One defendant allegedly tried to engineer a SWAT raid on his co-conspirator’s home

Two US citizens have been indicted on charges related to a phishing and SIM swap scam that saw one victim defrauded of $16,000 worth of cryptocurrency.

After accessing the networks of wireless providers using the stolen credentials of employees and affiliates, Jordan K. Milleson, 21, and Kyell A. Bryan, 19 allegedly hijacked customers’ cell phone accounts through SIM swap fraud, where scammers pose as their victims in a bid to port the victim’s phone number to their own SIM card.

The defendants were then able to bypass phone-based authentication challenges and access victims’ email, social media, and cryptocurrency accounts, according to prosecutors. The duo are yet to enter any plea.


BACKGROUND SIM swap fraud – an explainer


Milleson created credential-stealing phishing domains disguised as websites belonging to wireless providers, according to a press release issued by the US Department of Justice (DoJ).

He also allegedly mounted ‘vishing’ attacks – social engineering through VoIP voice calls – to dupe targets into visiting the websites, while phishing victims were induced into divulging confidential data by follow-up emails, phone calls, or text messages.

The duo frequently changed victims’ passwords to prevent them from accessing their own accounts, according to the indictment.

Milleson allegedly hijacked one social media account with “thousands of followers” that was monetized with “sponsored links, product placements, and product reviews”, according to US prosecutors.

Swatting attack

Bryan allegedly perpetrated a ‘swatting attack’ “in retaliation for Milleson failing to share the illicit proceeds of digital currency theft.

“On June 26, 2019, Bryan anonymously called the Baltimore County Police Department and falsely reported that he, purporting to be a resident of the Milleson family residence, had shot his father at the residence,” according to the DoJ.

“Posing as the purported shooter,” Bryan “threatened to shoot himself and to shoot at police officers if they attempted to confront him.”

Sentencing

The pair were indicted on 15 counts related to the scheme, which took place between September 2017 and January 2020, before the US District Court in Baltimore yesterday (October 28).

The defendants face possible sentences if convicted at trial of up to 30 years in prison for each count of wire fraud and wire fraud conspiracy; five years for each count of unauthorized access of a protected computer in furtherance of fraud; and a mandatory two years’ consecutive sentence for each count of aggravated identity theft.

Milleson faces an additional counts of intentional damage to a protected computer.

Both men are been held in custody pending trial.


RELATED What is smishing? How to protect against text message phishing scams