02-05-2021 09:26 AM - last edited on 07-14-2021 10:22 AM by J_PM
*July 14, 2021 Update*
We are pleased to announce that as of July 14, 2021, SIM card changes have been re-enabled in My Account.
We temporarily disabled all online SIM swaps in March, to protect our customers from SIM swap fraud.
We have now implemented an additional step in the form of a 2 factor-authentication code to secure this process.This code can be sent via SMS or email, and must be verified to complete the SIM swap.
For more details, please see below.
All the information below can be found in this Help Article.
---------------------------------
*March 8, 2021 Update*
To protect our customers from SIM swap fraud, we have temporarily disabled all online SIM swaps through Self-serve. To change your SIM card, please submit a ticket here
Customer safety and security is our priority, and we are working on permanently securing the online SIM swap process. In the meantime, we recommend that you continue following the steps outlined below to protect against fraudulent activities.
-------------------------------
Hey Community,
We’ve noticed some cases of SIM swap fraud, and wanted to help our customers better understand what SIM swap fraud is, what to do if you’ve been targeted, and how to prevent it in the future.
All the information below can be found in this Help Article.
What is SIM swap fraud?
Efforts by fraudsters to gain unauthorized access to customer accounts with the goal of accessing banking information is on the rise. As part of our commitment to protect our customers’ personal information, we have robust security protocols in place that are designed to protect the privacy and security of our customers.
SIM swap fraud, or SIM jacking, is a type of fraud that occurs when fraudsters gain access to your Self Serve account, to replace your SIM card information with their own. After replacing your SIM card, all communications will be redirected to the fraudster’s device. They will then be able to intercept recovery SMS/calls, and gain access to your personal banking, ecommerce, email and social media accounts.
How does SIM swap fraud happen?
Fraudsters can obtain customer Self Serve account credentials through malware, phishing attempts or data breaches on websites where login credentials are the same as your Self Serve account.
What do I do if I’ve been targeted by SIM swap fraud?
If you have been targeted by SIM swap fraud, we recommend you take the following actions to secure your account:
How to protect against SIM swap fraud?
Given the increase the telecommunications industry has seen in fraudulent activity like SIM swaps and unauthorized porting, we recommend that Canadians take the following steps to protect themselves:
While Public Mobile is actively working on ways to help keep our customers safe, please make sure to stay vigilant, and be aware of any suspicious activity.
- The Public Mobile Team
06-23-2021 12:55 AM
@lemonkitkat wrote:I cancelled my public mobile service one month ago and ported my Number to Fido, without issue. This evening at about 10pm I received an email from PM:
Let’s get
your number
transferred.Hi _______,
We’re so happy to have you with Public Mobile. All that’s left for you
to do is transfer your number <***>***-**** over.
There’s a 2-factor authentication process involved, so you’ll just need
to respond to an authentication SMS sent by your previous provider.
I have not asked for a number transfer. I have not received a text asking for a number transfer. I am and have been unable to log I to my PM account since I did the port to Fido, as the log in service does not recognize my email so I cannot verify other aspects of my account. What is happening here? Am I experiencing sim swap fraud?
This isn't a case of SIM card swap fraud as you're no longer a Public Mobile customer. Your Fido number can't be transfered without your authorization. Simply ignore the message.
06-23-2021 12:34 AM
I cancelled my public mobile service one month ago and ported my Number to Fido, without issue. This evening at about 10pm I received an email from PM:
Let’s get
your number
transferred.
Hi _______,
We’re so happy to have you with Public Mobile. All that’s left for you
to do is transfer your number <***>***-**** over.
There’s a 2-factor authentication process involved, so you’ll just need
to respond to an authentication SMS sent by your previous provider.
I have not asked for a number transfer. I have not received a text asking for a number transfer. I am and have been unable to log I to my PM account since I did the port to Fido, as the log in service does not recognize my email so I cannot verify other aspects of my account. What is happening here? Am I experiencing sim swap fraud?
06-15-2021 10:30 AM
@Pawprints1986 wrote:@hTideGnow I hate that so many companies are forcing it... You can't even make an Instagram account now without it. I tried giving it a fake number from one of those receive text free sites, but it didn't work and now that email is banned. It's not a bank account, it's social media. Its getting ridiculous...
Especially if it makes swaps like this all the more easier
Can we once and for all make it so you have to act if you *want* the swap, or phone number port to happen legitimately? As of now doing nothing means you want the switch. So if someone's asleep, at work, etc they'll have no idea in time and then these things will happen more... Even if we have to call the main telus line. It's a hassle but less a hassle than having to possibly replace all ID and every single account/card/password...
Did you try a Fongo number. It’s free and does receive texts. But have to pay to send. It works for confirmations perfectly.
