I have been a long time Rogers customer and currently have 2 Galaxy Samsung S5's with possibly adding another line soon for my daughter.
On Saturday, February 27th, my wife was finished a call with a friend, went to check something right after and she lost service to her phone. A message "unregistered SIM" appeared in top left corner of phone. Since I was at work, she couldn't contact Rogers and decided to try the live chat option. Well by the time she managed to start talking to someone, I was home. So I took over. The agent did the typical account verification. The verification almost failed, because some of the information didn't match up. One was that up until that point, I didn't have a PIN setup, and also there was a payment with a credit card that wasn't ours. We don't pay using a credit card at all actually. But after some more thorough questions, the account was verified. The agent asked me to remove the SIM from my wife’s phone and verify the number. It didn't match what was on the Rogers system. From here the agent then put the phone on lockdown and told me that the phone would be not usable until midday Tuesday. Almost a 3 day wait. She confirmed that there was fraudulent activity and that my case was forwarded to the fraud department. She also told me that someone verified themselves as me and proceeded to make changes to the account. I have the chat log script with all this info.
Now my wife, doesn't do anything on her phone that is out of the ordinary or risky. She uses Facebook, instagram, banking apps. All legit apps. Coincidently, the next night my wife tries to log onto CIBC and make sure that all the bills are set-up up to come out on the 1st of March. My wife always uses her CIBC phone app, but since it was out of commission, she then used the PC. She failed to login and had to do a password retrieval. Once logged in, she started crying and told me that all our money had been collated into one account and transferred to the thief. Someone managed to "learn" my wife online banking password and stole our money. And since my wife's phone was not working, CIBC was unable to contact her. We spent the next entire week, setting up new accounts, dealing with NSF's from the bank, dealing with NSF charges from all the companies that had pre-authorized payments coming out. What a stressful nightmare. All while this was going on, I was still getting emails that account changes were being done to my Rogers account.
I can’t prove the fraudulent activity happened because of my Rogers phone, but it can't be a coincidence.
But going back to Rogers, they offered us nothing. I asked for new account #, new phone numbers, new phones, new SIMS and credit for loss of services for over 3 days on my wife’s phone. I was willing to work with them on the new phones, as I understand there was a device balance on both phones. But all they agreed to was sending me new SIMS cards. Better than nothing I guess, but when they arrived, only one card came in the envelope and it wasn't even the right SIM card. Didn't even fit the phone.
I have had my ups and downs with this company, but they seemed to turn it around in the last few years for us anyways. But now I have one year left on my account and then goodbye. When I upgraded my account with new phones last March, I got phone call after phone call, email after email, customer satisfaction surveys. Told them I was happy. Now this happened, not even one call or email, no credit, no offerings. No Sorry's it happened. To them it is not a big deal, but it was a very stressful 2 weeks, my wife and I are on fraud watch now, every time we need to do something credit wise, we have to verify everything with Equifax.
I drive out of town for work and require a phone for emergency use. But I had to leave it with my wife because she is the emergency contact for my daughter when she goes to school. She would need to be contact if something happened to my daughter. I, on the other hand, luckily didn’t need to use my phone, but that is why I pay to have one. For peace of mind for both of us.
When I asked what happened to my account and how did my bank account get hacked into. Rogers pointed the finger at us and said we downloaded malware and or gave our phones out to someone who stole it. Our phones never left our side. We didn't download anything. I offered to bring my phone in and have it gone over by a Rogers’s employee and see if he could find anything. They said there was no point.
*** Edited Labels ***
Thank you for your patience and welcome to the Community Forums!
I will have @CommunityHelps contact you via private message as this is account related. Please check your messages via the envelope icon once you click on your avatar, which appears in the top right hand side of your screen when you are logged into the forums.
Hopefully @communityhelps can take a look and do something on the account end for you.
As for everything else.
Not knowing how/what rogers actually said.. it may have seemed like they were pointing fingers that its your fault..
IF it was just rogers end.. only rogers would have been effected.
That you have had issues with rogers, AND your bank..
It does seem like you have fallen into a form of IDENTITY THEFT and/or much of your information stolen.
I am one of the people in charge of IT security at my regular workplace.
Its something i have seen many times.. and usually it is something on the USERS side. (and usually MALWARE)
This is not saying that they are AT FAULT. They didnt necessarily purposly install something bad, etc.
Most of the time, it is something by accident. Many times its as simple as going to a completely legit website, which has a bad add inserted into the rotation, which forces a background install on your machine of Malware.
These things sit there and can litteraly track every keystroke.
Its VERY unlikely the breach is from the phone.
Just saying this, as major precuation.
I would refrain from doing ANYTHING else from that/those PCs for the time being.
Until they can properly be made sure that they are 100% clean.
The number of times i have seen people out there just fall right back into it. (i help with support on user forms for a few games, etc too). Someones game account get hacked! They blame the server got haked, it wasnt their machine. They change their password, all should be good, right? Nope.. since their machine is still infected, that CHANGE just got sent to the bad guys as well... and oh look in a few days their account is hacked again.
