Who is Noah Michael Urban and what did he do?

Noah Michael Urban, also known as 'King Bob' and 'Sosa', is a 20-year-old Florida man who was sentenced to 10 years in federal prison for wire fraud and conspiracy. He pleaded guilty in April 2025 for conspiring with others to steal at least $800,000 from five victims via SIM-swapping attacks.

What is the Com and what role did Noah Michael Urban play in it?

The Com is a community of English-speaking cybercriminals, primarily based on Telegram and Discord. Urban was a fixture of this group, where he constantly bragged about stealing unreleased rap music recordings through SIM-swapping attacks.

What groups was Noah Michael Urban associated with?

Urban was active in the cybercrime group 'Scattered Spider' and a destructive group of accomplished criminal SIM-swappers known as 'Star Fraud.'

What was the outcome of the SMS phishing spree?

The group used the access gained from the SMS phishing spree to steal proprietary company data and customer information.

Florida Man Sentenced for $13M Cybercrime: Scattered Spider Leader Noah Urban

Q: What were the targeted SMS scams that Urban was involved in?

Urban and others carried out targeted SMS phishing attacks during the summer of 2022, tricking employees into entering their credentials and one-time passcodes at phishing websites. The spree netted access to more than 130 companies including Twilio, LastPass, DoorDash, MailChimp, and Plex.

Noah Michael Urban, aka King Bob and Sosa, sentenced to 10 years in prison for SIM-swapping attacks. Part of the Scattered Spider group responsible for stealing data from over 130 companies.

A 20-year-old Florida man at the center of a prolific cybercrime group known as “Scattered Spider” has been sentenced to 10 years in federal prison and ordered to pay $13 million in restitution to victims. Noah Michael Urban pleaded guilty in April 2025 to charges of wire fraud and conspiracy, with prosecutors alleging he conspired with others to steal at least $800,000 from five victims via SIM-swapping attacks.

Background and Context

Noah Michael Urban's online hacker aliases “King Bob” and “Sosa” were fixtures of the Com, a mostly Telegram and Discord-based community of English-speaking cybercriminals. This group boasted loudly about high-profile exploits and hacks that almost invariably began with social engineering. King Bob constantly bragged on the Com about stealing unreleased rap music recordings from popular artists, presumably through SIM-swapping attacks.

Urban was also active in a particularly destructive group of accomplished criminal SIM-swappers known as “Star Fraud.” Cyberscoop's AJ Vicens reported in 2023 that individuals within Star Fraud were likely involved in the high-profile Caesars Entertainment and MGM Resorts extortion attacks that same year. The Star Fraud SIM-swapping group gained the ability to temporarily move targeted mobile numbers to devices they controlled by constantly phishing employees of the major mobile providers.

What Happened

In November 2024, Urban was charged by federal prosecutors in Los Angeles as one of five members of Scattered Spider (a.k.a. “Oktapus,” “Scatter Swine” and “UNC3944”). The group specialized in SMS and voice phishing attacks that tricked employees at victim companies into entering their credentials and one-time passcodes at phishing websites.

The targeted SMS scams spanned several months during the summer of 2022, asking employees to click a link and log in at a website that mimicked their employer’s Okta authentication page. Some SMS phishing messages told employees their VPN credentials were expiring and needed to be changed; other missives advised employees about changes to their upcoming work schedule.

That phishing spree netted Urban and others access to more than 130 companies, including Twilio, LastPass, DoorDash, MailChimp, and Plex. The government says the group used that access to steal proprietary company data and customer information, and that members also phished people to steal millions of dollars worth of cryptocurrency.

Why it Matters

The Scattered Spider case highlights the ongoing threat of SIM-swapping attacks and phishing scams in the adult industry. These types of attacks can compromise sensitive user data, disrupt business operations, and result in significant financial losses for companies and individuals alike.

As the adult industry continues to rely on digital platforms and services, it is essential that operators prioritize robust security measures to protect against these types of threats. This includes implementing multi-factor authentication, regularly updating software and systems, and educating users about phishing scams and SIM-swapping attacks.

What Comes Next

The sentencing of Noah Michael Urban marks a significant victory for law enforcement in the fight against cybercrime. However, it is clear that more work needs to be done to prevent these types of attacks from occurring in the first place.

As the industry continues to evolve and grow, it is essential that operators prioritize security and take proactive steps to protect themselves and their users from emerging threats. This includes staying up-to-date with the latest security best practices, investing in robust security measures, and collaborating with law enforcement and other stakeholders to share intelligence and stay ahead of cybercriminals.

Key Facts

Noah Michael Urban was sentenced to 10 years in federal prison for his role in the Scattered Spider cybercrime group.
The group specialized in SMS and voice phishing attacks that tricked employees at victim companies into entering their credentials and one-time passcodes at phishing websites.
Urban pleaded guilty to charges of wire fraud and conspiracy, with prosecutors alleging he conspired with others to steal at least $800,000 from five victims via SIM-swapping attacks.
The group netted access to more than 130 companies, including Twilio, LastPass, DoorDash, MailChimp, and Plex.
Urban was also active in the Star Fraud SIM-swapping group, which gained the ability to temporarily move targeted mobile numbers to devices they controlled by constantly phishing employees of major mobile providers.