03-29-2019 03:17 PM - edited 01-05-2022 04:02 AM
Hello
I suddenly have no service.
I've paid my bills and it is up to date.
This happened suddenly yesterday afternoon And I haven't been able to use my Phone. Anyone have this problem?
Please help.
Thanks.
04-18-2019 01:39 AM
Glad to hear it worked out in the end. It's unfortunate it took a while to get going.
It sounds like you kept the same Public Mobile account. I am left wondering why @pavellyzhin was given a new account and you weren't. Maybe I am paranoid, but I believe the hacker may have enough of your account info (like account number, email address, phone number) to be a potential threat.
I hope all your accounts remain secure including your email account.
04-18-2019 12:45 AM
@ekung wrote:Ok some good news from mod "Jose".
Finally I got some information regarding my situation. Apparently he says that no Public Mobile employee was involved in any SIM swap activity as they noticed a password reset in February followed by 3 login attempts in March until they were finally able to get in and ask for a SIM swap. It was done using Self-Serve and not a mod tool. I was asked to change my password to something more secure and also make my security question secure (I noticed you can write your own question which can be any sort of gibberish with any random answer which is good).
I also received credit for purchasing the new SIM card and got credit for missing 10 days. As far as I'm concerned it's been dealt with but still it could have been dealt with better with a lot more communication and urgency. Whatever urgency there may have been wasn't detected at my end as I never heard from any "fraud people".
So, just make sure you generate a secure password, secure security question, and a secure PIN (ask a mod - maybe Jose).
Thanks for all the help, advice, and concern!
@ekung thank you for the update; hearing those details is a relief. I wonder if @pavellyzhin's account was accessed the same way.
04-18-2019 12:33 AM
Ok some good news from mod "Jose".
Finally I got some information regarding my situation. Apparently he says that no Public Mobile employee was involved in any SIM swap activity as they noticed a password reset in February followed by 3 login attempts in March until they were finally able to get in and ask for a SIM swap. It was done using Self-Serve and not a mod tool. I was asked to change my password to something more secure and also make my security question secure (I noticed you can write your own question which can be any sort of gibberish with any random answer which is good).
I also received credit for purchasing the new SIM card and got credit for missing 10 days. As far as I'm concerned it's been dealt with but still it could have been dealt with better with a lot more communication and urgency. Whatever urgency there may have been wasn't detected at my end as I never heard from any "fraud people".
So, just make sure you generate a secure password, secure security question, and a secure PIN (ask a mod - maybe Jose).
Thanks for all the help, advice, and concern!
04-18-2019 12:10 AM
@ekung wrote:They didn't say anything but maybe I should ask!
Sure, it would be good to know at least. Are you in the clear, is your account, including setting up AutoPay fine?
04-17-2019 11:56 PM
They didn't say anything but maybe I should ask!
04-16-2019 11:11 PM
@ekung wrote:A week later and still no answers - crickets chirping. No word on when I'm getting my money back for the new SIM card I had to buy or reimbursement for losing 10 days of service or any reassurance that I'm safe from further fraud or any information whatsoever about anything for that matter. The only information I've received from mods can be summed up as: "suspend your account", "be patient", "our fraud squad is looking at it", "resume your account", "be patient", "sure we'll pay you back - just go and buy a new SIM", "no money back until fraud team gets back to us", and "please be patient". Amazing. This "fraud team" sounds like a crack team of professionals taking 3 weeks and counting to determine what happened and not contacting me a single time since it started.
@ekung thank you for keeping us up to date on your case. So they've told you that you can resume using the account with a new SIM card? What about AutoPay, did they say whether that is safe to enter a credit card? I feel your pain.
04-16-2019 11:07 PM
A week later and still no answers - crickets chirping. No word on when I'm getting my money back for the new SIM card I had to buy or reimbursement for losing 10 days of service or any reassurance that I'm safe from further fraud or any information whatsoever about anything for that matter. The only information I've received from mods can be summed up as: "suspend your account", "be patient", "our fraud squad is looking at it", "resume your account", "be patient", "sure we'll pay you back - just go and buy a new SIM", "no money back until fraud team gets back to us", and "please be patient". Amazing. This "fraud team" sounds like a crack team of professionals taking 3 weeks and counting to determine what happened and not contacting me a single time since it started.
04-09-2019 09:08 PM
Ok well heard back from the mods. No credit until the "fraud team" completes their investigation. Sounds like no luck getting any money back for a while.
04-08-2019 11:07 PM
I do have service now that I bought a SIM card but it's been a couple days now and the mod was supposed to give me credit for the SIM card I had to buy as well as for over a week without service. I messaged the mod but I guess it takes longer to get a response when you're asking for money (sorry for the cynicism but I'm just so fed up with the begging). As far as I'm concerned I'm not quite done with this until I get my money back (as I cannot get my time back) and until they tell me what happened (still no information AT ALL whether I'm safe or not or what I should / should have done to secure myself in this situation).