Yea, I understand there is lots of scams ongoing and very possible, however, I wanted to know what happened exactly. So my wife could avoid using the specific app or website. Rogers did say that the problem was malware, but they refused to examine the phone.
When I went to the bank for the fraudulent activity, they waved and credited me back with over $300 in nsf charges, they gave us all new account numbers, new debit cards. The whole works to avoid any possibility of it happening again.
I completely wiped and formatted every device and pc in my home, we changed most if not all passwords for banking.
The last thing left is the phones. We still have the same account number, same phone numbers, same SIM card. We are getting random text messaages from people we don't know, inappropriate messages.
As I said in the earlier, not happy with the lack of effort from Rogers. Countless phone calls ending nowhere for a very serious matter for my wife and I.
Unfortunately.. if the problem stems from any device.. even THEIR phones.. There is not much they can do.
They are not responsible for the content on them, etc.
That you have wiped the PCs, thats a great first step.
Again, I personally doubt its the phone.. but it IS possible.
Your best bet would be to back up any important data from it (address books, photos, etc).
And do a factory reset on the phone as well.
Beyond that... Yeah you have to deal with rogers for anything else.
Really, in the end.. its quite possibly hard to blame the specific rep.. IF the person who contacted them, had all of your information... then as far as they know, it WAS you calling in to make the changes 😞
Has @CommunityHelps contacted you yet on here? It will be via a private message. Your user icon in the top right my have a notification on it.. click on it, and would show one under the envelope icon then
Well I have found the loophole on how the scammers accessed my wifes bank account using her Rogers’s phone and why the SIM card was changed. I still don't know how my account was accessed and Rogers again failed to comment or explain. They still believe that we contacted a spoof agent and gave out our personal info.
In short version, the scammers, pretended to be me, verified the account, and changed the SIM card that gives him control over the phone. He then uses the SMS verification to change/update the banking password. The bank has a password retrieval process, and they send you a text message containing a 6 digit pin that you can use to change/update the password.
Here is the link to an identical story. http://www.theguardian.com/money/2015/sep/26/sim-swap-fraud-mobile-phone-vodafone-customer
So for everyone saying that the Rogers had nothing to do with it, there lack of protection and security gave the scammers everything they needed to access my wife’s bank account. I still can't believe to this moment the finger pointing and blame they put on us for downloading malware or clicking links to win free iPads...all BS. They had no idea what happened and failed to own up to they failed as a secure and competent service provider. Very lucky for them that my bank did everything possible to replace all lost funds and NSF charges.
The agent I talked to today told me again there was no point in changing my account number, SIM cards or phone numbers. They did offer me a replacement phone for my wife which a complete downgrade and I was still accountable for the device balance and new activation fee. No thanks!
I have had a Rogers account for over 13 years. I can't remember how many cell phones I have had with them. I don't understand why they wouldn't just give us peace of mind, and keep the respect and trust between provider and customer. Seriously, what is a couple new phones, new sims, new phone numbers (on new 2 year term) for a multi-million if not billion dollar company? One year left on contract, then I'm done, if not earlier.
A sim swap, as happened to you bypasses the two factor or multi factor authentication system that many companies use, not just banking. Obviously there needs to be a better system in place to prevent anyone from calling in to swap sim cards. As painful as it might be, maybe that swap should only be allowed in person at a Rogers location. I wonder if a note can be attached to a customers file indicating that a telephone swap is not allowed, and even if it were there, would a customer service agent notice it at the appropriate moment in time.
I also wonder if the records would show which exact phone used the new sim card, and if so, can that phone be tracked down to an individual. That might take some action by the police to request the records. Maybe someone who is an expert with IMEI (International Mobile Equipment Identity) numbers can chime in here. Is the IMEI number checked every time the phone is registered for service with a Rogers Cell tower. If so, is that number kept in a database? If that's the case, obviously since the phone is working, it hasn't been reported as stolen, which means that someone owns the phone. Find the phone, find the person on the other end of the phone. I would report this to the police and see where it leads.
Also consider reporting it to the Canadian Anti-Fraud Center:
Since the fraudulent activity happened, my account has PIN enabled to it. Now I just need to say my name and PIN and I can be verified. Simple and effective, however, someone contacted me through this forum, so that a representative could be contacted and then contact me to discuss this whole situation. They sent me an online form and I had to enter in my name, address, acount number, PIN.
Again, I know that stuff like this happens all the time, almost impossible to avoid if you use these advanced devices and tools. However, my post/rant was never about trying to get "freebies", I was provoked by Rogers approach to the situation. It was a very difficult time for us. Our bills were not paid, our grocery/gas money was gone, our phone that we use every day for peace of mind was gone. We had to call and borrow money from my wife's parents until we could get to the bank and fix everything and then wait for the money to be returned to us.
That's pretty much what I thought had happened after reading your post. I tried to reply yesterday but it didn't go through. There is definately a fault on behalf of the customer service rep who took the call from the 'scammer'. There are precautions in place to prevent SIM card fraud, where the person requesting the change has to verify information like two frequently called numbers, the IMEI on the device, average monthly bill, etc. Basically information that ONLY the account holder or an authorized contact would have. So it sounds to me like whoever handled the request didn't do any of that.