"Somebody just gained access to my phone. They reset my Coinbase password," said one victim.
MARLTON, New Jersey (WPVI) -- More and more criminals are taking over our cell phones and stealing our money, even bypassing two-factor authentication. The Action News Troubleshooters have some tips to protect yourself.
You might remember Vibhor Jain of Marlton, New Jersey. The Troubleshooters told you back in May his Coinbase account was drained of about $45,000 worth of cryptocurrency.
"Our five years savings. We were just shattered. We both lost sleep for a couple of weeks," he said.
Here's how the criminals accessed his account.
"I got some notification on my phone that said, 'Hey, my Coinbase password is changed.' I was not able to log into my Coinbase account," recalled Jain.
He had two-factor authentication, meaning to access his account, a code that he received via text message or SMS on his phone needed to be provided.
But the criminals were still able to get into his account.
"Somebody just gained access to my phone. They reset my Coinbase password. They reset my email account password using the two-factor authentication because now they have all the SMS coming to them. And I cannot do anything because I don't have access to my phone," said Jain, who became a victim of SIM swapping.
Most of you are aware of the SIM card in your phone. SIM stands for subscriber identity module. It identifies your phone number with your account. SIM swapping is when a criminal swaps the SIM from your phone to a different device.
"Anytime someone calls my phone, someone sends me a text message, it's going to go to the handset that that criminal has put that SIM card into," said Rob D'Ovidio, a cyber security expert at Drexel University.
Criminals don't need a physical SIM card to make the swap. In most cases, they call the mobile carrier and impersonate a victim, getting the carrier to remotely swap the victim's mobile number to a SIM card in the criminal's possession. Last year, the FBI received 1,611 reports of SIM swapping with losses totaling $68 million.
"There are a few things that people can do to protect themselves," said D'Ovidio.
Be on alert. A red flag is if you suddenly stop getting messages or calls from friends or family members.
Protect your phone with a complex password.
"Everybody out there watching and listening, use a complex password, six, eight-digit passcode," D'Ovidio said.
Lock your cellular account with a complex PIN so that PIN must be provided to the carrier before any changes are made.
D'Ovidio also advises to use an authenticator app.
"Go online, download Google authenticator, download Microsoft authenticator, there are others out there, but those are the two that I recommend," he said.
It's an extra layer of protection for two-factor or multi-factor authentication.
Jain learned the hard way. SIM swapping is hard to trace and companies say they're not liable for any ensuing losses.
"Thankfully, we have our family, moral support or friends' support, so we could survive this. Otherwise, we were really, really shattered," he said