Breaking News
More () »

Hacker steals man's $24,500 in savings using 'SIM swapper' attack

A scam that takes control of phone numbers has been used to reset people’s banking passwords to swindle them out of cash.

CASTLE ROCK, Colo. — An unexpected email suddenly caused Darren Rowell to rush to a Wells Fargo branch to try and stop a wire transfer he didn’t initiate, but Rowell didn’t beat the scammer. 

“Seven minutes later, the wire actually went through," he said. "$24,500 was taken out of my savings."

Rowell filed a claim with Wells Fargo and contacted Castle Rock Police after the incident in November. According to police documents, a Castle Rock Police investigator wrote that Rowell might have been hit with a “SIM clone attack” or what could have been a “SIM swapping” attack. 

The attack works like this: A scammer who might already have your personal information will call your cellphone company pretending to be you. The scammer will convince the employee to transfer your phone number to a SIM card they have.

Once the hacker has your number transferred to their cellphone SIM card, they essentially have control over your phone number. They can reset your banking passwords if you use texting to authenticate your bank login.

“I don’t know what I could have done. But I did the right thing. I immediately went to the branch to stop the wire. And it was gone so fast. It was the blink of an eye,” Rowell said.

The investigator also wrote that Rowell’s money was transferred to a “money mule” account that also had stolen money from two other scammed Wells Fargo customers in California and North Carolina.

As of this publication, Castle Rock Police closed their investigation because of “little to no success in solvability.” The investigator wrote that the scam likely occurred out of the country.

An alert sent out by the FBI in 2022 indicated it received about a hundred complaints per year about "SIM swapping"; however, complaints skyrocketed to more than 1,600 in 2021.

What can you do to prevent SIM swapping?

Castilgiola said you can ask your financial institution to use an app for two-factor authentication instead of traditional text messaging. He said the app’s special code would only be available on your phone. 

You could also set up a special pin with your cellphone company so only you can make changes on your account.

Some banks will also offer their customers specific hardware, like a unique key you would plug into a USB port to authenticate your login.

Bank initially denied SIM swapping claim

Wells Fargo also denied Rowell’s claim, according to documents and letters he provided to 9NEWS.

Rowell said he was told by the bank his username and password were used to initiate the wire transfer, which meant the company wasn’t liable for the loss.

After 9NEWS contacted Wells Fargo for comment, Rowell said he was contacted by the bank to notify him that his case was “reopened.”

A Wells Fargo spokesperson told 9NEWS over email on Thursday that the company is still investigating what happened and to stay wary of unexpected calls, texts, social media posts or potential scam emails.

"We never want to see anyone become a victim of a scam and are actively working to raise awareness of common scams to help prevent these heartbreaking incidents.

It’s important for everyone to be vigilant and aware of common scams to avoid falling victim. Be wary of unexpected calls, texts, social media posts, or emails from scammers impersonating banks, tech support companies and government agencies. 

Don’t be afraid to end communication with the person who contacted you and take time to research," said Wells Fargo in a statement.

More 9NEWS stories from Jeremy Jojola:


Before You Leave, Check This Out