How Apple Device Upgrade Fraud Happens
Threat Actor Visits Apple Store
A criminal physically goes to an Apple Store, posing as the legitimate customer. They claim they want to upgrade or replace an existing iPhone under the victim’s phone number.
Minimal In-Store Verification
- ICC ID & PIN: Apple staff might confirm the ICC ID (the SIM or eSIM number) and request a phone PIN, but these checks can be superficial.
- ID Verification: Apple employees might briefly look at a driver’s license or ID, but if it’s stolen, altered, or not carefully inspected, the fraud can slip through.
- Scanning vs. Verbally Confirming: Some stores rely on scanning technology; others may only ask for numbers verbally. Either way, criminals may use mirroring tools or stolen personal data to appear legitimate.
Device “Upgrade” & Auto-Provisioning
The new iPhone is then activated under the victim’s phone number.
Behind the scenes, Apple’s systems communicate with the carrier—often without re-triggering the carrier’s stricter security protocols.
The old phone is disconnected, and the criminal’s new device now receives all calls, texts, and two-factor authentication codes.
No Detailed Store Records
- Many victims discover that Apple does not retain detailed video footage or robust logs of the in-store upgrade process.
- This lack of documentation can make it harder to trace and prosecute the fraudster later.
Why This Differs from a Typical Carrier SIM Swap
- Carrier Typically Isn’t Called
The fraudster deals directly with Apple’s in-store process, which might not re-trigger stricter carrier-level security (like requiring a unique account PIN).
- Legitimacy via In-Person Impersonation
Fraudsters who show up in person often raise fewer red flags than someone calling in. Apple Store staff may assume a physical appearance and partial ID check suffice.
Apple completes the final handoff of the victim’s line. If the store is lax about verifying identity, criminals exploit that loophole.
Consequences for Victims
- Instant Loss of Service: The original device is disconnected without warning.
- Compromised 2FA: Attackers control SMS-based security codes for email, banking, crypto accounts, etc.
- Apple ID Lockout: Once the attacker accesses the victim’s Apple ID on the new phone, they can reset credentials, further isolating the victim.
- Rapid Financial Theft: Fraudsters drain bank accounts and crypto wallets in minutes—often before the victim notices.
How to Protect Yourself
Strengthen Apple ID Security
- Use a unique, complex password and enable two-factor authentication on multiple Apple devices.
- Don’t rely solely on a single phone for 2FA.
Ask for Robust ID Checks
- During an in-store upgrade, request confirmation that your ID is thoroughly reviewed and logged.
- If you sense casual or rushed procedures, speak up or consult management.
Monitor Account Activity
Sudden signal loss is a red flag. Immediately contact your carrier if your phone stops working unexpectedly.
Set a Carrier Account PIN
Ensure all changes—whether at the Apple Store or carrier—require this PIN. Some carriers offer a “port-freeze” feature that restricts number transfers.
Act Fast if Fraud Occurs
- Change passwords for email, crypto, or banking immediately.
- Document the timeline and reach out to legal counsel if funds or sensitive data have been stolen.
Top 5 FAQ
- Who May Be Liable—Apple or the Carrier?
Liability depends on the facts. Apple’s in-store process or the carrier’s safeguards could both be at fault if identity verification was insufficient.
- What Should I Do If My Phone Loses Service Unexpectedly?
Immediately call your carrier, change key passwords, and contact legal counsel if you suspect your data or funds have been stolen.
- What Legal Claims Are Possible?
Potential claims include negligence, breach of contract, or fraud—depending on the security lapses and who’s responsible.
- Does 2FA Keep Me Safe From This Scam?
Not fully. SMS-based 2FA can be compromised if scammers hijack your number. Use app-based authenticators or security keys for better protection.
- How Can I Protect Myself?
Set a carrier account PIN, use multi-device 2FA for your Apple ID, watch for phishing attempts, and keep an eye on account activity.
Contact Us
If you or someone you know has experienced Apple device upgrade fraud—or any unauthorized phone takeover—time is of the essence.
Dilendorf team can help you navigate the complexities, mitigate losses, and hold responsible parties accountable.
Call (212) 457-9797 or email info@dilendorf.com for a confidential consultation.
Our attorneys are ready to advocate for your interests and secure the resolution you deserve.
