Port Validation Security Measures

Need Help?

That's what we're here for! The goal of the Rogers Community is to help you find answers on everything Rogers. Can't find what you're looking for? Just ask!
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
I've Been Here Awhile
Posts: 2

Re: Port Validation Security Measures

I got the exact same message this morning. I thought to ignore it initially but it was from the same Rogers 456 area code number I received 6 years ago telling me to activate my  voicemail.

A google search brought up screen capture in French from the Rogers page and an online message board  whocallysyou.com where likely the actual scammers are telling people the Rogers number is fake and a phishing expedition of its own.

 

I did call the 18773278503  20 minutes later after getting the text and was able to get a port block done before my number got hijacked. I went into the Winnipeg Polo Park Rogers Store to confirm the details of my call.

 

Oops looks like my initial post before I logged in did get posted

I've Been Here Awhile
Posts: 2

Re: Port Validation Security Measures

I thought it was phishing expedition too as an initial Google search brings u to a whocallsyou.com where it looks like the actual scammers are sewing FUD and confusion by telling  people the 18773278503 is a fake number because folks are losing their service during the call. It also brings up a the French language page for this actual issue. It was only when I looked at the actual number (456) 789-12 that sent it did I realize I had a text message from Rogers with instructions to set up my voicemail from 6! years ago. 

 

Long story short I called and was able to a port block done and went into the Winnipeg Rogers Polo Park store where the details of my call were brought up on screen. I was lucky as I called within 30 minutes of getting the text. Hopefully Im OK but am changing passwords on all my online banking just to be safe. Ditto on the security procedures. I had to fumble to find my Drivers licence but the guy was fine with my Y membership LOL.

I've Been Here Awhile
Posts: 4

Re: Port Validation Security Measures

Don't try to give your customers a false sense of security about notification text. I am a victim last week only finding out this week as I was out of country and after looking at my account history in a Rogers store THERE WAS NO ROGERS CONFIRMATION TEXT OR EMAIL SENT only note on account was number was ported to a numbered company  - please explain how only one number in a Share Plan and only being 6 months into a 2 year contract with iPhone and being an 18 year customer - this doesn't raise some sort of alarm? Does Rogers intend to cover my PayPal loss or how about Credit Monitoring or Identity Theft Protection. Don't try to pin this on the consumer you have known about this issue since at least last summer! HOW DID THESE FRAUDSTERS GET TO OUR PAYPAL ACCOUNTS What does phone settings-payments-paypal on the phone have to do with it seems too coincidental that we are seeing losses through our PayPal accounts is there somewhere that info is saved associated with the phone number that we are not aware? There are some serious questions here that need answering.

I've Been Around
Posts: 1

Re: Port Validation Security Measures

Hi Tony,

 

Actually I disagree with you, Rogers doesn't have any security measures to prevent that!!! Talking from a recent real case that happened on Feb 11, 2020 and with evidence.

For instance, my phone number was hijacked 3 days ago on Feb 11, 2020. And, I have been dealing with Rogers to get my number back, fixing technical problems, enabling block number porting which should be enabled by default, not if the customer asks for it. For instance, I didn’t know about this option until this happened to me. Even I have been talking to many people and no one knows that this option already exists. Until today, Rogers still have issues to fix my contract and billing. On top of that I have been dealing with the police to report the incident, dealing with my credit card financial institutions to flag the unauthorized transactions as fraud, blocks the credit cards and request new ones. The scammer managed to reset the password of my Paypal account by requesting a security key code to be sent through SMS to the hijacked phone number. He did a transaction of $715 that went through and thanks God I reacted quickly and I managed to block another transaction of $3,400. Also, it was a nightmare to go through all my accounts (banks, credit card financial institutions, investments, insurances, emails, etc.) to remove my phone number.  It's was 3 stressful days to deal with all of this hassle to the point I’ve got depression.

At the beginning, Rogers denied that they didn't do any verification of the account before transferring the number as you said. And they are trying to hide and deny that their security measures are so weak which make scammers easy to breach their system by a simple phone number porting (check this similar victim case from CTV news but with $30,000 stolen from her chequing account. She is sewing Rogers for that: https://bc.ctvnews.ca/beware-of-thieves-hijacking-your-phone-number-to-hack-into-your-accounts-1.414... ).

