cancel
Showing results for 
Search instead for 
Did you mean: 

SIM Swap Fraud

Catherine_T
Retraité / Retired
Retraité / Retired

*July 14, 2021 Update*

 

We are pleased to announce that as of July 14, 2021, SIM card changes have been re-enabled in My Account

 

We temporarily disabled all online SIM swaps in March, to protect our customers from SIM swap fraud.

 

We have now implemented an additional step in the form of a 2 factor-authentication code to secure this process.This code can be sent via SMS or email, and must be verified to complete the SIM swap.

 

For more details, please see below.

 

Jade_S_1-1626272487403.png

 

All the information below can be found in this Help Article. 

 

---------------------------------

 

*March 8, 2021 Update*

To protect our customers from SIM swap fraud, we have temporarily disabled all online SIM swaps through Self-serve. To change your SIM card, please submit a ticket here

 

Customer safety and security is our priority, and we are working on permanently securing the online SIM swap process. In the meantime, we recommend that you continue following the steps outlined below to protect against fraudulent activities.

 

-------------------------------

 

Hey Community,

 

We’ve noticed some cases of SIM swap fraud, and wanted to help our customers better understand what SIM swap fraud is, what to do if you’ve been targeted, and how to prevent it in the future. 

 

All the information below can be found in this Help Article. 

 

What is SIM swap fraud?

 

Efforts by fraudsters to gain unauthorized access to customer accounts with the goal of accessing banking information is on the rise. As part of our commitment to protect our customers’ personal information, we have robust security protocols in place that are designed to protect the privacy and security of our customers.

SIM swap fraud, or SIM jacking, is a type of fraud that occurs when fraudsters gain access to your Self Serve account, to replace your SIM card information with their own. After replacing your SIM card, all communications will be redirected to the fraudster’s device. They will then be able to intercept recovery SMS/calls, and gain access to your personal banking, ecommerce, email and social media accounts. 

 

How does SIM swap fraud happen? 

 

Fraudsters can obtain customer Self Serve account credentials through malware, phishing attempts or data breaches on websites where login credentials are the same as your Self Serve account. 

 

What do I do if I’ve been targeted by SIM swap fraud?

 

If you have been targeted by SIM swap fraud, we recommend you take the following actions to secure your account:

  • Change your Self-Serve account password and security question immediately to lock the fraudster out of your account

 

  • Put your phone into Lost/Stolen mode to suspend the fraudster’s service, to do this follow the below steps: 
    • Log in to you Self-Serve account
    • Go to Plans and Add-Ons, then select “lost/stolen phone”
    • Select “suspend service”

 

Catherine_T_1-1612535117310.png

 

 

  • Then, submit a ticket here - our Moderator team will be able to restore your original SIM card. 
  • We also recommend contacting your financial institutions to ensure your banking and credit card accounts have not been accessed, and checking your social media accounts for any suspicious activity. Make sure you change your passwords to these accounts immediately. 
  • You may also want to report the fraud to your local police and the Canadian Anti-Fraud Centre at 1-888-495-8501, as well as contact the two national credit bureaus to request a copy of your credit reports and place a fraud warning on your file (Equifax Canada Toll free:1-800-465-7166 and TransUnion Canada Toll free: 1-877-525-3823).

 

How to protect against SIM swap fraud? 

 

Given the increase the telecommunications industry has seen in fraudulent activity like SIM swaps and unauthorized porting, we recommend that Canadians take the following steps to protect themselves:

  1. Protect your information: limit the amount of personal information about you online; fraudsters can use this information to verify your identity when attempting to swap your SIM. Be careful to not click on phishing emails (and texts) that ask you to provide and/or validate private information. 
  2. Guard your phone number: don’t add your phone number to any online accounts where it is not necessary. The fewer accounts you have associated with your number, the lesser your risk.
  3. Use strong and unique passwords for each of your accounts: using the same password across multiple accounts is a hacker’s jackpot. When you use the same password across different accounts, remember that once they successfully hack one account, they’ve hacked them all.  We also recommend that you change your passwords, including your Self-Serve password regularly.
  4. Set up authentication methods that aren’t text based: often, online accounts will require you to set up two-factor-authentication (2FA) for added protection; with 2FA, you need to authenticate yourself with something in addition to your username and password, such as a code that is sent to your device by text. With SIM swap fraud on the rise, you may want to use something other than your phone number for 2FA like an authenticator app or security key.