Government Resources:
- FCC Announces Effective Compliance Date for SIM Swapping Item
- Cell Phone Fraud
- Protecting Consumers from SIM-Swap and Port-Out Fraud
- FBI Tech Tuesday: SIM Swapping
- SIM Swap Scams: How to Protect Yourself
- SIM Swapping
- Former Telecommunications Company Manager Admits Role in SIM Swapping Scheme
- Criminals Increasing SIM Swap Schemes to Steal Millions of Dollars from US Public
- The Aftermath of a SIM Swapping Attack
- FBI Las Vegas Federal Fact Friday: SIM Card Swapping
- Three Indiana Residents Charged In Nationwide SIM-Swapping Conspiracy
- HSI partners with NCA to identify ‘SIM swapping’ attack on US celebrities
We stay up to date and track cases involving phishing attacks and sim swap affecting major cryptocurrency exchanges and mobile operators:
One of the largest cellphone carriers in the United States is facing yet another lawsuit by a digital currency investor over SIM swap fraud. T-Mobile failed in its duty to protect its users and resulted in the plaintiff’s loss of $55,000 worth of BTC, according to the lawsuit filed in Pennsylvania.
I am victim of a SIM Swap scam. Both T-Mobil and Coinbase.com where negligent and failed to protect me. I have all the evidence to prove my case.
An 84-year-old grandmother living in West Palm Beach started investing in cryptocurrency to help save up for her family’s future. Then, nearly all of the money she put into cryptocurrency vanished after she claims a hacker got into her accounts and drained it of about $800,000.
Coinbase users have filed 134 pages of complaints to the SEC alleging that their funds have been “stolen” by the exchange
Yesterday, Kevin Frye filed a complaint in the Southern District of Florida against T-Mobile USA, Inc. for allegedly conducting a “SIM-Swap” without his consent, resulting in the loss of tens of thousands of dollars worth of cryptocurrency. The plaintiff claimed that “T-Mobile Representatives were either complicit with the theft or grossly negligent” since they have been on “notice for years that their security measures were not adequate.”
A Pennsylvania woman who lost the equivalent of $20,000 in cryptocurrency as part of a mobile fraud scheme says T-Mobile failed to protect her account in the face of a wave of similar incidents.
Nine months before scammers stole $20,000 from Kesler’s Coinbase account, the suit argues, Jack Dorsey was the victim of another high profile SIM swap, in which outsiders seized control of the Twitter CEO’s information. Security journalist Brian Krebs also covered the issue in 2018, specifically reporting that a T-Mobile retail store employee was under investigation for making an unauthorized SIM swa
A man is suing Gemini, claiming it was negligent not to notice significant sums of money moved from his money market account to buy cryptocurrency on the exchange over seven days. While the trader was out of reach in the Australian outback, someone allegedly stole money from his CIT account and wired it to Gemini to purchase crypto. Later, he noticed fraudulent activity on his accounts with other banks, and is suing CIT in addition to Gemini, claiming it violated the Electronic Funds Transfer A
Hackers stole $21 million in Bitcoin and $15 million in Ethereum from retirement accounts held with IRA Financial Trust on February 8, according to a report from Bloomberg based on an anonymous source.
Interviews and thousands of complaints have revealed a pattern of account hacks where users have reported money vanishing from their accounts, reports CNBC. Once criminals gain access to an account, funds can be drained within minutes.
My account that my mom and I use together got hacked in June of this year. We lost $350,000.The hacker not only transferred out all of the crypto we owned, they used the bank accounts that were linked to purchase more. When we found out about the hack, we called our banks to stop the transfer of money. We also immediately contacted Coinbase to report the hack. However, Coinbase still let the purchase go through while the bank transactions were pending. Now, Coinbass is claiming that because we stopped our banks from transferring the money, we owe them $10,000 to reimburse them for the purchase.
California-headquartered crypto trading platform Coinbase—has been named in at least 115 complaints sent to the U.S. Securities and Exchange Commission and the California Department of Business Oversight
“I believe Coinbase has engaged in fraud by knowingly marketing a service it knows it cannot actually provide,” the filing from November last year read, adding: “Coinbase knows it does not have the infrastructure to timely and adequately meet customer needs.” At the time, bitcoin and other virtual currencies were rocketing in value, leading to an unprecedented interest from eager new investors.
