topic Re: SECURITY BREACH? in Get Support

SECURITY BREACH?

Mrbox — Wed, 05 Jan 2022 21:45:14 GMT

Okay so I am very concerned. While getting help for my own SIM-Jacking, I am seeing many other people having the same issue. What is going on!!! My wife is also a part of Public Mobile and now we are concerned and thinking of changing providers.

We don't want to do this but it is very concerning to see so many people getting SIM-Jacked!

Anyone know whats going on?!?

Re: SECURITY BREACH?

BearFBI — Thu, 07 Jan 2021 00:27:58 GMT

I have no idea whats going on.

Re: SECURITY BREACH?

BearFBI — Thu, 07 Jan 2021 00:38:13 GMT

Something's not right. On one of the PM accounts I manage had a text saying that someone wanted to send me these pictures to you. The someone that was mentioned was actually the name of a contact on the phone. Could it just be a coincidence ? Thats what i said and I shrugged it of and said its nothing just delete it. She thought she was getting hacked.

Well now that I'm logged onto the forum I'm hearing people having their accounts stolen. What if there actually is a security breach ?

Re: SECURITY BREACH?

softech — Thu, 07 Jan 2021 00:36:36 GMT

i was wondering if SIMjack is a common issue with PM, too.. Or maybe just I am following Community now more and see more people talks about it. Either way, I think that mean PM should do more to fight against SimJack.. like more steps to change SIM..more verification questions or so.

Re: SECURITY BREACH?

Mrbox — Thu, 07 Jan 2021 00:38:06 GMT

Yea that's what I am worried about. Like I caught it before any really bad happened but they did manage to get into my PayPal and order from Ebay. I am out $12 but could have been worse. They tired authorizing transactions for a total around $900. Like not cool. I am worried it is only a matter of time and my wife's phone will be hi-jacked.

When I first lost service my wife tried to call me and someone picked up and hung up and now that is on my usage summary on my account and it says they picked up in Quebec. The eBay order is also supposed to be shipped to Quebec. I am wondering if it is all the same person getting our SIMs

Re: SECURITY BREACH?

popping — Thu, 07 Jan 2021 00:42:04 GMT

@Mrbox wrote:
Okay so I am very concerned. While getting help for my own SIM-Jacking, I am seeing many other people having the same issue. What is going on!!! My wife is also a part of Public Mobile and now we are concerned and thinking of changing providers.

We don't want to do this but it is very concerning to see so many people getting SIM-Jacked!

Anyone know whats going on?!?

Someone must be have access your password to your PM account.

Did you using the same password for more than 1 online accounts?

When a scammer get hold of your password on one of your account, they will try to login to as many online accounts and hoping to gain access to one or more online account which is useful for them.

Re: SECURITY BREACH?

softech — Thu, 07 Jan 2021 00:43:39 GMT

wonder if anyone who have sim-jacked ever try to report to Police.. Of course. a single case is nothing to the Police (.. they are only hire to catch big fish.. lol).. but if enough cases opened, maybe it will push them to do something too..

Re: SECURITY BREACH?

popping — Thu, 07 Jan 2021 00:48:44 GMT

@Mrbox wrote:
Yea that's what I am worried about. Like I caught it before any really bad happened but they did manage to get into my PayPal and order from Ebay. I am out $12 but could have been worse. They tired authorizing transactions for a total around $900. Like not cool. I am worried it is only a matter of time and my wife's phone will be hi-jacked.

When I first lost service my wife tried to call me and someone picked up and hung up and now that is on my usage summary on my account and it says they picked up in Quebec. The eBay order is also supposed to be shipped to Quebec. I am wondering if it is all the same person getting our SIMs

You are using the password for more than 1 online account.

Start by changing your password for all your online accounts. Do not reuse password over and over on all all your online accounts. There are lots of scammers on the Internet.

Re: SECURITY BREACH?

Jb456 — Thu, 07 Jan 2021 00:51:28 GMT

@Mrbox

Part comes down to people being careless on the internet with their personal information. The other part comes down to some other website having a data breach and people using the same password for every single thing they sign up for.

Put your email in on this link. See how many times it's been involved in a data breach or bin paste.

https://haveibeenpwned.com/

People have to remember these scammers are professionals and it's their 24/7 job. Hack n make money simple as that!.

