10-23-2020 08:40 AM - edited 01-05-2022 05:19 PM
Hello all--
Turns out overnight I was SIM-Swapped. I can't contact PM because they have no clear method to contact them and get them to de-activate the SIM. I can't get to Wal-Mart to get a new SIM until they open in an hour and a half. The hacker made a $800 purchase on my PayPal, so obviously I've got that to deal with as well. Has this happened to anyone? Can anyone help? Assuming I will need to get a new SIM ASAP?
Solved! Go to Solution.
10-23-2020 01:29 PM
if you would like some security I suggest following these instructions
create an email strictly for public mobile
change your name and address on your self serve account
don't use your personal email password for the pm website
don't use a password manager(chrome, safari, etc. browsers
don't use your cellphone number as a 2fa for banks, PayPal etc
10-23-2020 11:11 AM
I'm just going to add one piece from all of will13am's excellent replies....we've heard of people getting their original SIM re-instated by the mods. So no need to buy a new one. So when you're going through all this with them, be sure to ask for that too.
The rumour is that there was a data breach back in Feb so even with great passwords the crook would simply use that reference to log in.
I say all the cell companies participate in aiding and abetting fraud by not having final confirmations via text as a last line of defense. There should be one for porting and another for changing SIM.
It doesn't do anything for those that don't do texting but for most of us it would be the final piece of defense.
10-23-2020 10:56 AM
Great info, @will13am , thanks so much!
10-23-2020 10:48 AM
@frosty34 , changing phone number is a good question. Let me start by saying that your phone number is vulnerable to being ported by whoever jacked your account. To port all that is required is name, phone number and account number. Even after you switch SIM card, the perpetrator has all the necessary information to take over your number via porting. The only way to change the account number is to start a new account which is a lot of work if you want to keep your phone number. Changing your phone number may have inconveniences that you have to decide if it's manageable. One thing you can do in the self serve is to change your name. Since this is a prepaid service, you don't have to be truthful with the name. In fact, putting in a different name provides port protection security. My understanding is that 2FA port protection is possibly coming back. Not sure when. Given all this you have to decide what's the best way forward.
10-23-2020 10:41 AM
@frosty34 , it's absolutely essential to have a strong password on the cellular account. It's the cornerstone to security for all accounts that have 2FA that's reliant on the cell number. While on the topic of security, make sure your phone has a secure lock code in case you accidently lose it. Also set the phone up for remote data wipe if needed.
10-23-2020 10:38 AM
One more question for you @will13am since you have been so helpful -- is there any value in also changing my phone number, or am I okay to keep it once I get my hands on a new SIM?
10-23-2020 10:36 AM
Thank you @will13am that is very helpful. This is a cautionary tale, because it is extremely easy to change SIM cards once logged into someone's PM self-serve account. I feel like it is almost too easy. Perhaps my password was too easily guessed, and that is my fault, but the moral of the story here is that we all need to have very strong and unique passwords for the PM self-service site.
10-23-2020 10:29 AM - edited 10-23-2020 10:30 AM
@frosty34 , declaring the lost phone function will disable the current SIM card from being used. You will need to get a new SIM card and then declare phone found, change SIM card to activate the new SIM card to restore normal service. The SIM card you have on your phone right now is useless.
10-23-2020 10:07 AM
@will13amDo I need to purchase a new SIM and reassign it to my device? Will that give me control of my device back?
I have not been able to get a response from a moderator as yet.
Thanks!
10-23-2020 09:47 AM
Thanks for this!
Will this process restore control of my number to me? That is, will this permanently prevent the hacker from receiving my texts/phone calls/etc?
10-23-2020 09:43 AM - edited 10-23-2020 09:45 AM
You can log into your account to change your sim and phone#. You can only change your phone# once every 30 days.
Once you receive your new SIM card, you can change the SIM card number on your account and reactivate your service via Self-Serve by following these steps:
https://www.publicmobile.ca/en/on/get-help/articles/change-your-phone-number
10-23-2020 09:40 AM
Thanks!
Once that's done, what is the next step? Do I need to get a new SIM? I can get one relatively quickly. Will I also need to change phone numbers, or will I be secured by reassigning the new SIM to me?
10-23-2020 08:59 AM - edited 10-23-2020 09:01 AM
@frosty34 , you can secure self serve account by changing your password and applying the lost/stolen phone function. This will immediately prevent anyone from using your number for 2FA. If you need moderator team assistance with this, following the suggestion already provided. Separately for all other accounts relying on 2FA that have been compromised, you need to work with them to prevent further damage and undo what has been done. Good luck.
10-23-2020 08:54 AM - edited 10-23-2020 08:55 AM
If you can log into your self serve account then change your password and security questions.
Here is a previous thread.
https://productioncommunity.publicmobile.ca/t5/Using-Your-Service/SIM-Swap/m-p/600545#M122210
You can send a private message to a moderator.
https://productioncommunity.publicmobile.ca/t5/notes/composepage/note-to-user-id/22437