It took only two minutes for the attacker to clean Sean Everett out of what was then a few thousand dollars’ worth of digital coins from his Coinbase wallet
Author Jeff Roberts said $250,000 was stolen from Coinbase in 2013/2014. Roberts claims Coinbase’s hot wallet was hacked just a year after the company’s inception in 2012, and that the hacker made away with $250,000 worth of Bitcoin
Olympia and Steve Kallman of Parma said they are dealing with some sleepless nights after police reported they had more than $22,000 taken by con artists from their Coinbase cryptocurrency virtual wallet back on Aug. 16.
T-Mobile is facing a multi-million dollar lawsuit after hackers were able to gain unauthorized access to a client’s account. Using information provided by the cellular company, hackers successfully bypassed their two-factor authentication security measures enabling them to obtain a SIM card with the client’s personal and financial information. $8.7 million in cryptocurrency was ultimately transferred out of the customer’s account.
T-Mobile has been hit with a multi-million-dollar lawsuit after Reginald Middleton lost millions of dollars when hackers gained unauthorized access to his account. The hackers used information supplied by T-Mobile to successfully circumvent the two-factor authentication measure, which allowed them to obtain a SIM card containing all of Middleton’s financial and personal information. Ultimately, $8.7 million in cryptocurrency was transferred out of Middleton’s account.
Richard Harris, the customer and plaintiff, is alleging T-Mobile’s misconduct including its failure to adequately protect customer information, hire appropriate support staff and its violation of federal and state laws led to his loss of 1.63 bitcoin.
Last night while I was sleeping my account was logged into (web) from Russia…
The Vidovics lost nearly $170,000 in the blink of an eye when someone hacked their Coinbase account.
John said his accounts with Coinbase and Coinbase Pro were emptied as he watched his phone screen.
….an increasing number of users of the currently highly popular cryptocurrency exchange called Coinbase have suddenly found their accounts on the platform empty. This is after hackers have managed to gain access to them and thoroughly drain their cryptocurrency wallets.
League of Legends superstar has had $200,000 in cryptocurrency stolen from them – directly from their Coinbase account
…an unauthorized user had changed Ms. Maguian’a passwords for trading platforms… Coinbase and initiated transactions that emptied her accounts of crypto valued at around $80,000 at the time
The Eleventh Circuit Court of Appeals ruled today that the class action against Coinbase…will be held in open court. The case in question alleges that Coinbase assisted in laundering around $8.2 mln of stolen Bitcoin (BTC) – valued at over $100 mln today.
The Vidovics lost nearly $170,000 in the blink of an eye when someone hacked their Coinbase account.
Dr. Anders Apgar, a Coinbase customer, said his account had a balance of more than $100,000 in crypto when it was hacked during a robocall.
I had $14,000+ USD in my coinbase pro account. The account was hacked at the money was switched over to crypto and sent to multiple people this occured several hours ago (05/14/2021). Case # 06082303
Tampa resident David Bryant knew something was wrong last October when he found Coinbase notifications deleted from his account and his login no longer worked. “I lost about $15,000 dollars worth of crypto,” David said.
A Texas man is suing Coinbase, the cryptocurrency trading platform. The man alleges his Coinbase account was breached to make a $50,000 unauthorized transaction. He says at least 1,000 other Coinbase accounts have also been breached.
A new report finds that Russia was linked to the majority of crypto ransomware invasions, siphoning the equivalent of $400 million in stolen funds to illicit addresses in that country. It appears Russia has strong ties to the majority of crypto hacks and cybercrimes, especially when you consider that 74% of ransomware revenue in 2021 — over $400 million worth of cyptocurrency — went to accounts affiliated with the country in some way, according to a new report from cryptocurrency tracking and analytics firm, Chainalysis.
Case #05530638, #05542432. This all happened 4/15/21-4/16/21. How can I talk with someone from coinbase? I am so frustrated that someone stole my Bitcoin, ETH, and transferred $500 from my bank account and stole that too from my coinbase… Total almost $12,000. I am trying to understand what is going on and now I am completely blocked out of coinbase. I want answers!
An increasing number of users of the highly popular cryptocurrency exchange Coinbase have found their accounts on the platform empty after hackers managed to gain access to them and drain their cryptocurrency wallets.