It's rather simple to take someone's username Google with quotes and try to find similarities on other same usernames for other sites if it's the same person. Chances are (people that use specific usernames definately use the same on other sites) then you just start digging and digging. Before you know it you have the person Facebook info, email and physical address. The list goes on and on. Then even the security answer to "Forgot passwords" need to be very strong. Even different then what the real answer is would be best.

"What is my mother's maiden name?". Ok well this person has a wide open Facebook. Start digging through his pictures, likes and posts. Eventually you'll find something about the mother and their name. Voila I just hacked into your email. Now I'm in your email. Just continue to request forgot passwords from all kinds of sites and get into those as well.

It's pretty much endless if people don't take the first step in protecting themselves.

Even in the Lounge on these forums I find people post to much personal stuff that opens up an opportunity for scammers.

Then personal pictures ain't good. You could reverse image search and see if the same image comes up somewhere else then start digging.

I've had my same original Hotmail email address since like 1998 and I get under 10 spam messages a month. I'm sure not many can say the same regarding spam emails. It's all about what and how you do things online.

I hope this message gives some type of understanding how easy it is for scammers to get your info and do a simjack.

Won't go into Keyloggers and stuff as that would be a whole other category.

Just stop the personal info online, different strong passwords for every site and be more cautious should help protecting you

Re: SECURITY BREACH?

popping — Thu, 07 Jan 2021 00:52:42 GMT

@softech wrote:
wonder if anyone who have sim-jacked ever try to report to Police.. Of course. a single case is nothing to the Police (.. they are only hire to catch big fish.. lol).. but if enough cases opened, maybe it will push them to do something too..

I think that we have to protect ourselves by not using the same password for more than one online accounts. Otherwise, if a scammer gets hold of your password from one online account, all your other online accounts are at risk.

Re: SECURITY BREACH?

will13am — Thu, 07 Jan 2021 00:56:04 GMT

I have been with this service for over 4 years. It is only recently I have seen cases of SIM jacking. But then again, this is a new phenomena all over. I have been trying to make sense of the incidents reported in the community. There have been some case where the affected party have had their number used to reset passwords in other accounts, etc. In many of the reports, nothing bad happened. In all reported case, customer continue to be able to login to their self serve account and confirm the SIM card change. I cannot make sense of why someone SIM jacking an account would stop at just doing the SIM swap and not change the self serve account password and take over the entire account. What thief would not secure their crime scene?

Re: SECURITY BREACH?

mimmo — Thu, 07 Jan 2021 00:56:14 GMT

PM is aware of the various sim jacking threads

Is it a system issue?

Is it a user issue ie using same email pass on multiple places?

Socially engineering mods to change sims ( doubt it)

If you are absolutely concerned change your login email to an email alias ie name+123@gmail.com. Ensure you have a unique password and change your account name (add a spending error)

My biggest question on reading various threads is that hackers are lazy ie the manage to change the sim card number but not the account password.

Re: SECURITY BREACH?

mimmo — Thu, 07 Jan 2021 00:59:43 GMT

@popping or anyone else apart from using a password manager do you have any tips for creating unique passwords for every site that requires a password.? I must have over 100 sites that require passwords and it's impossible to remember a unique password for each.

Re: SECURITY BREACH?

will13am — Thu, 07 Jan 2021 01:14:07 GMT

@Mrbox wrote:
Yea that's what I am worried about. Like I caught it before any really bad happened but they did manage to get into my PayPal and order from Ebay. I am out $12 but could have been worse. They tired authorizing transactions for a total around $900. Like not cool. I am worried it is only a matter of time and my wife's phone will be hi-jacked.

When I first lost service my wife tried to call me and someone picked up and hung up and now that is on my usage summary on my account and it says they picked up in Quebec. The eBay order is also supposed to be shipped to Quebec. I am wondering if it is all the same person getting our SIMs

@Mrbox , I highly recommend that you report this to the moderator team and have them trace that call. The system should have information on exact location in Quebec and the IMEI of the device that picked up the call. If this is the clean IMEI (not modified/spoofed), there is a trail leading right to the perpetrator's front door. These guys could be using burner phones which lead to nowhere.