04-08-2019 11:09 AM
Mesaging Mods does not help either :)). 13 days in a row now without cellphone in my case.
@Metal1967 wrote:Posting here wont help ...message a mod for your situation...
04-08-2019 11:06 AM
I just used my friend's old prepaid plan from rogers ($100/year for 100min, unlim sms). They accidentialy renewed for another year :))
It depends on your province. In my case, I have limited choices due to my remote location. You may check redflagdeals forum to find a better plan, they often post promotions for Koodo, Freedom mobile. etc. PM is not a cheapist anymore.
@ekung wrote:@pavellyzhin I went from Rogers to PM due to cost - can you tell me what plan you got? Or do you know of any plans out there that are comparible in terms of cost as PM? I've looked around and don't see much.
04-07-2019 09:45 AM - edited 04-07-2019 09:48 AM
04-07-2019 05:45 AM - edited 04-07-2019 05:46 AM
@Metal1967, she has clearly been communicating directly with the mods for some time now.
I do appreciate the updates from @ekung and want to see how this is ultimately addressed by PM. In these types of situations, I think Telus's security team should directly phone the customer and explain the situation.
I also want to know how these situations will be handled in the future.
04-07-2019 01:41 AM
@Dogbert wrote:
Another good read: Free Wi-Fi..... Think Again!
Good read. Thanks for the link.
For me:
#1 real wifi name - Ok. That would be tricky of someone. Get the real name. Check.
#2 sensitive sites - Well that's just the general catch-all.
#3 manual connections - Yup. Do.
#4 log out - Yup. Do.
#5 change passwords - Same as #2 really.
#6 https - Yup. Do.
#7 vpn - Rarely but do have one to use.
Even with #1...if doing #6...websites would be fine. And I use SSL urls and ports for email accounts.
04-06-2019 08:44 PM
The giant Amazon doesn't require all this authentication. They might have the facility for it like Google and Yahoo but it's not required. Just username/password. Of course do all you can for complex passwords and different ones for different sites. Practice what I preach of course but we should all know best practices for online security.
@LovesToPM: I'd like to know, in general terms - not specific, how one could collect this information via "public" wifi? I'm assuming you mean like coffee shops and such. A virus on a device I understand. But just sniffing traffic on a public wifi when log-in sites use https...I don't know. I know email passwords are open text. But that can be locked down as well.
I purchase alot from Amazon. When your IP/device or even location changes alot; Amazon has hard locked all my accounts (both Amazon.ca & Amazon.com & other Amazon related accounts) and they have a 3FA (3 factor authentication: current password, credit card on file & finally a text/call to your phone on file) process, when you move away from what is norm.
For more information data collection; I say start with Wireshark and a bit of Google/Bing.
Another good read: Free Wi-Fi..... Think Again!
04-06-2019 08:26 PM
@ekung wrote:Oh great it turns out I've been "SIM swapped" (https://www.wikiwand.com/en/SIM_swap_scam) which explains why I got an e-mail from Paypal wanting me to change my password as well as my credit card company warning me about a purchase. How did they do that to Public Mobile without a person to talk to on the phone? Sounds like an inside-job? Or someone who is in the community was able to convince a moderator to do it? What are the steps taken before anyone who yells "my phone got stolen" is allowed to swap a SIM to a new number?
I would doubt it's an inside job or a mod whom has been convinced by a community member.
Many people use a gmail account with a simple password, which could result in someone stealing your email account and start working backwords from your emails (example: seeing that you have a PM account & PayPal accont & more...).
Rather than replicating the work done by others; here's a link to Symantec Norton on how to select a secure password.
Also, bewarely of all those free Apps you can get. Nothing is ever really free. Such as a free App that turns your phone light into a flashlight, but requires access full access to your phone should make you think (example: GPS, Contacts & Files). More importantly, beware of Apps which require a new set of permissions for the new updated version. Old news, but still a good read "Google removed 700,000 malicious apps".
Best of Luck in clearing everything up, as it can be alot of work.
04-06-2019 08:03 PM
Posting here wont help ...message a mod for your situation...
04-06-2019 07:58 PM
Here's another update. BTW I got my service back but only after I bought my own SIM card and activated it. Still no idea what happened and nobody from the "investigation team" has contacted me. I will be reimbursed for the card (hopefully) and hopefully given credit for the 10 days without service. This is the message I sent to the mod team:
"I have now changed my SIM number to a new one. Please credit me for the $11.19 I spent on the SIM card and for the 10 days I had no service.