06-15-2021 06:38 AM
Very informative, thanks
06-05-2021 12:42 AM
@Junaidnur not sure what the problem you have.. did you meant the SIM you got from your area are all fake or being "tampered"? If you are worry, I guess you can order directly from PM, but it might be a lengthy delivery.
06-05-2021 12:34 AM - edited 06-05-2021 12:34 AM
@hTideGnow I hate that so many companies are forcing it... You can't even make an Instagram account now without it. I tried giving it a fake number from one of those receive text free sites, but it didn't work and now that email is banned. It's not a bank account, it's social media. Its getting ridiculous...
Especially if it makes swaps like this all the more easier
Can we once and for all make it so you have to act if you *want* the swap, or phone number port to happen legitimately? As of now doing nothing means you want the switch. So if someone's asleep, at work, etc they'll have no idea in time and then these things will happen more... Even if we have to call the main telus line. It's a hassle but less a hassle than having to possibly replace all ID and every single account/card/password...
06-04-2021 08:14 PM
@Junaidnur : Why do you think you're in a SIM card swap hack situation? The option to change SIM in the self-serve is gone. How would this happen? What symptoms are you having that leads you to this conclusion?
06-04-2021 08:06 PM - edited 06-04-2021 08:06 PM
I'm not quite sure the problem you are having....pm does not support esims and an esim is imbedded in an esim enabled phone. Do you need a reliable retailer to purchase a pm sim card?
06-04-2021 08:02 PM
06-04-2021 12:12 PM
Yes, I read something before saying using phone as the 2FA is not safe. That's why they are targeting SIM swap these days.
06-04-2021 12:11 PM
It would be advisable to set up 7 year fraud alerts with equifax and transunion. This ensures that you are called whenever credit is applied for in your name and is refused unless you approve that you have applied for the credit.
06-04-2021 11:38 AM
Hope all turns out right in the end.
Thanks for updating us and sharing your experience.
06-04-2021 09:18 AM
I realize it happened within 12 hours probably. It happened some time overnight and I noticed the swap and email issues in the morning, though I wasn't sure what was going on at first. And the purchase they made was throughout the night when they had access to my phone number.
The person changed my email password and set up 2-Factor Authentication, so there's absolutely nothing Microsoft can do to get me my email back. It was an account I had for 15+ years, so there was a lot of info in there.
I'm waiting to hear back from the RCMP to submit a police report for fraud, then I can send it to PayBright's fraud department. Hopefully it will be resolved quickly!
06-04-2021 08:54 AM
@kraeb sorry for that you have gone though
So, how long you found out the issue and reported to PM after the SIM was swapped? And how long after you found out you lost the email access?
So you never able to get back the email ?
Since you have proof that you have SIM fraud and lost email access, i hope it's an easy investigation and they can clear you soon.
06-04-2021 08:43 AM
A heads up to anyone else who may have had their SIM swapped...
It happened to me 3 months ago, I got my phone back and changed all my passwords. Before I knew it happened, they were able to hack my email and I cannot access it, nor can Microsoft do anything.
But yesterday I found out that they were able to get financing from PayBright for $7500 and make a huge purchase...so now I have a loan that isn't mine that PayBright is looking for payment on.
Keep an eye on your banking records and run any credit reports you can! Credit Karma and Equifax are free.
05-13-2021 04:08 AM
I would definitely like to see an easier way of regaining access to my phone. It took me all day how to figure it out. I am an elderly person and computer illiterate. It was so simple before and now? For that reason, I would not recommend PM. to my friends. I have been with PM for a few years and have never had a glitch, this one was a big one and i am not happy. I am thankful that the moderator Eddy finally came to my rescue. Thank you Eddie
05-11-2021 09:03 PM
It seems to me this discussion is basically just emphasizing how backwards and limited this Lithium/Khoros forum software really is. It introduces security vulnerabilities (and other problems) instead of removing them.
05-11-2021 09:00 PM
It would also be nice if people couldn't have the user name mod, PM, etc to prevent people from accidentally sending a private message with all their info to another user.
05-09-2021 12:23 PM
I'm curious if this was a phase/fad, if there was 'breach' of some sort, or some other factor that triggered an increase in SIM swap fraud. Similarly, I'm curious if this feature will be reintroduced back in the (near) future.
I don't see SIM swap requests being a popular feature that people use, but is always nice to have self-serve options. Obviously, I'd rather be safe than sorry, and the Moderator team has been very responsive with all my questions, so this is probably as good as it gets! 🙂
05-09-2021 10:33 AM
@Shutdown i guess it is hard to balance convinence with security.
Honestly since they removed the SIM change option from the interface, I think we see less posts about users unable to use the phone and found out Simjacked in the end.
05-09-2021 10:25 AM
They should just email a verification code to the person who wants to change sim.
05-05-2021 05:27 AM
Thanks for the info I didn't know this type of scam even existed!
