cancel
Showing results for 
Search instead for 
Did you mean: 

SIM Scamming

intcountzero
I plan to stick around

Other than 2-FA, is there something else we can do to protect ourselves from SIM scams? 2-FA is actually how hackers end up breaching accounts through the help of customer service. There doesn't see to be the ability to use authenticator apps like Google and Microsoft. Is this coming? Or is that just about all we can do at this stage?

 

 

**Labels updated**

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

Re: SIM Scamming

intcountzero
I plan to stick around

Again - it doesn't matter what emails you have/use with the account. That's not how SIM scams work. This all gets's by-passed when the hacker speaks to customer service. It sounds like many folks here still need to understand the basics of this attack. This video might help - https://youtu.be/xRdLyLZVgYg?si=Mt3twIx-YGJGHLif

 

Customer service is the weak point. Jack Dorsey, founder of Twitter, with all his billions, was hacked in 2019 using this method, simply because someone called customer service with some of his basic personal info and convinced them of switching to a new phone. They rest was history.

 

One item above mentioned by @RogersMaude  was a good one, and one I knew was in place but didn't clue into why this was in place...

 

"We’ve introduced a process, developed with other wireless providers, designed to stop fraudsters who try to make unauthorized ports. When another carrier is contacted to transfer a Rogers phone number to them, Rogers sends their customer a validation text message. They will need to keep their phone turned on to receive it and must confirm the request by texting YES. If they don’t respond within 90 minutes, the transfer will not take place."

 

This is an important and key feature that helps. If the user tries to convince customer service that the phone was lost, they will be forced to create a new number because they cannot confirm ownership of the old phone. THIS IS A GOOD FEATURE and one I hope Rogers keeps in place and enforces. They are the front lines for this attack.

 

Thanks @RogersMaude for the explanation of the features Rogers are using.

 

View solution in original post

6 REPLIES 6

Re: SIM Scamming

Pauly
Resident Expert
Resident Expert

put an extra layer of password on your mobile cell phone account like a pin number or secret word that only you know

Re: SIM Scamming

intcountzero
I plan to stick around

Thanks for the suggestion, however this means nothing against sim scams. If the hacker convinces customer service to switch service to a new phone, whatever security you have on your personal phone or sim card are useless and bypassed.

Rogers should extend changes to their service to provide ways that customer service will make no changes without compliance. An example would be a service side passphrase that if forgotten or wrong, would require creation of a new account, but keep the current account open. That's just an idea and I don't have all the answers, but SIM scams are the biggest vulnerability today that hasn't been addressed. We will be looking at millions lost globally unless we do.

Re: SIM Scamming

Good day @intcountzero.

 

Thanks for your post! I understand your concerns with the types of potential frauds where scammers target your personal information to impersonate you and access banking and other accounts linked to your phone. They issue requests to transfer your phone number to a different wireless service provider or request a SIM swap, so they can gain access to your phone number.

 

@Pauly's advice above is great! Feel free to request to have your account PIN protected. That way, when you call in, we'll ask you to confirm it, instead of your date of birth and postal code. It could help give you peace of mind.

 

We’ve introduced a process, developed with other wireless providers, designed to stop fraudsters who try to make unauthorized ports. When another carrier is contacted to transfer a Rogers phone number to them, Rogers sends their customer a validation text message. They will need to keep their phone turned on to receive it and must confirm the request by texting YES. If they don’t respond within 90 minutes, the transfer will not take place.

 

How to protect yourself?

  • Don’t publish your phone number on your social media profiles and limit the amount of personal information you post online (i.e. birthday, elementary school names, or your pet’s name). 
  • Don’t use the same passwords or usernames across multiple accounts. Always create a strong, unique password for your sensitive accounts and change the password often. 
  • Don’t respond to requests for personal information such as your bank account number, even if they say they are from a company’s customer service, help desk or corporate security department. Reputable organizations will never call or email and ask you for sensitive information.
  • Be wary of urgent messages, slightly altered websites or email addresses, and emails with spelling and grammatical errors.

Hope this helps!

 

RogersMaude

Re: SIM Scamming

Pauly
Resident Expert
Resident Expert

intcountzero,

 

I must be doing something right because I have never fell victim to SIM Swap or number porting scams.

Ever since cellphone's have seen an increase in targeting attacks, I have did my part to protect my account instead of waiting for the cell company to up the security measures

 

This includes:

 

1. Having a DIFFERENT personal email address registered to your wireless account than the personal email you use on a day to day bases, trust me, it may seem pointless but it can save you a huge headache down the road.

 

2. Using a different mailing/billing address on your cell phone bill that is still tied to you but not your current address.  You can use your parents address as your mailing or service address, even though its your parents house they're your family so you're allowed to do that and can check your mail if they send you something.

You can even use the address of a cottage you own or if you own a property for a business you can use that address too.

 

Use a different or alternate version of your legal name that only the government knows, so if all your friends call you Alex, but your legal name is Alexander, or if your friends call you John but your legal name is Gurpreet, then make sure to put that on your account.

 

You can ask to put a secret pin on your account, I had a secret pin on my wireless account since the early 2000's.  

 

 

if you safeguard yourself, you should not have to worry,  for someone to get into your account means too much of your personal information is out there.

Re: SIM Scamming

intcountzero
I plan to stick around

Again - it doesn't matter what emails you have/use with the account. That's not how SIM scams work. This all gets's by-passed when the hacker speaks to customer service. It sounds like many folks here still need to understand the basics of this attack. This video might help - https://youtu.be/xRdLyLZVgYg?si=Mt3twIx-YGJGHLif

 

Customer service is the weak point. Jack Dorsey, founder of Twitter, with all his billions, was hacked in 2019 using this method, simply because someone called customer service with some of his basic personal info and convinced them of switching to a new phone. They rest was history.

 

One item above mentioned by @RogersMaude  was a good one, and one I knew was in place but didn't clue into why this was in place...

 

"We’ve introduced a process, developed with other wireless providers, designed to stop fraudsters who try to make unauthorized ports. When another carrier is contacted to transfer a Rogers phone number to them, Rogers sends their customer a validation text message. They will need to keep their phone turned on to receive it and must confirm the request by texting YES. If they don’t respond within 90 minutes, the transfer will not take place."

 

This is an important and key feature that helps. If the user tries to convince customer service that the phone was lost, they will be forced to create a new number because they cannot confirm ownership of the old phone. THIS IS A GOOD FEATURE and one I hope Rogers keeps in place and enforces. They are the front lines for this attack.

 

Thanks @RogersMaude for the explanation of the features Rogers are using.

 

Re: SIM Scamming

Pauly
Resident Expert
Resident Expert

intcountzero, I beg to differ,  for someone to GET ACCESS to your account, they NEED to know your personal information which you have on file, if your personal information on file DIFFERENT than what the hacker is providing, then good luck, they will have a VERY HARD time to Gain access to your account.   So in essence, MY SUGGESTION is a GOOD ONE, more protection is better, do not discount that, and do not down play my advice.

 

Secondly, to swap a sim, don't they need to send a Confirmation SMS to your current sim card?     Explain to me how they will get past this?  To do this they need to be able to not just READ what is on the screen of your phone, but send an acknowledgement message.

 

I believe porting out also has the same confirmation message?   so if your account information is secure and no body knows it, then it will make it VERY HARD even if they DO steal your phone.  How does that sound? It sounds GREAT!

 

Topic Stats
  • 6 replies
  • 574 views
  • 1 Like
  • 3 in conversation