cancel
Showing results for 
Search instead for 
Did you mean: 

SIM Scamming

intcountzero
I plan to stick around

Other than 2-FA, is there something else we can do to protect ourselves from SIM scams? 2-FA is actually how hackers end up breaching accounts through the help of customer service. There doesn't see to be the ability to use authenticator apps like Google and Microsoft. Is this coming? Or is that just about all we can do at this stage?

 

 

**Labels updated**

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

Re: SIM Scamming

intcountzero
I plan to stick around

Again - it doesn't matter what emails you have/use with the account. That's not how SIM scams work. This all gets's by-passed when the hacker speaks to customer service. It sounds like many folks here still need to understand the basics of this attack. This video might help - https://youtu.be/xRdLyLZVgYg?si=Mt3twIx-YGJGHLif

 

Customer service is the weak point. Jack Dorsey, founder of Twitter, with all his billions, was hacked in 2019 using this method, simply because someone called customer service with some of his basic personal info and convinced them of switching to a new phone. They rest was history.

 

One item above mentioned by @RogersMaude  was a good one, and one I knew was in place but didn't clue into why this was in place...

 

"We’ve introduced a process, developed with other wireless providers, designed to stop fraudsters who try to make unauthorized ports. When another carrier is contacted to transfer a Rogers phone number to them, Rogers sends their customer a validation text message. They will need to keep their phone turned on to receive it and must confirm the request by texting YES. If they don’t respond within 90 minutes, the transfer will not take place."

 

This is an important and key feature that helps. If the user tries to convince customer service that the phone was lost, they will be forced to create a new number because they cannot confirm ownership of the old phone. THIS IS A GOOD FEATURE and one I hope Rogers keeps in place and enforces. They are the front lines for this attack.

 

Thanks @RogersMaude for the explanation of the features Rogers are using.

 

View solution in original post

9 REPLIES 9

Re: SIM Scamming

Pauly
Resident Expert
Resident Expert

put an extra layer of password on your mobile cell phone account like a pin number or secret word that only you know

Re: SIM Scamming

intcountzero
I plan to stick around

Thanks for the suggestion, however this means nothing against sim scams. If the hacker convinces customer service to switch service to a new phone, whatever security you have on your personal phone or sim card are useless and bypassed.

Rogers should extend changes to their service to provide ways that customer service will make no changes without compliance. An example would be a service side passphrase that if forgotten or wrong, would require creation of a new account, but keep the current account open. That's just an idea and I don't have all the answers, but SIM scams are the biggest vulnerability today that hasn't been addressed. We will be looking at millions lost globally unless we do.

Re: SIM Scamming

Good day @intcountzero.

 

Thanks for your post! I understand your concerns with the types of potential frauds where scammers target your personal information to impersonate you and access banking and other accounts linked to your phone. They issue requests to transfer your phone number to a different wireless service provider or request a SIM swap, so they can gain access to your phone number.

 

@Pauly's advice above is great! Feel free to request to have your account PIN protected. That way, when you call in, we'll ask you to confirm it, instead of your date of birth and postal code. It could help give you peace of mind.

 

We’ve introduced a process, developed with other wireless providers, designed to stop fraudsters who try to make unauthorized ports. When another carrier is contacted to transfer a Rogers phone number to them, Rogers sends their customer a validation text message. They will need to keep their phone turned on to receive it and must confirm the request by texting YES. If they don’t respond within 90 minutes, the transfer will not take place.

 

How to protect yourself?

  • Don’t publish your phone number on your social media profiles and limit the amount of personal information you post online (i.e. birthday, elementary school names, or your pet’s name). 
  • Don’t use the same passwords or usernames across multiple accounts. Always create a strong, unique password for your sensitive accounts and change the password often. 
  • Don’t respond to requests for personal information such as your bank account number, even if they say they are from a company’s customer service, help desk or corporate security department. Reputable organizations will never call or email and ask you for sensitive information.
  • Be wary of urgent messages, slightly altered websites or email addresses, and emails with spelling and grammatical errors.

Hope this helps!

 

RogersMaude

Re: SIM Scamming

Pauly
Resident Expert
Resident Expert

intcountzero,

 

I must be doing something right because I have never fell victim to SIM Swap or number porting scams.

Ever since cellphone's have seen an increase in targeting attacks, I have did my part to protect my account instead of waiting for the cell company to up the security measures

 

This includes:

 

1. Having a DIFFERENT personal email address registered to your wireless account than the personal email you use on a day to day bases, trust me, it may seem pointless but it can save you a huge headache down the road.

 

2. Using a different mailing/billing address on your cell phone bill that is still tied to you but not your current address.  You can use your parents address as your mailing or service address, even though its your parents house they're your family so you're allowed to do that and can check your mail if they send you something.

You can even use the address of a cottage you own or if you own a property for a business you can use that address too.