Raza says Coinbase, the cryptocurrency exchange where he was robbed, has not been able to provide a solution and he thinks they need to step up security protocols.
In four minutes, cyber looters pilfered $34,123 worth of virtual currency from a Virginia resident’s Coinbase (COIN) account, the 38-year-old told Yahoo Finance.
I received several txts last night sending me a 2fa code. I woke up and my bitcoin was transferred at 230am to some address. Any idea what happened? Was it my cell phone provider? Seems fishy to me since I could not detect any threats my phone. No idea how the culprit read my txt messages but oh well.
I am an active user of CoinBase and somehow my account was breached even with 2FA enabled. The hackers stole all of the coins in my account by converting them to BTC and sending them to their wallet. They then deposited $1k USD and purchased BTC using my debit card and stole it before I could lock my account down.
Taking my case to reddit. My account was hacked approximately 3 weeks ago and .50 BTC (approximately $23k USD) was stolen from my account. In summary, I decided to log into my account one day to check in on the balance. A hacker had locked my account out.
…hackers managed to get into the accounts and move funds off the platform, draining some accounts dry. Thousands of customers had already begun to complain to Coinbase that funds had vanished from their accounts…Coinbase did not disclose how much cryptocurrency was stolen in the attack.
CNBC interviewed Coinbase users across the country. The interviews and complaints revealed a pattern of account takeovers, where users see money suddenly vanish from their account, followed by poor customer service from the company. Since 2016, Coinbase users have filed more than 11,000 complaints against Coinbase with the Federal Trade Commission and Consumer Financial Protection Bureau, mostly related to customer service.
An increasing number of users of the highly popular cryptocurrency exchange Coinbase have found their accounts on the platform empty after hackers managed to gain access to them and drain their cryptocurrency wallets.
Loads of scams out there. Remember Coinbase does not support chat. You will never speak with a Coinbase employee.
I have been trying to contact Coinbase support since Thursday when I saw $25k BTC sold from my wallet without my consent and could not receive any assistance at all from Coinbase to protect my investment.
It was 10.6 bitcoins held in the wallet service Coinbase, the most well-funded and widely implemented service on the market.
All your money is gone. Whoops! Sorry for your loss. Some Coinbase account holders are losing their shit today as they look to their bank statements to find that the exchange has withdrawn excessive amounts of money from their accounts.
California-headquartered crypto trading platform Coinbase—has been named in at least 115 complaints sent to the U.S. Securities and Exchange Commission and the California Department of Business Oversight
“I believe Coinbase has engaged in fraud by knowingly marketing a service it knows it cannot actually provide,” the filing from November last year read, adding: “Coinbase knows it does not have the infrastructure to timely and adequately meet customer needs.” At the time, bitcoin and other virtual currencies were rocketing in value, leading to an unprecedented interest from eager new investors
Yesterday, Kevin Frye filed a complaint in the Southern District of Florida against T-Mobile USA, Inc. for allegedly conducting a “SIM-Swap” without his consent, resulting in the loss of tens of thousands of dollars worth of cryptocurrency. The plaintiff claimed that “T-Mobile Representatives were either complicit with the theft or grossly negligent” since they have been on “notice for years that their security measures were not adequate.”
A Pennsylvania woman who lost the equivalent of $20,000 in cryptocurrency as part of a mobile fraud scheme says T-Mobile failed to protect her account in the face of a wave of similar incidents.
Nine months before scammers stole $20,000 from Kesler’s Coinbase account, the suit argues, Jack Dorsey was the victim of another high profile SIM swap, in which outsiders seized control of the Twitter CEO’s information. Security journalist Brian Krebs also covered the issue in 2018, specifically reporting that a T-Mobile retail store employee was under investigation for making an unauthorized SIM swap.
Mr. Harris sued T-Mobile in July, alleging the company’s practices didn’t meet federal standards and allowed a hacker to take over his phone number in 2020 and steal bitcoin worth nearly $15,000 at the time, and more now.
T-Mobile declined to comment on the suit but motioned to move the case to arbitration. Like Verizon and AT&T, the company requires arbitration to resolve disputes in its terms of service, often leading to closed-door settlements.
