[londons_explore]

> those instances _should_ be easy to trace and prosecute

I suspect that the employees aren't merely doing a sim swap attack with their work login credentials. Like you say, they'd clearly get fired/prosecuted for that.

Instead, I suspect criminal X buys a nice thing delivered to employee Y's house. Then, criminal X phones the helpdesk repeatedly till they get connected to employee Y during working hours. Then, they claim to own the phone number of victim Z, but have lost the phone, their id and everything else. But they manage to tell employee Y the answer to two of the secret questions "What is your gender", and "Did you use the internet in the last month?". The employee uses this, together with their judgement to proceed, according to company policy, and issue a new eSIM.

Later, when anyone finds out, the call is listened to, and the employee can legitimately say they were just following policy.

[vain_cain]

Out of high school I've worked a couple of years for A1 telecom(in Croatia) in customer service. When someone called, all I was required to ask is their OIB(Personal identification number) and they could literally ask me for anything if it's a residential user.

Want to cancel 20 numbers that still got 2 years until the contracts expire? Sure, let me do that for you. Want to change sim? Sure, just give me the new sim number. Want to add 5 tariffs to your plan? Sure, do you want phones with that?

That was 6 years ago but I still got friends I talk to there, and not much has changed.

[jabroni_salad]

On darknet diaries the stories told are a little more straightforward.

They just walk in to the store, steal a tablet out of the manager's hands, run away with it, and make all the changes they can with the logged-in session until corporate locks out the device.

[erksa]

People sell this as a service and supposedly have numbers on how long from a provider tablet is stolen until the device gets locked out. If I remember correctly T-mobile was/is considered to have the "longest" time from when the device is stolen, there for the most valuable.

[yborg]

Maybe T-Mo should consider using hardwired terminals again if they can't figure out how to geofence their POS tablets. This also might help with employee job satisfaction since they are less likely to be assaulted at work.

[DrewADesign]

I imagine getting someone job-fair hired under assumed credentials and ghosting after one full shift of abusing their access, or giving a very poorly paid CSR just enough cash to make it worth the risk is probably more straightforward, but I don't know anything about that stuff. Most restaurants/bars I worked at had hourly staff working under 'borrowed' SSNs and names for years, though.

[bitcoinmoney]

Why do you need a gift to the employee?