Become a Valued Member of myCPE Professionals Community
Trusted by 250,000+ Professionals
5.0
"Steven was knowledgeable and thorough…”
Steven was knowledgeable and thorough in his information about the product and what is offered. He was empathetic to my situation. He went above and beyond answering all of my many questions. Excellent service!
Crystal lovejoy
5.0
"Great Customer Service”
Great service and very patient as I asked several questions. Steven answered all my questions and helped me make the right decision in my subscription purchase. Thank you.
Lori corry
5.0
"It is what it advertised to be”
It is what it advertised to be. Professional quality training and CPE tracking and certificates; systems knows AZ CPA CPE requirements and categories. I've needed help on several occasions and the assistance was quick and effective; however, there were some problems with data entry. The assistance sometimes asks for input, but when I try to type it is dissallowed for some reason. On several occasions I had to close the popup to get it out of my way.
Brian Carey
5.0
"Great customer service”
Great customer service. Classes are pertinent. Great value
Become a Valued Member of myCPE Professionals Community
Trusted by 250,000+ Professionals
5.0
"Steven was knowledgeable and thorough…”
Steven was knowledgeable and thorough in his information about the product and what is offered. He was empathetic to my situation. He went above and beyond answering all of my many questions. Excellent service!
Crystal lovejoy
5.0
"Great Customer Service”
Great service and very patient as I asked several questions. Steven answered all my questions and helped me make the right decision in my subscription purchase. Thank you.
Lori corry
5.0
"It is what it advertised to be”
It is what it advertised to be. Professional quality training and CPE tracking and certificates; systems knows AZ CPA CPE requirements and categories. I've needed help on several occasions and the assistance was quick and effective; however, there were some problems with data entry. The assistance sometimes asks for input, but when I try to type it is dissallowed for some reason. On several occasions I had to close the popup to get it out of my way.
Brian Carey
5.0
"Great customer service”
Great customer service. Classes are pertinent. Great value
Steve
1/4
Subscribe Now at $199/ 12 Months
Topic of Interest
Select the topics of your interest to receive Webinars/Virtual Events/E-Books/Podcasts of your interest.
Not found
Selected Topics
Important: Course Deactivation Alert
Below mentioned Courses will be deactivated soon due to outdated content. Complete the course within the next 7 days to receive credits. After Expiry date, the course will be unavailable for credit. For assistance or inquiries, please contact our support team at support@my-cpe.com.
It has been reported that Google Fi customers may have had their data stolen due to a recent cyberattack related to a T-Mobile breach earlier this month. Google Fi's primary network provider informed the cell network's customers that a system containing customer data had been compromised. Android Police obtained the email.
A Google Fi customer notification informed them that the cell network's primary network provider was aware of suspicious activity in a Google Fi customer data system. According to Google, hackers may have accessed user information through the compromised system, including phone numbers, SIM card serial numbers, account status, and information about mobile service plans.
This post is about another cyber attack situation: the Google Fi Breach- SIM Swapping attack. I want to explain what Google Fi was before discussing the attack.
A mobile virtual network operator (MVNO) by Google, Google Fi provides telecommunications services such as voice, SMS, and mobile broadband through cellular networks and Wi-Fi. US Cellular and T-Mobile operate the networks that Google Fi uses.
With a Google Fi plan, your network coverage will be improved. With Fi, you can always count on a reliable connection with two carriers (T-Mobile - which has since acquired Sprint - and US Cellular) and Wi-Fi hotspots when available. The only requirement is that your smartphone must be "designed" for Fi or "compatible" with it. It can be unlocked whether it's an iPhone, Pixel, or Android. Google Fi goes beyond cellular and data coverage to simplify billing. Fi lets you do international data and calling; you don't have to pay extra for texting or data.
We now understand what Google Fi is, so let's inspect the attack.