Hackers stole the personal identification data for millions of past, present and prospective T-Mobile customers, leading to a huge class-action lawsuit.
Losing cellphone service is inconvenient. But in some cases, it also might mean you’re getting hacked.
“It’s a whole new wave of crime,” said Erin West, the deputy district attorney of Santa Clara County. “It’s a new way of stealing of money: They target people that they believe to have cryptocurrency,” she told CNBC.
Just when you think the massive T-Mobile hack can’t get any worse, on Friday the carrier announced that over 50 million people, including current and former customers as well as prepaid customers, were affected by the breach. Information like Social Security numbers, driver’s licenses and account PINs were exposed.
Cellphone carrier T-Mobile is being sued over allegations it failed to safeguard against a SIM swap scam that cost one customer $55,000 in lost.
The CEO of a crypto firm that recently settled with the SEC over its 2017 ICO is suing T-Mobile over a series of SIM-swaps that resulted in the loss of $8.7 million worth of crypto.
The suit accuses T-Mobile of having “abjectly failed” in its responsibility to protect the personal and financial information of its customers.
A victim of a crypto theft using SIM-swap attack has filed a lawsuit against T-Mobile, alleging the failure and negligence on the part of the US cell phone carrier in preventing these scams.
“This action arises out of T-Mobile’s systemic and repeated failures to protect and safeguard its customers’ highly sensitive personal and financial information against common, widely reported, and foreseeable attempts to illegally obtain such information,” the lawsuit alleged.
T-Mobile is currently facing a complaint against one of the victims of SIM swapping, a type of fraud.
Cheng believed that the attack would not have happened if not for “T-Mobile‘s negligent practices and its repeated failure to adhere to federal and state law.”
T-Mobile is facing yet another SIM swapping complaint involving cryptocurrency theft. Last week, a Philadelphia man named Richard Harris filed a complaint in the Eastern District of Pennsylvania against the wireless giant alleging he lost approximately $55,000 worth of Bitcoin due to the company’s failure to safeguard his account
The sim was successfully swapped which means that either it was done without the pin or the person knew the pin. Again, this is only possible if it was a T-Mobile employee and most likely one of the employees that help a month prior during the line add and upgrade.
When it comes to security or whatever it is leave T-Mobile. It is insider job someone is doing sim swaps.
T-Mobile confirmed this week that it was hit by a “highly sophisticated cyberattack” that exposed names, dates of birth, Social Security numbers and driver’s license information for more than 40 million consumers who had applied for credit with T-Mobile.
After a crazy week where T-Mobile handed over my phone number to a hacker twice, I now have my T-Mobile, Google, and Twitter accounts back under my control. However, the weak link in this situation remains and I’m wary of what could happen in the future.
American telecommunications provider T-Mobile has disclosed a data breach after an unknown number of customers were apparently affected by SIM swap attacks. SIM swap fraud (or SIM hijacking) allows scammers to take control of targets’ phone numbers after porting them using social engineering or after bribing mobile operator employees to a SIM controlled by the fraudsters.
Yesterday, someone went into a T-Mobile retail store used a fake California Drivers License to buy a copy of my SIM card.
And now for the crazy chain of events, where T-mobile allowed a complete stranger to do a SIM swap on me, and Coinbase allowed a complete stranger to change my Coinbase identity with no questions asked.
Silver Miller said that “with little more than a persuasive plea for assistance, a willing telecommunications carrier representative, and an electronic impersonation of the victim,” criminals can manage to steal millions of dollars targeting unsuspecting victims.
Hackers swapped my T-Mobile SIM card without my approval and methodically shut down access to most of my accounts and began reaching out to my Facebook friends asking to borrow crypto.
Coinbase has admitted that hackers stole crypto from thousands of its users’ accounts over a three-month period.
Bad actors were able to infiltrate the accounts of and steal cryptocurrency from around 6,000 Coinbase customers by exploiting a multi-factor authentication flaw.
Matthew doesn’t know how the hackers were able to access his Coinbase account, but he remembered that when he signed up with Coinbase, they advertised they had insurance.
My binance account was hacked a day before. All my funds were converted into ETC and withdrawn from binance. I received no confirmation mail for withdrawals too. All security steps – login password, 2FA, confirmation mail were compromised.
