Cyber theft ring ‘The Community’ manages to steal over $2.4 million.  Nine members, eight American and one Irishman between the ages of 19 and 28, of which six have been charged with conspiracy to commit wire fraud, wire fraud, and aggravated identity theft. The remaining three were former employees of mobile phone providers who have also been charged with wire fraud.

The Community specializes in exploiting social-engineering. They gather enough info to be able to pass security checks with a mobile phone provider’s customer service team. They request a phone number transfer and if successful they are able to move the victims number to a new SIM card. The attacker is now given a short window in which to bypass two-factor authentication (2FA) checks in place.

Criminals are now able to redirect the victim’s calls, texts and future 2FA codes. Not only did they use social engineering, they bribed staff members who helped facilitate the theft of the victims.

The original article was written by Charlie Osborne for Zero Day and can be found here.