1) Please keep me updated as to what happened and what steps you are taking to make the carrier more secure from socially engineered fraud such as SIM swapping.
2) Let me know if there is a way to secure my SIM with a PIN number that only I know.
3) Please implement two-factor authentication for both the Community site as well as the Self Serve site. DO NOT use text message based 2FA but rather allow for the use of an authenticator app.
This should have worked very differently. I was without service for 10 days and missed several important phone calls. If someone had happened to my husband or I or to one of our children and we didn't have the use of a phone (we have no land line) then imagine the consequences - this is a safety issue.
What you should have done was asked me to get a SIM card and activate it immediately to get my service back. Then I would not have been as furious about the lack of information. I still don't know what happened and whether or not I'm out of the woods in terms of being defrauded online. I wasn't even given any advice by your mods as to what to do to secure my online accounts (I told you I was having issues with PayPal and Mastercard and all you told me to do was suspend my account).
All of this makes PM look like an amateur operation and a soft target for hackers and scammers which is something I will have to tell the several people I referred about - that at the worst of times there doesn't seem to be any coordinated plan in place. As for your "Investigation Team" or whatever you call them, if they actually exist then maybe someone from there could be so kind as to show up online to give us a bit more confidence in your service.
You can do better.
Now please at least give me the credit I deserve for going through this ordeal otherwise I will be looking elsewhere for a service provider. Also, we'll see how you respond to my suggestions above."
04-06-2019 06:41 PM
they might be doing some maintenance
04-06-2019 01:56 PM - edited 04-06-2019 01:57 PM
@Yettiphant wrote:I have service, but none of my Data features work. Its asking me to sign into public mobile, but I changed my plan effective the 1st to a fabricated plan (unlimited can&US calling, Int Text and 6gb of 4g data) .. I have no idea how it's not working as 6gb of data is alot to use in 5 days ...
Go into network settings and make sure "mobile data" is enabled. Restart your phone. Turn air plane mode ON then OFF. Do you have another phone to try your sim card in to see if data is working? Has data ever been working? You say 6gb is a lot to use in 5 days, does that mean it WAS working? Do you see the data in self serve? Have you tried data on more than 1 app, have you confirmed you have no local data restrictions / firewall settings? Go into mobile data usage under settings and make sure you have not used your local "data limit" and there are no network restrictions
Go into network search and try reconnecting to the network and make sure LTE is set to preferred (even if you have 3g) If was already on LTE, then try switching to 3G, did it help? No? Then go back to LTE.
Does MMS work? (Not SMS) MMS uses data. Try sending a picture to yourself. Did you get it?
The most likely cause is the APN. You need to configure (Or re-configure even if you have already configured before) your APN settings to be able to send pictures (MMS) and navigate on internet (DATA). Your "Mobile Data" needs to be activated.
Android
Settings > More / More Networks / Wireless & Networks > Mobile Networks > Access Point Names > New APN setting (or a plus sign)
Iphone
Settings > Cellular > Cellular Data Options > Cellular Network
OR
Settings > Mobile Data > Mobile Data Options > Mobile Data Network.
Name: Public Mobile / Mobile Internet
APN: sp.mb.com
Proxy: Leave blank
Port: Leave blank
Username: Leave blank
Password: Leave blank
Server: Leave blank
MMSC: http://aliasredirect.net/proxy/mb/mmsc
MMSC proxy: 74.49.0.18
MMS port: 80
MCC: 302
MNC: 220
Authentication type: Leave blank
APN type: default,mms,agps,supl,fota,hipri
APN protocol: IPv4
APN roaming protocol: IPv4
APN enable/disable: APN enabled
Bearer: Unspecified
MVNO type: GID
MVNO value: 4D4F
Select Save/Done. Select Public Mobile to connect to the Public Mobile network.
04-06-2019 01:52 PM
I have service, but none of my Data features work. Its asking me to sign into public mobile, but I changed my plan effective the 1st to a fabricated plan (unlimited can&US calling, Int Text and 6gb of 4g data) .. I have no idea how it's not working as 6gb of data is alot to use in 5 days ...
04-06-2019 01:20 PM
@ekung wrote:Here's a question for everyone - is there some hidden menu item that will allow for a PIN number to be created to secure my account online to prevent future SIM swap incidents from happening? Also, I was reading this article on Wired (https://www.wired.com/story/sim-swap-attack-defend-phone/) and I really think Public Mobile should have their own two-factor authentication (by authenticator app, not SMS obviously). Maybe if there are enough people demanding this, it can happen. If someone manages to steal my self-serve account info via public wifi or keylogger, or stolen data files, then imagine all the SIM swapping that could be done (or other harmful bits of fraud). These things are just waiting to happen. Where do I go to post feature requests like this? I think we could all benefit from it.
