cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
Model Citizen / Citoyen Modèle

So do you use your mobile number for “other accounts”? I don’t.


Canadian consumers stung by cellphone porting scam: 'It's the creepiest thing'
With the unintended help of her phone company, a scammer was able to seize Carolyn Morgan's phone number.

Read in Global News: https://apple.news/AvjUMBuHsRkmkRKBktBjjDQ




 

 

Highlighted
Mayor / Maire

Re: So do you use your mobile number for “other accounts”? I don’t.

@iPhoneUser  I saw this on the news as well. There's no sweet talking customer service agents here...fishing for information. The industry and the CRTC need to come up with a 2FA  process for the porting of numbers. Setting up with a temporary number to allow a ported number to go thru a verification process before completing a port can significantly cut down on the amount of fraudulent ports and give customers the opportunity to prevent it from happening and the subsequent financial firestorm it can cause.  The ease of port system set up by the CRTC and regulated by the WCC is too easily exploited by fraudsters and sophisticated criminal organizations.

Highlighted
Oracle

Re: So do you use your mobile number for “other accounts”? I don’t.

Note to self, SMS is not secure.  Don't rely on it for things like 2fa.  In fact, it is probably safer to forgo 2fa if SMS is the only option.  

Highlighted
Oracle

Re: So do you use your mobile number for “other accounts”? I don’t.


@darlicious wrote:

@iPhoneUser  I saw this on the news as well. There's no sweet talking customer service agents here...fishing for information. The industry and the CRTC need to come up with a 2FA  process for the porting of numbers. Setting up with a temporary number to allow a ported number to go thru a verification process before completing a port can significantly cut down on the amount of fraudulent ports and give customers the opportunity to prevent it from happening and the subsequent financial firestorm it can cause.  The ease of port system set up by the CRTC and regulated by the ACC is too easily exploited by fraudsters and sophisticated criminal organizations.


I think a lot of the problem is rooted in the customer.  The conversation starts with the customer wants certain conveniences.  Processes are then built around those conveniences.  

 

The social engineering piece is human error.  Big red has always used date of birth as one of the verification requirements in order for an agent to access the account.  Customers complained that exchanging such personal information with an agent over the phone was not good.  So they use PIN code as an alternative.  Later they added voice recognition to automatically verify customers.  Of course with social engineering, the agent on the other end can be convinced a voice mismatch is still okay because "I have a cold" or some other weak excuse.  My note to self above is something that I practice 100% of the time.  I do not use 2fa via SMS, never have, never will.  

Highlighted
Model Citizen / Citoyen Modèle

Re: So do you use your mobile number for “other accounts”? I don’t.

First of all, who works at 1020pm EST or PST? Rogers sure don't. So, that itself is a bit sketchy. If in doubt, go to a Rogers store. Don't call the number what was given.

 

If this happened at Public Mobile, I wouldn't call the number because Public Mobile doesn't have a call centre; I ask the community forum first. 

 

I give an example here. Just the other day, I received a call from a school that I used to work for. A college. The caller said he is doing a survey for this school and BC Stats. I said I was busy. The caller said he can email me and needs my email address. I said, since you work at the school, you would have that information. He says he doesn't, and by law, the information is needed for BC Stats. I said, again, if you work at the school, then you know my email address. I hung up on him. If I felt it was fishy, it was probably is. 

Highlighted
Oracle

Re: So do you use your mobile number for “other accounts”? I don’t.


@mpcdesign wrote:

First of all, who works at 1020pm EST or PST? Rogers sure don't. So, that itself is a bit sketchy. If in doubt, go to a Rogers store. Don't call the number what was given.

 

If this happened at Public Mobile, I wouldn't call the number because Public Mobile doesn't have a call centre; I ask the community forum first. 

 

I give an example here. Just the other day, I received a call from a school that I used to work for. A college. The caller said he is doing a survey for this school and BC Stats. I said I was busy. The caller said he can email me and needs my email address. I said, since you work at the school, you would have that information. He says he doesn't, and by law, the information is needed for BC Stats. I said, again, if you work at the school, then you know my email address. I hung up on him. If I felt it was fishy, it was probably is. 


Big red offered 24/7 call in support.  At least they used to when Internet was not as reliable as it is today.  I know their social media channels have crazy hours these days.