04-22-2021 07:24 PM
Yikes! Thanks for this.
04-18-2021 03:46 AM
04-10-2021 03:46 PM - edited 04-10-2021 03:57 PM
@crustylady wrote:Isn't SIM swapping/hacking usually the result of general carelessness with online presence in public forums or using weak or obvious security question answers?
Usually. Too many people spew their personal information all over social media and all over the place online, registering it at every website they visit, submitting it to every popup which asks. And use the same weak lazy easily-guessed passwords everywhere. Most people don't bother to anonymize their web activities at all, trusting that incognito mode or a VPN will do everything for them, but it turns out that evil criminal hackers datamine from all the same little cookies and crumbs that the "legit" advertisers and trackers append to every website you visit. Did you ever login to Self-Serve on your computer? If so, then your account number and SIM ID number and phone number were all cached away somewhere in your browser junk. And if you didn't use your own computer then you're already compromised, who knows what sort of malware or loggers or sloppiness run on that machine?
But just as often, people are savvy and conscious enough to avoid such stuff. But if you've had a number long enough, if you know enough people, then sooner or later somebody else you trusted with that information will share it with somebody else you don't trust, whether they know it or not (because, again, most people don't bother to protect themselves online). This isn't your fault, this isn't the provider's fault, but if the provider provides some better security protocols then maybe some before-it's-too-late warning or damage control can be implemented.
Criminals are known to compromise employees, procure (purchase) the information they want from the source. I don't know if Telus or Public Mobile has been subjected to these sorts of security breaches, how much damaged might have been caused (or might still be caused) as a result. A violated customer could rightfully demand the provider corrects or prevents this sort of problem, but is otherwise powerless to defend against it.
04-10-2021 02:56 PM
@crustylady : Yes we often see people come in here all hair on fire ranting all over the place when it turns out that it was something they did or didn't know they were supposed to do or just not understanding that that's how the place works. They come and go.
04-10-2021 02:44 PM
@Anonymous wrote:@crustylady : When we used to be able to change the SIM...yes. But regardless of security now....we can't. So if SIM swaps are still happening, that would mean there's another back door into the system that hackers are exploiting. But I haven't seen reports of people coming back here declaring that the mods said they were sim-swapped. And maybe they won't because that would be admitting that there is a huge security hole in the system.
Thanks @Anonymous
That's what I'm thinkin - but there's nothing stopping customers from coming back and reporting this finding online. Sure, you'd never see Public Mobile staff say so publicly as that would be admitting there's still some fault somewhere...
Poor Frank1 might have been hacked, or maybe just let the account expire or an auto-pay failure. The way he went on about how crappy this and that is, you'd think if he HAD been SIM-hacked, he's gladly share that with the Community.
Perhaps it was much ado about nothing.
04-10-2021 02:34 PM
@crustylady : When we used to be able to change the SIM...yes. But regardless of security now....we can't. So if SIM swaps are still happening, that would mean there's another back door into the system that hackers are exploiting. But I haven't seen reports of people coming back here declaring that the mods said they were sim-swapped. And maybe they won't because that would be admitting that there is a huge security hole in the system.
04-10-2021 02:23 PM
@Korth wrote:
I can't answer for @Frank1 ... though it's obvious he's angry, I would be angry, too, any victim of this crime would be.
Sure, @Korth , if that turned out to be the cause of the 'anger'.
But who would know as that's yet to be relayed back??? All I know is harping on ineffective outside processes and limitations of a 3rd tier provider is one thing, but making sure one's own 'home' is secure is completely another.
Isn't SIM swapping/hacking usually the result of general carelessness with online presence in public forums or using weak or obvious security question answers? Does ones own personal security habits have any impact on ones likelihood of being targeted?
Just sayin..
04-10-2021 02:02 PM - edited 04-10-2021 02:04 PM
I can't answer for @Frank1 ... though it's obvious he's angry, I would be angry, too, any victim of this crime would be.
I was only commenting that "2FA" has become a buzzword people casually throw around the ultimate promise of security. It is a very useful security measure for some things. It is a completely ineffective (and counterproductive) security measure in this instance. Unless anyone can suggest a better way of implementing or integrating for this application?
Public Mobile's (Telus's) willingness and/or ability to protect our "privacy" and "security" are evidently inadequate. The reason nothing has been done is institutional, too much money is needed to change the momentum and trajectory of a fat dinosaur. Nothing being done will continue for as long as revenue losses from victimized/unhappy end-users are less than the expense needed to embed something more effective into existing systems.
It's a technical problem so it's impossible to explain it politicians or have them explain it to others. The CRTC will remain entirely unmotivated. Those of us who want protected privacy and security are better off taking care of things ourselves, not relying on ineffective providers, not ranting about how ineffective these providers really are.