cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
kb_mv
Mayor / Maire

Re: SIM Swap Fraud

@will13am @z10user4 We already have the PIN associated with our account, so they wouldn't be starting from scratch on implementing this.

z10user4
Mayor / Maire

Re: SIM Swap Fraud


@kb_mv wrote:

@will13am @z10user4 We already have the PIN associated with our account, so they wouldn't be starting from scratch on implementing this.


It's all easy if they would do things. This place moves at glacial speed though. Or they'll only do something if told to. It was the same with the porting SMS. So now that problem seems to have stopped only because now the SIM-jack is being done. One more step up the chain.

Indeed, why the perp doesn't change the account and all while doing their misdeed does make me wonder about any of the thoughts in the post by NDesai in the lounge. Are these perps doing this some other way.

kb_mv
Mayor / Maire

Re: SIM Swap Fraud


@z10user4 wrote:

 

Indeed, why the perp doesn't change the account and all while doing their misdeed does make me wonder about any of the thoughts in the post by NDesai in the lounge. Are these perps doing this some other way.

@z10user4 Only PM can tell us what method is used to get in to the affected accounts. Unfortunately one recent victim of this was told nothing about how it occurred. I asked them what they were told by PM and it was essentially sorry this happened.

 

The sale of online account info on the dark web is rampant. I read a blog by Brian Krebs, lots of interesting stuff there. I appropriated this pic to show how one compromised email can cause a lot of trouble.

 

HE-1.jpg

will13am
Oracle

Re: SIM Swap Fraud


@HALIMACS wrote:

@kb_mv wrote:

@z10user4 wrote:

 @kb_mv : I was rightly corrected on that idea that well what about a lost or stolen phone? There's no receiving an SMS then. So I retreated back to the idea of the PIN required when changing the SIM.


@z10user4 I had not considered that. PIN it is....


It is absolutely up to PM to do everything reasonably possible to stop SIM swapping from happening at source.  I'm not fully convinced they are.  It is THEIR systems (and/or Mod's - hope not???) which are allowing an unauthorized user to make significant and impactful changes to their REAL customer's accounts.

 

It is equally important for ALL users to do the same diligence - and some have no clue (even after extensive coaching) how to mitigate against themselves from being a target. 

 

This message from PM is a small start in that it at least recognizes that PM considers this to be worthy of air-time on the Community.   But what about all those users who could care less to read or follow Community postings?   Indeed, it seems most SIM hack victims result in users creating a Community account after the hack to plead for help.

 

@z10user4  , with a PIN option, if the hacker sent a Mod request to change the PIN before doing anything, how does that get processed & get communicated back to the rightful customer?  Is it via text to the registered phone number or by private message to the user's attached Community account?

 

 


I have never had to change an account PIN before so I am not sure what verifications the moderators would ask for before doing it.  I would presume that they would ask for the birth date of the account holder.  Just like the account PIN, it is something not seen in the self serve and provides a measure of security against fraud.  

z10user4
Mayor / Maire

Re: SIM Swap Fraud

 @will13am : The new PIN still goes to the account's number via SMS.

Jb456
Mayor / Maire

Re: SIM Swap Fraud

Just remove "change sim" from the account. If legit people need to change their sim card then they open a ticket for moderators. Problem solved!

 

 

 

rhkjcfp
Good Citizen / Bon Citoyen

Re: SIM Swap Fraud

Agreed. The trade off is the Mod has more work to do.

Jb456
Mayor / Maire

Re: SIM Swap Fraud

@rhkjcfp  I wouldn't say more work to do as it's not likely everyone is changing their sim card on a weekly basis. I've had to do one change since 2018 as I lost my phone while on vacation. 

 

Shouldn't be a big impact on mods.

 

z10user4
Mayor / Maire

Re: SIM Swap Fraud


@Jb456 wrote:

Just remove "change sim" from the account. If legit people need to change their sim card then they open a ticket for moderators. Problem solved!

 


It would be interesting to see the frequency of these if they were to remove it. I wonder that there's another method hackers are using.

But if I needed service due to something about the SIM then I wouldn't really want to have to wait. I'd rather run out to a store and then change the SIM myself rather than wait.

daki28
Model Citizen / Citoyen Modèle

Re: SIM Swap Fraud

That's what I said earlier, if PM cannot do some extra protection, just remove it. My tradeoff if I ever need this option (and for 20 year haven't had ) is to go to store and do it there. Prove your identity somehow and it's all good. 

Need Help? Let's chat.