You all must have heard about 20-year-old Noah Michael Urban, who was handed a 10-year prison sentence over a string of high-profile SIM swapping attacks on big U.S. carriers such as T-Mobile and AT&T in August 2025. While the case is certainly alarming, what makes it interesting is how the young man was not, in fact, a coding genius, but used exceptional social engineering tactics to trick the carriers into giving him access to customer information.
Noah Urban, a 20-year-old who outsmarted AT&T and T-Mobile without writing a single line of code
A Bloomberg report has shared more extensive details on how Urban started getting involved in cybercrime when he was merely 15 years old. It started with exploring conversations on online communities where discussions of SIM swapping are quite common. He quickly took on the skills and learned the ability to exploit vulnerabilities by persuading and manipulating people into bypassing security protocols.
The skill was then extended to trick carrier employees into granting unauthorized access to customers’ phone numbers and other sensitive information. This is alarming not only for the major cyberattack carried out by Urban but also due to the revelation that technical expertise is not required to compromise a company’s system, and you can do the most harm simply by manipulating a weak link in the security system that is not otherwise as evident: human behavior.
Noah was eventually charged with targeting 13 companies, including AT&T, T-Mobile, and Verizon. While he admitted to the crime, his lawyer argued in his defense that he was not quite aware of the gravity of his actions and the seriousness of SIM swapping and was under the influence of older co-conspirators. To further strengthen the defense, the lawyer pointed out how even big carriers can be tricked by teenagers, showcasing that even large companies can fall for the technique.
The report highlights that social engineering has become one of the major tools deployed to gain unauthorized access to information, and how technical skills are no longer required to bring harm to any business. There seems to be an increasing number of hacks being carried out through the manipulation techniques, which highlights the urgent need for companies to rethink security and be more vigilant about digital safety in order to avoid being in the middle of such situations.