I don’t know how people can do this? I used strong password and also use all security option but no result this bloody f**king person got access my account.
The world’s crypto market turned red as rumours about Binance, the world’s most traded cryptocurrencies exchange, being hacked began circulating on the web yesterday morning. Some users reported that their alts on Binance were “market sold” at a loss and balances drained.
Yesterday, BeanThe5th made a thread in the popular /r/cryptocurrency subreddit, regarding a theft that has occurred on his or her Binance account. Many users who saw this Reddit thread were quite surprised, as it has become common knowledge that Binance is one of the most reputable and secure exchanges that exist.
Hackers have stolen $570 million from a blockchain linked with Binance. The largest crypto exchange has had to temporarily halt the operation of its Binance Smart Chain after the exploit.1 Since the hack, Binance Coin’s (BNB) price has also dropped noticeably, with the token down 3.5% in the last 24 hours. At the time of writing, it is trading at $281.
Hackers just stole $40 million worth of bitcoin from Binance, one of the largest cryptocurrency exchanges in the world. It’s hardly the first time crypto has been targeted by thieves. For a technology that’s supposed to be hyper secure, in practice, it’s often proven itself to be, well, not.
Binance, the world’s biggest cryptocurrency exchange, is investigating a hacking incident that affected a number of crypto tokens Friday. According to its founder and CEO Changpeng Zhao, a private key, used to encrypt or decrypt data, had been hacked.
“Initial analysis is developer private key was hacked, and the hacker updated the smart contract to a more malicious one,” Zhao said on Twitter, adding that the Ankr and Hay tokens were affected.
On Tuesday, May 7, Binance, the world’s largest cryptocurrency exchange, announced that malicious actors had compromised user application programming interface (API) keys and two-factor authentication (2FA) codes, enabling them to access the company’s hot wallet and steal more than 7,000 bitcoin (BTC).
Cryptocurrency exchange Binance temporarily suspended its blockchain network after hackers made off with around $570 million worth of its BNB token.
Hello, I have been impersonated and sim swapped, they hacked my emails, twitter, facebook, exchanges, literally everything including binance, which they stole 2 btc (daily limit) from today and will steal more if the account isn’t frozen by tomorrow. They logged in and somehow disabled my google authenticator and I cannot get into my account, microsoft is working on giving me the hacked email back that is related to binance but they say it will take 3 days to escalate the ticket. In 3 days the hackers will have already taken my entire balance so I really need the binance account frozen now before they can steal more.
My account was compromised with multiple security layers on it. Google 2FA and Email Authentication which i both had on it. My google 2FA was on a device only for my google authentication apps, I take necessary steps to prevent hacks & The crazy thing is i always receive emails when anything is changing or so on so when the hack was happening binance did not not alert my email or anything. All my securities was reset and email was changed.
Someone made a withdrawal on my Binance account when I was sleeping last night and took all my money away. My Binance account had 2FA on and everything was safe and secure but somehow the hacker managed to hack it and withdrew all my holdings out. Binance support does not have a hacked feature, so it’s pissing me off. Is there anyway that I can get it back? This is all my life savings.
Crypto exchange Gemini Trust Co. lacked proper safeguards that resulted in retirement-account holders losing around $36 million in Bitcoin and Ether when the master key got hacked, IRA Financial Trust said in a new lawsuit.
Then, on Tuesday of this this week, someone posted the entire stolen database for free on Breach Forums. It’s unclear whether this individual previously attempted to sell the database but was unsuccessful, covertly purchased it, or otherwise obtained it through some other means. We also still don’t know when the data breach occurred, though the second post attempting to sell the database claimed it was obtained in September.
Regardless, the personal information of Gemini’s 5.7 million customers is now publicly available online.
San Francisco resident Robert Ross, a father of two, noticed his phone suddenly lose its signal on Oct. 26. Confused, he went to a nearby Apple store and later contacted his service provider, AT&T. But he wasn’t quick enough to stop a hacker from draining $500,000 from two separate accounts he had at Coinbase and Gemini, according to Santa Clara officials.
My account on Gemini was hacked. My password and email address on Gemini were both changed. I have been trading on Gemini for 4 years. Gemini now claims that there is no account at Gemini with my email. I have a ton of USD in my Gemini account and they will not even confirm that the funds are frozen.
