Community

---

@meche wrote:

Just reading online about these scams and how some phone providers have 2FA to help prevent them.

 

Any tips from the community about this / does PM offer a QR code etc that is compatible with an external authenticator app?

 

Thanks

 

 

---

PM doesn't offer a QR code or authenticator app, but PM offers 2FA code when login PM self service account.

Since this company (and the others) were required to add some sort of verification for changing the sim, this problem has lessened a lot.

The account has an option to turn off 2FA at log in. But to do something more serious IN the account, it will still require a verification. That can be an email or a text. It has to be the registered email address (which might be why we can't change it ourselves) or to the phone with the currently registered sim in it. Then some people also have a 2FA for their email which could be problematic if they don't have the sim in a phone.

So that step of the crime is to get phone service on someone else's dime.

The next step in the crime is to port the number out. In effect stealing the number.

@meche - i haven't heard about an external authenticator app via QR code.

See some articles about safety in this regard:

https://productioncommunity.publicmobile.ca/t5/Announcements/SIM-Swap-Fraud/m-p/650969

https://www.publicmobile.ca/en/bc/get-help/articles/sim-swap-fraud

SIM swapping is a type of fraud targeting your personal information so that criminals can impersonate you and access your bank accounts. Most victims won’t know they’ve been compromised until they try to place a call or send a text message which doesn’t go through.

How the SIM swapping scam works

1. Many SIM swap scams start with a phishing email to try and trick you into revealing personal information the criminal can then use to impersonate you.
2. Once they have enough personal information, the criminal will call your mobile provider or use the online chat option pretending to be you. They'll request a new SIM card in your name.
3. Once they’ve gained the new SIM card connected to your phone number, they’ll have access to all services you’ve linked to your phone: bank accounts, emails, pictures, phone calls, text messages, etc.

How to protect yourself

• Set up a passcode/PIN with your service provider to access your phone for any online or phone interactions. Do not use the same PIN as you use for other accounts, like your bank account.
• Don’t publish your phone number on any of your social media profiles and limit the amount of personal information you post online like your birthday, elementary school names, or your pet’s name. Fraudsters can use these clues to answer common identification questions and impersonate you.
• Don’t use the same passwords or usernames across multiple accounts. Always create a strong, unique password for your sensitive accounts. Click here to learn more about how to create a strong password.

Don’t click on links or attachments in suspicious emails or text messages. Remember that your bank will never send you an email, or call you on the phone, asking you to disclose personal information such as your password, credit or debit card number, or your mother’s maiden name.

@meche 

Almost every website accounts will have 2FA now. Especially banks.

So don’t disable the 2FA on your account…it might be an inconvenience but in the long run will save your bank accounts if you were SIM swapped. I watched a few SIM swapping nightmares on the news.