must investigate and give answers. 
Giffgaff are definitely at fault, but claiming financial loss from them can be problematic.
With Kraken and Revolut, I gues, a mobile phone (number) is only one factor of two-factor authorisation, isn't it?

I don't see definitive evidence of this being Giffgaff's fault yet.

Olinda99

As far as I know there are only three ways to do this 

1.  someone steals your phone, takes the SIM out, puts it in their phone and they have your number. They can't do this if you have a PIN on your SIM

2. Someone gets your phone, gets access to your phone and texts PAC to whatever number it is, gets the PAC and switches your number to their phone

3. Someone walks into the shop of Three, O2 whatever and says my phone's been stolen please give me a replacement SIM. The shop should ask for ID and you should have a password on your mobile account and they should not give you the new SIM without this password - however obviously things do fall between the cracks. An alternative to walking into the shop would obviously be to call them with the same story but then I would imagine they would post a new SIM to a registered address so might be more difficult to get hold of it.

grumpy_codger

Olenna said:

grumpy_codger said:

Nicehouse said:

... giff gaff, Kraken and Revolut don't seem to have any answers as to how it happened ...

Well, they must investigate and give answers. 
Giffgaff are definitely at fault, but claiming financial loss from them can be problematic.
With Kraken and Revolut, I gues, a mobile phone (number) is only one factor of two-factor authorisation, isn't it?

I don't see definitive evidence of this being Giffgaff's fault yet.

They gave a new SIM to some stranger without making adequate checks to make sure that it was their customer who requested this.

Are you accusing the OP of lying?