SIM Swap Fraud

Catherine_T · ‎02-05-2021

*July 14, 2021 Update*

We are pleased to announce that as of July 14, 2021, SIM card changes have been re-enabled in My Account.

We temporarily disabled all online SIM swaps in March, to protect our customers from SIM swap fraud.

We have now implemented an additional step in the form of a 2 factor-authentication code to secure this process.This code can be sent via SMS or email, and must be verified to complete the SIM swap.

For more details, please see below.

All the information below can be found in this Help Article.

---------------------------------

*March 8, 2021 Update*

To protect our customers from SIM swap fraud, we have temporarily disabled all online SIM swaps through Self-serve. To change your SIM card, please submit a ticket here

Customer safety and security is our priority, and we are working on permanently securing the online SIM swap process. In the meantime, we recommend that you continue following the steps outlined below to protect against fraudulent activities.

-------------------------------

Hey Community,

We’ve noticed some cases of SIM swap fraud, and wanted to help our customers better understand what SIM swap fraud is, what to do if you’ve been targeted, and how to prevent it in the future.

All the information below can be found in this Help Article.

What is SIM swap fraud?

Efforts by fraudsters to gain unauthorized access to customer accounts with the goal of accessing banking information is on the rise. As part of our commitment to protect our customers’ personal information, we have robust security protocols in place that are designed to protect the privacy and security of our customers.

SIM swap fraud, or SIM jacking, is a type of fraud that occurs when fraudsters gain access to your Self Serve account, to replace your SIM card information with their own. After replacing your SIM card, all communications will be redirected to the fraudster’s device. They will then be able to intercept recovery SMS/calls, and gain access to your personal banking, ecommerce, email and social media accounts.

How does SIM swap fraud happen?

Fraudsters can obtain customer Self Serve account credentials through malware, phishing attempts or data breaches on websites where login credentials are the same as your Self Serve account.

What do I do if I’ve been targeted by SIM swap fraud?

If you have been targeted by SIM swap fraud, we recommend you take the following actions to secure your account:

Change your Self-Serve account password and security question immediately to lock the fraudster out of your account

Put your phone into Lost/Stolen mode to suspend the fraudster’s service, to do this follow the below steps:

Log in to you Self-Serve account
Go to Plans and Add-Ons, then select “lost/stolen phone”
Select “suspend service”

Then, submit a ticket here - our Moderator team will be able to restore your original SIM card.
We also recommend contacting your financial institutions to ensure your banking and credit card accounts have not been accessed, and checking your social media accounts for any suspicious activity. Make sure you change your passwords to these accounts immediately.
You may also want to report the fraud to your local police and the Canadian Anti-Fraud Centre at 1-888-495-8501, as well as contact the two national credit bureaus to request a copy of your credit reports and place a fraud warning on your file (Equifax Canada Toll free:1-800-465-7166 and TransUnion Canada Toll free: 1-877-525-3823).

How to protect against SIM swap fraud?

Given the increase the telecommunications industry has seen in fraudulent activity like SIM swaps and unauthorized porting, we recommend that Canadians take the following steps to protect themselves:

Protect your information: limit the amount of personal information about you online; fraudsters can use this information to verify your identity when attempting to swap your SIM. Be careful to not click on phishing emails (and texts) that ask you to provide and/or validate private information.
Guard your phone number: don’t add your phone number to any online accounts where it is not necessary. The fewer accounts you have associated with your number, the lesser your risk.
Use strong and unique passwords for each of your accounts: using the same password across multiple accounts is a hacker’s jackpot. When you use the same password across different accounts, remember that once they successfully hack one account, they’ve hacked them all. We also recommend that you change your passwords, including your Self-Serve password regularly.
Set up authentication methods that aren’t text based: often, online accounts will require you to set up two-factor-authentication (2FA) for added protection; with 2FA, you need to authenticate yourself with something in addition to your username and password, such as a code that is sent to your device by text. With SIM swap fraud on the rise, you may want to use something other than your phone number for 2FA like an authenticator app or security key.

While Public Mobile is actively working on ways to help keep our customers safe, please make sure to stay vigilant, and be aware of any suspicious activity.