Re: SECURITY BREACH?

Jb456 — Thu, 07 Jan 2021 01:08:29 GMT

@will13am the scammers are not concerned about your PM account that is why they don't change the password.

They are professionals. All they want is quick money not spend time changing passwords for a PM account.

They are smart as well. Most do it at the were hours of the night when chances are the culprit ain't online, ain't using their phone and are sleeping.

Change the sim and first go after the easy given untraceable money maker accounts. PayPal n Bitcoin. Boom under a minute those balances are gone. Then move onto the next. Banking info / credit cards.

Some are average and just go after the easy Paypal. Other more seasoned vets that have all their things in place do the PayPal/ Bitcoin then move on to charging things on a credit card and either getting stuff shipped to a untraceable Po box or for things they can sell online quick and easy. Like Netflix accounts.

It really is a billion dollar industry and these people are pros. In and out of the account in under 10 minutes. It would take people longer on these forums to figure out what is going on with there phone service before even figuring out they have been sim jacked.

Re: SECURITY BREACH?

popping — Thu, 07 Jan 2021 01:11:11 GMT

For free personal password manager is lastpass. You can sync your password across OS platforms and browsers.

https://www.pcmag.com/reviews/lastpass

Re: SECURITY BREACH?

Luddite — Thu, 07 Jan 2021 01:11:53 GMT

@mimmo wrote:
@popping or anyone else apart from using a password manager do you have any tips for creating unique passwords for every site that requires a password.? I must have over 100 sites that require passwords and it's impossible to remember a unique password for each.

Password manager: https://www.lastpass.com/ ; I use it in standalone mode

"Secure" passwords; lastpass will create them but prefer inventing my own and evaluate them here: https://www.bennish.net/password-strength-checker/

Re: SECURITY BREACH?

will13am — Thu, 07 Jan 2021 01:12:20 GMT

@Jb456 wrote:
@will13am the scammers are not concerned about your PM account that is why they don't change the password.

They are professionals. All they want is quick money not spend time changing passwords for a PM account.

They are smart as well. Most do it at the were hours of the night when chances are the culprit ain't online, ain't using their phone and are sleeping.

Change the sim and first go after the easy given untraceable money maker accounts. PayPal n Bitcoin. Boom under a minute those balances are gone. Then move onto the next. Banking info / credit cards.

Some are average and just go after the easy Paypal. Other more seasoned vets that have all their things in place do the PayPal/ Bitcoin then move on to charging things on a credit card and either getting stuff shipped to a untraceable Po box or for things they can sell online quick and easy. Like Netflix accounts.

It really is a billion dollar industry and these people are pros. In and out of the account in under 10 minutes. It would take people longer on these forums to figure out what is going on with there phone service before even figuring out they have been sim jacked.

I know that thieves want to do quick hit and runs. Changing password is like wiping a few fingerprints before leaving the crime scene. Maybe I am coming up with these useless theories because I don't have criminal mind.

Re: SECURITY BREACH?

Jb456 — Thu, 07 Jan 2021 01:27:46 GMT

And just an FYI to all on these actual forums. I want to apologize first off by tagging this user @mimmo . Mimmo or shall I say Dom. Please don't take offense I mean nothing by it. When I informed you months ago via private message that you had personal information showing if you recall. You really need to lock down your stuff. In two minutes I had your personal Facebook account, wife's as well as much more personal information. You really need to secure your social media accounts and set it to private. So only people on your list can see your photos and everything else. Just saying!

Also don't remember if it was you or another Oracle. But whoever Oracle you are that posted a parking ticket with your physical address on Facebook. You probably should lock down your stuff to.

Everyone that is not cautious about their digital footprint probably should take some time off of these forums and use Google to see what to do to protect yourself!

Now ain't that a mind F...🤣

Re: SECURITY BREACH?

Jb456 — Thu, 07 Jan 2021 01:24:32 GMT

@will13am sorry no criminal mindset here. I actually work in the online gambling industry handling millions of dollars a day. We use the same tactics that these scammers use to catch fraudsters trying to say who they are when they are not. Wouldn't want to send a wire transfer of 100k to the wrong person lol. So very well versed in this type of scenario.