When, I escalated my case to higher management even I have asked to escalate to the office of the VP, then Rogers confirmed that the number was ported to Bell and they keep blaming Bell for not doing their due diligence to go through all the verification procedures before requesting to transfer my number. So, bell, just sent a request to Rogers to transfer my number without account number and without account name, they JUST sent transfer this phone number!!! And Rogers did the transfer. Actually, I don't care about Bell or any other service provider how they verify new customer Ids and if they own the account before requesting the transfer. As a Rogers’ customer, I’m expecting that Rogers protect my account and verify all the information before proceeding with the transfer (account name, account number, address, birthday etc.). Also, they need to send me an email for verification or request a call from me to authorize the transfer. Not just acting quickly and transfer the number because Bell ask for it!!!

What a shame, we are in 2020 and scammer still taking advantage of this stupid security hole for many years now!!! and until now you cannot prevent it.

I'm Here A Lot
Posts: 5

Re: Port Validation Security Measures

I’m starting to think this is an inside job! I had my number for 20 years. I switch to Rogers and a year later this happens??? Seems WAY to coincidental.
I've Been Here Awhile
Posts: 4

Re: Port Validation Security Measures

Also had that queasy feeling and most fraudulent addresses and charges are in the Montreal area. One of mine was a food delivery service in Montreal but PayPal is considering it a legitimate charge as the order was tied to my phone number on file. Surprise!!

I've Been Here Awhile
Posts: 3

Re: Port Validation Security Measures

I also think that it’s inside job. Because not only someone gets mobile # ported but they also know what is matching email address to that phone #. Rogers has that information and if there was data breach at Rogers. They will have all that information to port and try the email at PayPal. And if the email works at PayPal, they can rest the password with two step verification.
I am Rogers customer from last 21 years... very disappointed with the response.
I am also a shareholder so even worst feeling.
If you research online, you will notice that it’s only happening to Rogers customers, so that’s another proof that it’s inside job.
I Plan to Stick Around
Posts: 8

Re: Port Validation Security Measures

There is definitely a connection with Montreal - they appear to be operating at least partially in the Montreal Area as a number of their fraudulent purchases were shipped there.

 

The scam appears to be targeting paypal using their 2 factor authentication to reset the password and make purchases.


Summary:

1) Doesn't appear to be an inside job, just sloppy security. The time with Rogers is not a factor, as it has impacted both new and old customers.
2) At least part of the operation is in Montreal
3) Rogers has not really acted with authorities to resolve or escalate the issue.
4) This attack is taking advantage of a lack of verification in the number porting workflow.

Rogers Current Corrective Actions:
1) Customers that fall victim are typically offered a Number Port Block to prevent further recurrence.
2) No financial Recourse is offered.
3) They provide 3 day turn around to port the number BACK to the account holder.

Suggested Corrective Actions:
1) Verify the address AND account number on a number port request.
2) Call the account holder and verify the phone number port 

I don't really think the suggestions will be followed until the class action law suit goes thru. The pressure is building - and losses are mounting


Resident Expert
Resident Expert
Posts: 6,438

Re: Port Validation Security Measures

Maybe everyone who is affected by this scam should:

 

1.  submit a complaint to the CRTC, commenting specifically on how easy it appears to be to port out a number from Rogers, away from the legitimate user of the phone numbers in question.  It appears to be beyond time to change the rules and introduce strict rules governing the porting out procedure, with strict penalties imposed on companies which fail to follow stricter rules.  High penalty costs should gain the attention of the corporate executives;

 

2.  submit a complaint/report to the RCMP.  Surely there must be some office or individual in the RCMP interested in what appears to be inter-provincial criminal activity;

 

3.  Complain to the Federal MP.  The corporate head office address is 333 Bloor St East, Toronto, which appears to be in the University - Rosedale riding.  The Member of Parliament for that riding is the Hon. Chrystia Freeland, Deputy Prime Minister and Minister of Intergovernmental Affairs.  The Constituency Office  (Main office - Toronto) is located at:


344 Bloor Street West
Suite 510
Toronto, Ontario
M5S 3A7

 

Telephone: 416-928-1451
Fax: 416-928-2377

 

email:  Chrystia.Freeland@parl.gc.ca

 

I would think that being on the receiving end of a continuing series of complaints regarding a company headquartered in her riding would get her attention at some point in time.  One can only hope.



I've Been Here Awhile
Posts: 4

Re: Port Validation Security Measures

A quick question to my fellow victims: Have you recently dealt with a travel agency or web site or used Air Canada reservations to book a trip prior to this happening?