Community

iPhoneUser · ‎02-13-2020

Canadian consumers stung by cellphone porting scam: 'It's the creepiest thing'
With the unintended help of her phone company, a scammer was able to seize Carolyn Morgan's phone number.

Read in Global News: https://apple.news/AvjUMBuHsRkmkRKBktBjjDQ

mpcdesign · ‎02-20-2020

I have a cousin who posted her home address and phone number on LinkedIn and Facebook because she thought it was a secured line. Yeah, I don't think so. So, I told her to take it down or else your place may get robbed. Nope, she didn't listen to me.

Guess what happened next.....

DOA · ‎02-20-2020

A grandmother in my town was recently scammed out of $14,000 when bad guys purporting to be her grandson claimed "he" needed the money to bail himself out of jail. The scammers got his and her information from facebook.

People get their houses robbed because they post pictures of their Mexican vacations on facebook and scream to the world that their house is empty.

If people want to post all of their personal information on social media, they shouldn't be surprised when crooks find a way to piece it all together and use it in some nefarious way.

Facebook and insta are the bain of our existence.

will13am · ‎02-13-2020

@mpcdesign wrote:
First of all, who works at 1020pm EST or PST? Rogers sure don't. So, that itself is a bit sketchy. If in doubt, go to a Rogers store. Don't call the number what was given.

If this happened at Public Mobile, I wouldn't call the number because Public Mobile doesn't have a call centre; I ask the community forum first.

I give an example here. Just the other day, I received a call from a school that I used to work for. A college. The caller said he is doing a survey for this school and BC Stats. I said I was busy. The caller said he can email me and needs my email address. I said, since you work at the school, you would have that information. He says he doesn't, and by law, the information is needed for BC Stats. I said, again, if you work at the school, then you know my email address. I hung up on him. If I felt it was fishy, it was probably is.

Big red offered 24/7 call in support. At least they used to when Internet was not as reliable as it is today. I know their social media channels have crazy hours these days.

mpcdesign · ‎02-13-2020

First of all, who works at 1020pm EST or PST? Rogers sure don't. So, that itself is a bit sketchy. If in doubt, go to a Rogers store. Don't call the number what was given.

If this happened at Public Mobile, I wouldn't call the number because Public Mobile doesn't have a call centre; I ask the community forum first.

I give an example here. Just the other day, I received a call from a school that I used to work for. A college. The caller said he is doing a survey for this school and BC Stats. I said I was busy. The caller said he can email me and needs my email address. I said, since you work at the school, you would have that information. He says he doesn't, and by law, the information is needed for BC Stats. I said, again, if you work at the school, then you know my email address. I hung up on him. If I felt it was fishy, it was probably is.

will13am · ‎02-13-2020

@darlicious wrote:
@iPhoneUser I saw this on the news as well. There's no sweet talking customer service agents here...fishing for information. The industry and the CRTC need to come up with a 2FA process for the porting of numbers. Setting up with a temporary number to allow a ported number to go thru a verification process before completing a port can significantly cut down on the amount of fraudulent ports and give customers the opportunity to prevent it from happening and the subsequent financial firestorm it can cause. The ease of port system set up by the CRTC and regulated by the ACC is too easily exploited by fraudsters and sophisticated criminal organizations.

I think a lot of the problem is rooted in the customer. The conversation starts with the customer wants certain conveniences. Processes are then built around those conveniences.

The social engineering piece is human error. Big red has always used date of birth as one of the verification requirements in order for an agent to access the account. Customers complained that exchanging such personal information with an agent over the phone was not good. So they use PIN code as an alternative. Later they added voice recognition to automatically verify customers. Of course with social engineering, the agent on the other end can be convinced a voice mismatch is still okay because "I have a cold" or some other weak excuse. My note to self above is something that I practice 100% of the time. I do not use 2fa via SMS, never have, never will.

will13am · ‎02-13-2020

Note to self, SMS is not secure. Don't rely on it for things like 2fa. In fact, it is probably safer to forgo 2fa if SMS is the only option.

darlicious · ‎02-13-2020

@iPhoneUser I saw this on the news as well. There's no sweet talking customer service agents here...fishing for information. The industry and the CRTC need to come up with a 2FA process for the porting of numbers. Setting up with a temporary number to allow a ported number to go thru a verification process before completing a port can significantly cut down on the amount of fraudulent ports and give customers the opportunity to prevent it from happening and the subsequent financial firestorm it can cause. The ease of port system set up by the CRTC and regulated by the WCC is too easily exploited by fraudsters and sophisticated criminal organizations.

Community

So do you use your mobile number for “other accounts”? I don’t.