- The Public Mobile Team

kaytus · ‎02-05-2021

Finally, it posted the official post about the SIM Swap.

Thank you MOD.

Have a wonderful day

computergeek541 · ‎02-05-2021

Thanks for acknowledging this. It's important to remember that customers need to take responsibility for the secuirty of their own accounts.

@Catherine_T

I think a serious issue that needs to be address is how the private messaging screen and the post a new message screen look almost identical. I do not know if that would be your department or @David_J who would look into that, but I even find myself that I sometimes have to take another look if I'm sending a message privately or if I'm posting in the message forum.

computergeek541 · ‎02-05-2021

@kaytus wrote:
Finally, it posted the official post about the SIM Swap.

Thank you MOD.

Have a wonderful day

Catherine_T isn't moderator. She is in the marketing department and is the Commmunity manager.

Triguy · ‎02-05-2021

It is good to know that PM is aware of it but customers have to be vigilant about their own personal information and online security.

RobertQc · ‎02-05-2021

@Catherine_T wrote:
Fraudsters can obtain customer Self Serve account credentials through malware, phishing attempts or data breaches on websites where login credentials are the same as your Self Serve account.

@Catherine_TIf they are gaining our self-serve account access by knowing our password, why wouldn't they change the password first so we can't lock them out?

Seems like a fail on their part, till they smarten up.

What do we do when they start changing our password / account information before sim swap and we can't even prove the account is ours to reset our password?

z10user4 · ‎02-05-2021

@Catherine_T : How about some actual news. How about a real announcement of how you actually care about your customers and have implemented a PIN at the point of Change SIM?

This whole rambling thing is old news and doesn't do or say anything useful. We all already know this and have been saying all of this time and again as these frauds have mounted in numbers.

If you cared, you would have implemented the porting confirmation on your own rather than waiting for the CRTC to mandate it. If you cared you would implement a PIN required at the point of an account using the Change SIM function on your own rather than waiting for the CRTC to mandate it (if they do).

Just do it. If you care. Otherwise, it's all useless fluff to put up appearances.

smp99 · ‎02-05-2021

Hey Community,

How to protect against SIM swap fraud?

Given the increase the telecommunications industry has seen in fraudulent activity like SIM swaps and unauthorized porting, we recommend that Canadians take the following steps to protect themselves:

4-Set up authentication methods that aren’t text based: often, online accounts will require you to set up two-factor-authentication (2FA) for added protection; with 2FA, you need to authenticate yourself with something in addition to your username and password, such as a code that is sent to your device by text. With SIM swap fraud on the rise, you may want to use something other than your phone number for 2FA like an authenticator app or security key.

This point alone about not using your cell number as a 2FA method I feel is one of the main points people should take from this very good post. If you are a victim of SIM-Swap, the "I forgot my password" reset info on any number of websites, would be sent to the fraudsters device and not yours.

What would be really nice is if PM offered 2FA using an Authenticator app for its own SelfServe Accounts.

Thanks for this good explanation. Hopefully it will help some.

daki28 · ‎02-05-2021

@z10user4 I fully agree with your statement. All mentioned in original post is something that we (who visit forum often) know on how to protect ourselves, but what PM is doing to protect us. If you ask me, SiM swapping should not even be a feature on site, or if it is there then it should be protected separately from login password. I'd prefer to be asked to go to store and change it there if I have to and I don't see need to do this often if ever. Phone number is 'critical' part of our identity and wanted or not, we have to use it for many things.

z10user4 · ‎02-05-2021

@daki28 : I like doing as much as possible myself with my account. I don't like going cap in hand to beg and plead and wait for some moderator to get around to my request. It's now quite silly that we have to ask moderators for a Telus/Koodo port. Come on, we're all in the same company. If anything, it should be the other way around. Or to change the email on the account. etc.

SIM Swap Fraud

Re: SIM Swap Fraud

Re: SIM Swap Fraud

Re: SIM Swap Fraud

Re: SIM Swap Fraud

Re: SIM Swap Fraud

Re: SIM Swap Fraud

Re: SIM Swap Fraud

Re: SIM Swap Fraud

Re: SIM Swap Fraud