02-05-2021
09:26 AM
- last edited on
07-14-2021
10:22 AM
by
J_PM
*July 14, 2021 Update*
We are pleased to announce that as of July 14, 2021, SIM card changes have been re-enabled in My Account.
We temporarily disabled all online SIM swaps in March, to protect our customers from SIM swap fraud.
We have now implemented an additional step in the form of a 2 factor-authentication code to secure this process.This code can be sent via SMS or email, and must be verified to complete the SIM swap.
For more details, please see below.
All the information below can be found in this Help Article.
---------------------------------
*March 8, 2021 Update*
To protect our customers from SIM swap fraud, we have temporarily disabled all online SIM swaps through Self-serve. To change your SIM card, please submit a ticket here
Customer safety and security is our priority, and we are working on permanently securing the online SIM swap process. In the meantime, we recommend that you continue following the steps outlined below to protect against fraudulent activities.
-------------------------------
Hey Community,
We’ve noticed some cases of SIM swap fraud, and wanted to help our customers better understand what SIM swap fraud is, what to do if you’ve been targeted, and how to prevent it in the future.
All the information below can be found in this Help Article.
What is SIM swap fraud?
Efforts by fraudsters to gain unauthorized access to customer accounts with the goal of accessing banking information is on the rise. As part of our commitment to protect our customers’ personal information, we have robust security protocols in place that are designed to protect the privacy and security of our customers.
SIM swap fraud, or SIM jacking, is a type of fraud that occurs when fraudsters gain access to your Self Serve account, to replace your SIM card information with their own. After replacing your SIM card, all communications will be redirected to the fraudster’s device. They will then be able to intercept recovery SMS/calls, and gain access to your personal banking, ecommerce, email and social media accounts.
How does SIM swap fraud happen?
Fraudsters can obtain customer Self Serve account credentials through malware, phishing attempts or data breaches on websites where login credentials are the same as your Self Serve account.
What do I do if I’ve been targeted by SIM swap fraud?
If you have been targeted by SIM swap fraud, we recommend you take the following actions to secure your account:
How to protect against SIM swap fraud?
Given the increase the telecommunications industry has seen in fraudulent activity like SIM swaps and unauthorized porting, we recommend that Canadians take the following steps to protect themselves:
While Public Mobile is actively working on ways to help keep our customers safe, please make sure to stay vigilant, and be aware of any suspicious activity.
- The Public Mobile Team
04-05-2021 07:35 PM - edited 04-05-2021 07:36 PM
Already did all that and DMing with a mod.
@crustylady since you're a community expert here, how do I block annoying trolls with nothing better to do than to continuously annoy telco customers online?
04-05-2021 07:41 PM
It's 20 minutes past 4:20 do you feel better now?
04-05-2021 07:51 PM - edited 04-05-2021 07:52 PM
@Frank1 it's a cheap provider... what do you expect? it is what it is... I'm sure your issue is just the system maintenance public was doing today.
the best pm has done to secure our accounts is the removal of the change sim feature. and since then I haven't seen a post yet on sim swaps. I'm assuming mods know which accounts were data breached and are able to make better judgement calls.
I'm also wondering if they forced certain accounts to deactivate the password so that the perpetrator isn't able to log in to the account to see personal details and such. then the real account holder needs to contact mods to verify their details to have their password changed
It's 20 minutes past 4:20 do you feel better now?
i do 😑🤣
04-05-2021 07:53 PM
@?
Lol...nice tag!
04-05-2021 09:35 PM
04-06-2021 02:26 PM
Can you share a little bit more about what happened to your service yesterday? Were you SIM jacked?
Were the moderators able to fill you in on what occurred?
The community would like to know to learn from the experience.
Thank you!!!
04-10-2021 01:21 PM
@Frank1 wrote:I'll just get a google voice number.
...
No 2FA at all? Seriously? What a compete joke.
Google Voice is just layered onto another phone service - one which requires an active phone number, and (if mobile) an active SIM card. So how exactly is it supposed to prevent or recover from a SIM swap?
2FA through the phone number isn't a good idea when the phone number itself is the target of the crime. The 2FA would in fact make it harder for the legit owner (who has lost access to the phone number) to confirm identity while making it easier for the thief (who is using the stolen phone number) to spoof or change this identity.
Need constructive suggestions, not idealistic buzzwords. The whole basis of "2FA" security is to use a separate channel. You shouldn't secure your phone number with your phone number the same way you shouldn't use an anonymous mailing address which is the same as your real address.
04-10-2021 01:46 PM
Agree @Korth What was the intent of Frank1's initial question?
Lot's of critiques of Public Mobile's systems (which are FAR from perfect) but little feedback otherwise. Would be really helpful if he might simply share what had happened and what FIXED his issue.
Maybe what upset him so much didn't turn out to be the problem after all???
Oh well, easy come, easy go.... 🙄
04-10-2021 02:02 PM - edited 04-10-2021 02:04 PM
I can't answer for @Frank1 ... though it's obvious he's angry, I would be angry, too, any victim of this crime would be.
I was only commenting that "2FA" has become a buzzword people casually throw around the ultimate promise of security. It is a very useful security measure for some things. It is a completely ineffective (and counterproductive) security measure in this instance. Unless anyone can suggest a better way of implementing or integrating for this application?
Public Mobile's (Telus's) willingness and/or ability to protect our "privacy" and "security" are evidently inadequate. The reason nothing has been done is institutional, too much money is needed to change the momentum and trajectory of a fat dinosaur. Nothing being done will continue for as long as revenue losses from victimized/unhappy end-users are less than the expense needed to embed something more effective into existing systems.
It's a technical problem so it's impossible to explain it politicians or have them explain it to others. The CRTC will remain entirely unmotivated. Those of us who want protected privacy and security are better off taking care of things ourselves, not relying on ineffective providers, not ranting about how ineffective these providers really are.
04-10-2021 02:23 PM
@Korth wrote:
I can't answer for @Frank1 ... though it's obvious he's angry, I would be angry, too, any victim of this crime would be.
Sure, @Korth , if that turned out to be the cause of the 'anger'.
But who would know as that's yet to be relayed back??? All I know is harping on ineffective outside processes and limitations of a 3rd tier provider is one thing, but making sure one's own 'home' is secure is completely another.
Isn't SIM swapping/hacking usually the result of general carelessness with online presence in public forums or using weak or obvious security question answers? Does ones own personal security habits have any impact on ones likelihood of being targeted?
Just sayin..