 

While Public Mobile is actively working on ways to help keep our customers safe, please make sure to stay vigilant, and be aware of any suspicious activity. 

 

- The Public Mobile Team

 

197 REPLIES 197

Frank1
Good Citizen / Bon Citoyen

Already did all that and DMing with a mod.

 

@crustylady since you're a community expert here, how do I block annoying trolls with nothing better to do than to continuously annoy telco customers online? 

@Frank1 

It's 20 minutes past 4:20 do you feel better now?

@Frank1 it's a cheap provider... what do you expect? it is what it is... I'm sure your issue is just the system maintenance public was doing today. 

 

the best pm has done to secure our accounts is the removal of the change sim feature. and since then I haven't seen a post yet on sim swaps. I'm assuming mods know which accounts were data breached and are able to make better judgement calls.

 

I'm also wondering if they forced certain accounts to deactivate the password so that the perpetrator isn't able to log in to the account to see personal details and such. then the real account holder needs to contact mods to verify their details to have their password changed

 

@darlicious 

It's 20 minutes past 4:20 do you feel better now?

 

i do 😑🤣

@?

Lol...nice tag!

crustylady
Great Citizen / Super Citoyen

@Frank1 

 

It's easy. 

 

 

 

 

Spudster
Deputy Mayor / Adjoint au Maire

@Frank1 

 

Can you share a little bit more about what happened to your service yesterday?  Were you SIM jacked?

 

Were the moderators able to fill you in on what occurred?

 

The community would like to know to learn from the experience.

 

Thank you!!!


@Frank1 wrote:

I'll just get a google voice number.

...

No 2FA at all? Seriously? What a compete joke. 


Google Voice is just layered onto another phone service - one which requires an active phone number, and (if mobile) an active SIM card. So how exactly is it supposed to prevent or recover from a SIM swap?

 

2FA through the phone number isn't a good idea when the phone number itself is the target of the crime. The 2FA would in fact make it harder for the legit owner (who has lost access to the phone number) to confirm identity while making it easier for the thief (who is using the stolen phone number) to spoof or change this identity.

 

Need constructive suggestions, not idealistic buzzwords. The whole basis of "2FA" security is to use a separate channel. You shouldn't secure your phone number with your phone number the same way you shouldn't use an anonymous mailing address which is the same as your real address.

crustylady
Great Citizen / Super Citoyen

Agree @Korth    What was the intent of Frank1's initial question?

 

Lot's of critiques of Public Mobile's systems (which are FAR from perfect) but little feedback otherwise.  Would be really helpful if he might simply share what had happened and what FIXED his issue.

 

Maybe what upset him so much didn't turn out to be the problem after all???

 

Oh well, easy come, easy go....  🙄

@crustylady 

 

I can't answer for @Frank1 ... though it's obvious he's angry, I would be angry, too, any victim of this crime would be.

 

I was only commenting that "2FA" has become a buzzword people casually throw around the ultimate promise of security. It is a very useful security measure for some things. It is a completely ineffective (and counterproductive) security measure in this instance. Unless anyone can suggest a better way of implementing or integrating for this application?

 

Public Mobile's (Telus's) willingness and/or ability to protect our "privacy" and "security" are evidently inadequate. The reason nothing has been done is institutional, too much money is needed to change the momentum and trajectory of a fat dinosaur. Nothing being done will continue for as long as revenue losses from victimized/unhappy end-users are less than the expense needed to embed something more effective into existing systems.

 

It's a technical problem so it's impossible to explain it politicians or have them explain it to others. The CRTC will remain entirely unmotivated. Those of us who want protected privacy and security are better off taking care of things ourselves, not relying on ineffective providers, not ranting about how ineffective these providers really are.

crustylady
Great Citizen / Super Citoyen

@Korth wrote:

@crustylady 

 

I can't answer for @Frank1 ... though it's obvious he's angry, I would be angry, too, any victim of this crime would be.


 Sure, @Korth , if that turned out to be the cause of the 'anger'.   

 

But who would know as that's yet to be relayed back???  All I know is harping on ineffective outside processes and limitations of a 3rd tier provider is one thing, but making sure one's own 'home' is secure is completely another.   

 

Isn't SIM swapping/hacking usually the result of general carelessness with online presence in public forums or using weak or obvious security question answers?   Does ones own personal security habits have any impact on ones likelihood of being targeted?

 

Just sayin..