You can ask the mods to change the PIN.
The giant Amazon doesn't require all this authentication. They might have the facility for it like Google and Yahoo but it's not required. Just username/password. Of course do all you can for complex passwords and different ones for different sites. Practice what I preach of course but we should all know best practices for online security.
@LovesToPM: I'd like to know, in general terms - not specific, how one could collect this information via "public" wifi? I'm assuming you mean like coffee shops and such. A virus on a device I understand. But just sniffing traffic on a public wifi when log-in sites use https...I don't know. I know email passwords are open text. But that can be locked down as well.
04-06-2019 01:02 PM
Here's a question for everyone - is there some hidden menu item that will allow for a PIN number to be created to secure my account online to prevent future SIM swap incidents from happening? Also, I was reading this article on Wired (https://www.wired.com/story/sim-swap-attack-defend-phone/) and I really think Public Mobile should have their own two-factor authentication (by authenticator app, not SMS obviously). Maybe if there are enough people demanding this, it can happen. If someone manages to steal my self-serve account info via public wifi or keylogger, or stolen data files, then imagine all the SIM swapping that could be done (or other harmful bits of fraud). These things are just waiting to happen. Where do I go to post feature requests like this? I think we could all benefit from it.
04-05-2019 11:53 PM
Ok so the update is that I have to buy a new SIM card which is reasonable. They will reimburse me for the card which is also reasonable. What I need to find out now is if I will get credit for over a week without service (being moved from one mod to another and being told to suspend and then resume my service all the while without getting any clear information about what is actually going on). I've been without any service (SMS, phone) for over a week now.
I think what bugs me the most is just the lack of information. I don't understand how a decent "investigation team" can't even just give me an update on what happened. I'm not looking for the technical stuff, I just want to know what steps to take first to secure myself (that should've been the advice at the beginning), then what are the steps to get my service back while the "investigation team" takes however long to do their "investigating". Get my service back first and take however many months you need to do your sleuthing as long as it's safe (I have no clue because again, no info). The messaging from mods has been "be patient" and "we need to hear from the investigation/fraud team first" while I'm wondering "what happened?" and "should I change my passwords?".
Anyways, if I can find a comparible service (price-wise) I may be switching as I can't ever be left like this again - I know it's "first-world problems" but since we thought it'd be ok to get rid of our land line (we also cut cable!) to cut costs, being without a phone for a week continues to be scary especially with kids. I didn't think I needed a call centre person right away but I think I do. I need to think about that one though because I also remember being on hold listening to stupid top 40 pop songs for hours waiting for the big carriers to answer.
04-05-2019 11:31 PM
@pavellyzhin I went from Rogers to PM due to cost - can you tell me what plan you got? Or do you know of any plans out there that are comparible in terms of cost as PM? I've looked around and don't see much.
04-05-2019 01:17 PM
Unfortunately, I cant rely anymore on PM promises. My phone has two SIM cards so I went with Rogers for a second SIM, I still have a dream that one day PM will tell me they fixed it
@ekung wrote:It looks like @pavellyzhin might have already checked out and I'm thinking that may be the route I will take if I can find a mobile plan I can afford. If there were more options I'd be gone by now. I have no confidence in how Public Mobile handles things in the worst of times and wouldn't trust their "investigation team" to do any better in future hacks and breaches.
04-05-2019 09:55 AM
It looks like @pavellyzhin might have already checked out and I'm thinking that may be the route I will take if I can find a mobile plan I can afford. If there were more options I'd be gone by now. I have no confidence in how Public Mobile handles things in the worst of times and wouldn't trust their "investigation team" to do any better in future hacks and breaches.
04-05-2019 09:49 AM
Ok so Mary told me to resume my service on self-serve after the last mod told me to suspend service a week ago. Terrific except that I have no clue (and it seems like nobody really does) if doing such a thing is still as risky as the last mod who told me to suspend it seemed to suggest. I told Mary this is great but I don't know what is going on and no fraud team member (it's now called "investigation team") has ever said anything and I don't even know if a team exists since I feel like I'm just being toyed with. Will I need to beware of someone intercepting my SMSs? I have no idea and now that I've resumed service that is what I'm afraid of since the earlier mod seemed to think this was a SIM Swap. I'm no InfoSec ecpert but wouldn't anyone have legitimate concerns when one person tells you "oh no you've been defrauded" and another says "oh just go back to what you're doing". AND IT'S now day 9!
04-04-2019 09:49 AM
@ekung I already give you the badge of PATIENCE!!!
04-04-2019 09:41 AM
She has jumped in. I'm hoping this gets done now but we'll see. Day 8.