 

Use a different or alternate version of your legal name that only the government knows, so if all your friends call you Alex, but your legal name is Alexander, or if your friends call you John but your legal name is Gurpreet, then make sure to put that on your account.

 

You can ask to put a secret pin on your account, I had a secret pin on my wireless account since the early 2000's.  

 

 

if you safeguard yourself, you should not have to worry,  for someone to get into your account means too much of your personal information is out there.

Re: SIM Scamming

intcountzero
I plan to stick around

Again - it doesn't matter what emails you have/use with the account. That's not how SIM scams work. This all gets's by-passed when the hacker speaks to customer service. It sounds like many folks here still need to understand the basics of this attack. This video might help - https://youtu.be/xRdLyLZVgYg?si=Mt3twIx-YGJGHLif

 

Customer service is the weak point. Jack Dorsey, founder of Twitter, with all his billions, was hacked in 2019 using this method, simply because someone called customer service with some of his basic personal info and convinced them of switching to a new phone. They rest was history.

 

One item above mentioned by @RogersMaude  was a good one, and one I knew was in place but didn't clue into why this was in place...

 

"We’ve introduced a process, developed with other wireless providers, designed to stop fraudsters who try to make unauthorized ports. When another carrier is contacted to transfer a Rogers phone number to them, Rogers sends their customer a validation text message. They will need to keep their phone turned on to receive it and must confirm the request by texting YES. If they don’t respond within 90 minutes, the transfer will not take place."

 

This is an important and key feature that helps. If the user tries to convince customer service that the phone was lost, they will be forced to create a new number because they cannot confirm ownership of the old phone. THIS IS A GOOD FEATURE and one I hope Rogers keeps in place and enforces. They are the front lines for this attack.

 

Thanks @RogersMaude for the explanation of the features Rogers are using.

 

Re: SIM Scamming

Pauly
Resident Expert
Resident Expert

intcountzero, I beg to differ,  for someone to GET ACCESS to your account, they NEED to know your personal information which you have on file, if your personal information on file DIFFERENT than what the hacker is providing, then good luck, they will have a VERY HARD time to Gain access to your account.   So in essence, MY SUGGESTION is a GOOD ONE, more protection is better, do not discount that, and do not down play my advice.

 

Secondly, to swap a sim, don't they need to send a Confirmation SMS to your current sim card?     Explain to me how they will get past this?  To do this they need to be able to not just READ what is on the screen of your phone, but send an acknowledgement message.

 

I believe porting out also has the same confirmation message?   so if your account information is secure and no body knows it, then it will make it VERY HARD even if they DO steal your phone.  How does that sound? It sounds GREAT!

 

Re: SIM Scamming

intcountzero
I plan to stick around
Here is a great example as to why this is the biggest threat we have in tech today. 1500 accounts across Canada, and that was only what was reported.

https://www.cbc.ca/news/canada/toronto/project-disrupt-sim-swap-arrests-1.7282288


Again, 2FA can’t help you here. It’s bypassed. Even adding a pin your pin won’t help. It’s bypassed when a new sim is used on your account. Everyone needs to understand what this is and how it works.

Re: SIM Scamming

LordDrakkon
I'm an advisor

Global also has a video on the topic here in Toronto.  
https://www.youtube.com/watch?v=jJWr6iCU8hU

It's nice to see the media pointing out the dangers of 2FA and password managers.  A good old fashioned password that everyone you don't know can randomly guess goes a long way when you take the time to be suspicious of everything and checking it before clicking those links, the information people ask for over the phone, and not allowing your voice to be used for verification.  

Re: SIM Scamming

Pauly
Resident Expert
Resident Expert

Let me repeat myself.  I have been a long time customer of Rogers wireless. even before when they used to have a different name,  aka cantel.   I have been told that there have been several unsuccessful attempts at people trying to access my cellular and residential rogers accounts in the past.  The key word? unsuccessful. 

 

Even if someone DID get my personal information from a hack or data breach, and tried to use it to gain access to my rogers account? they would not get very far.  I use a different email address and billing address on a lot of my accounts and do not give out this information,  so when someone did obtain some data of mine from a data breach and tried to use it to gain access to my rogers account, they were ultimately denied, why? because protecting your account is the responsibility of the individual user.  You can also ask Rogers and other carriers to enable Sim Swap and Port Protection if you do not already have it on your line.

 

This means if someone eventually did get my information and called in or visited a store and tried to swap a sim card on my account, I would get a confirmation text message on myphone, and would see the attempt, and would just ignore it   Same with Porting out, you would get a conformation, and by not replying to it ,the request will not complete.

 

Education is the key factor. also make sure if you use online banking and other financial accounts, do not use your personal email, use a different email, trust me, i was victim of data breach so they could not get into my bank accounts because the email address of mine that was compromised from a data breach was NOT listed on my online banking profile. 

Topic Stats
  • 9 replies
  • 2855 views
  • 4 Likes
  • 4 in conversation