An Overview of the Google-Fi Breach
Through the compromised system, Google says hackers may have gained access to limited customer information, including phone numbers, SIM card serial numbers, account status, and mobile service plan information. The system did not store customer information such as names, emails, payment card numbers, government IDs, passwords, and pin numbers. According to Google, there was no unauthorized access to Google's own systems or any systems it oversees directly, so customers do not need further action. Considering Google Fi and T-Mobile's relationship, this attack is likely to have been connected to T-Mobile's hack earlier this month, which affected 37 million customers. A Google Fi breach may have affected many customers, but the company has not disclosed how many subscribers it has.
As a result of the T-Mobile breach, Google Fi was infiltrated, resulting in a SIM swapping issue. To understand the whole story, you should know the SIM Swapping issue.
SIM Swapping Issue
SIM swap attacks, or SIM intercept attacks, are types of identity theft in which attackers convince cell phone carriers to switch a victim's phone number to a new device to access a victim's bank accounts, credit card numbers, and other sensitive information. Due to the growing dependence on cellphone-based authentication methods, SIM swap attacks are relatively new and on the rise.
Threat actors use SIM swapping attacks to trick mobile carriers into porting customer numbers to their SIM cards. Hackers gain credibility by posing as customers, often using stolen personal information (or, in this case, a Google Fi breach) in social engineering or phishing scams. In addition to accessing the victim's text messages and multi-factor authentication codes, the attacker can commit other crimes once the number is ported.
There is legitimate sim swapping and illegitimate nefarious sim swapping that takes place. If you lose your phone, you contact the phone company and they will swap your sim out into a new phone. This is legitimate sim swapping.
When an attacker has enough information, they are able to call up the phone company and pretend to be the owner of the phone. In a nefarious activity, the attacker gets the phone company to switch out a SIM card that the legitimate owner no longer has access to but the nefarious actor does. You get all of that content as an attacker from an illegitimate or nefarious Sim swap.
The digital asset space is characterized by companies partnering with other companies, and that will continue to be the case for a long time in the traditional market. This is why, when things go wrong, aggregation and partnerships tend to produce a trickle-down effect in the digital asset space.
How much data was stolen in this attack?
The company said unauthorized access had been made to a third-party customer service system that contained a "limited amount" of customer information. Among the data stored here are the phone number, the activation date of the account, the mobile service plan, the serial number of the SIM card, and the account's status.
The company claims names, dates of birth, emails, payment card details, social security numbers, financial accounts, passwords, or PINs were not exposed. In addition, hackers did not gain access to calls or SMS content.
How can you protect yourself?
In terms of sim swapping, protecting yourself is a crucial point to remember, but one of the things that you want to try is non-sms multi-factor authentication in terms of protecting yourself.
Consequently, if a lousy actor intercepts your phone and gets access to your information, they can authenticate the transaction. If they now have access to things outside your phone, like your bank account, you may want to keep your personal information private.
For the sake of peace, don't post about your assets online. I see that so much as an investigator federal agent. I was fascinated to see all the posts of people saying, "I've got this boat and this bank account, and I've got this Swiss account.". It is important not to become vulnerable to an attack. Be aware of social engineering attacks, smushing fishing, and so on.
I won't go into those in detail, but they are all usually done by social engineers, and I've been getting a lot through email, texts, and phone calls now. The carriers themselves are having a huge problem nowadays.
Using T-Mobile Verizon, you can prevent Sim swap attacks, but they all require you to take action on your part, as they don't just initiate on your account automatically.
I’m hopeful that this guide will help you, and if you are looking forward to learning more about cyber crimes prevalent around you, then you can take cybersecurity CPE courses on our platform. You can enroll for CITP CPD courses and CPE nano learning courses at our website for more profound insight into cybersecurity, cyberattacks, and related topics.
Share with
Imtiaz Munshi, CPA
CFO, AZSTEC LLC
The author Imtiaz Munshi is a Certified Public Accountant and CFO at Azstec, LLC. He is Business Strategist, Tax Planner, Entrepreneur and Advisor to "HNEs" (High Net Worth Entrepreneurs).
Experience MYCPE ONE at its best! Upgrade your browser for a more interactive, user-friendly interface, and stay ahead in your professional development journey.
Imtiaz Munshi, CPA 
-1686653504.webp "CPAs in Finance: A Comprehensive Guide to Choosing the Right Professional Designation")
