Hey Community,
We’ve noticed some cases of SIM swap fraud, and wanted to help our customers better understand what SIM swap fraud is, what to do if you’ve been targeted, and how to prevent it in the future.
All the information below can be found in this Help Article.
What is SIM swap fraud?
Efforts by fraudsters to gain unauthorized access to customer accounts with the goal of accessing banking information is on the rise. As part of our commitment to protect our customers’ personal information, we have robust security protocols in place that are designed to protect the privacy and security of our customers.
SIM swap fraud, or SIM jacking, is a type of fraud that occurs when fraudsters gain access to your Self Serve account, to replace your SIM card information with their own. After replacing your SIM card, all communications will be redirected to the fraudster’s device. They will then be able to intercept recovery SMS/calls, and gain access to your personal banking, ecommerce, email and social media accounts.
How does SIM swap fraud happen?
Fraudsters can obtain customer Self Serve account credentials through malware, phishing attempts or data breaches on websites where login credentials are the same as your Self Serve account.
How do I know if I’ve been targeted by a SIM swap fraud?
You may have been a target of SIM swap fraud if you have suddenly lost service for no apparent reason. If this is the case, please follow the below steps to confirm your SIM card information has not changed.
1. Log in to your Self Serve account
2. Select “Change SIM card” from the main page
3. Confirm that the last four digits of the SIM card in Self Serve match the one in your device. If the digits do not match, you may have been targeted by a SIM swap fraud.
What do I do if I’ve been targeted by SIM swap fraud?
If you have been targeted by SIM swap fraud, we recommend you take the following actions to secure your account:
How to protect against SIM swap fraud?
Given the increase the telecommunications industry has seen in fraudulent activity like SIM swaps and unauthorized porting, we recommend that Canadians take the following steps to protect themselves:
While Public Mobile is actively working on ways to help keep our customers safe, please make sure to stay vigilant, and be aware of any suspicious activity.
- The Public Mobile Team
Finally, it posted the official post about the SIM Swap.
Thank you MOD.
Have a wonderful day
Thanks for acknowledging this. It's important to remember that customers need to take responsibility for the secuirty of their own accounts.
I think a serious issue that needs to be address is how the private messaging screen and the post a new message screen look almost identical. I do not know if that would be your department or @David_J who would look into that, but I even find myself that I sometimes have to take another look if I'm sending a message privately or if I'm posting in the message forum.
@kaytus wrote:Finally, it posted the official post about the SIM Swap.
Thank you MOD.
Have a wonderful day
Catherine_T isn't moderator. She is in the marketing department and is the Commmunity manager.
It is good to know that PM is aware of it but customers have to be vigilant about their own personal information and online security.
@Catherine_T wrote:Fraudsters can obtain customer Self Serve account credentials through malware, phishing attempts or data breaches on websites where login credentials are the same as your Self Serve account.
@Catherine_TIf they are gaining our self-serve account access by knowing our password, why wouldn't they change the password first so we can't lock them out?
Seems like a fail on their part, till they smarten up.
What do we do when they start changing our password / account information before sim swap and we can't even prove the account is ours to reset our password?
@Catherine_T : How about some actual news. How about a real announcement of how you actually care about your customers and have implemented a PIN at the point of Change SIM?
This whole rambling thing is old news and doesn't do or say anything useful. We all already know this and have been saying all of this time and again as these frauds have mounted in numbers.
If you cared, you would have implemented the porting confirmation on your own rather than waiting for the CRTC to mandate it. If you cared you would implement a PIN required at the point of an account using the Change SIM function on your own rather than waiting for the CRTC to mandate it (if they do).
Just do it. If you care. Otherwise, it's all useless fluff to put up appearances.
Hey Community,
How to protect against SIM swap fraud?
Given the increase the telecommunications industry has seen in fraudulent activity like SIM swaps and unauthorized porting, we recommend that Canadians take the following steps to protect themselves:
4-Set up authentication methods that aren’t text based: often, online accounts will require you to set up two-factor-authentication (2FA) for added protection; with 2FA, you need to authenticate yourself with something in addition to your username and password, such as a code that is sent to your device by text. With SIM swap fraud on the rise, you may want to use something other than your phone number for 2FA like an authenticator app or security key.
This point alone about not using your cell number as a 2FA method I feel is one of the main points people should take from this very good post. If you are a victim of SIM-Swap, the "I forgot my password" reset info on any number of websites, would be sent to the fraudsters device and not yours.
What would be really nice is if PM offered 2FA using an Authenticator app for its own SelfServe Accounts.
Thanks for this good explanation. Hopefully it will help some.
@z10user4 I fully agree with your statement. All mentioned in original post is something that we (who visit forum often) know on how to protect ourselves, but what PM is doing to protect us. If you ask me, SiM swapping should not even be a feature on site, or if it is there then it should be protected separately from login password. I'd prefer to be asked to go to store and change it there if I have to and I don't see need to do this often if ever. Phone number is 'critical' part of our identity and wanted or not, we have to use it for many things.
@daki28 : I like doing as much as possible myself with my account. I don't like going cap in hand to beg and plead and wait for some moderator to get around to my request. It's now quite silly that we have to ask moderators for a Telus/Koodo port. Come on, we're all in the same company. If anything, it should be the other way around. Or to change the email on the account. etc.