cancel
Showing results for 
Search instead for 
Did you mean: 

What can I do to protect myself against porting scams?

Bonbu
Great Neighbour / Super Voisin

I've been seeing a lot of posts about people being scammed/hacked from their numbers being ported without their consent. Is there anything I can do on Public Mobile to prevent my number from being ported?

11 REPLIES 11

Use unique, strong, and long passwords on Self-Serve and on linked email account.

 

Always logoff your online banking, finances, paypal after you're done with it. And make sure your device software "never remembers" these passwords. It's inconvenient for you to enter the passwords again every session ... but it's even more inconvenient for somebody who's not you.

 

Uninstall as much useless unwanted telemetry as you can. Don't need those apps tracking you. Don't want that social media app offering a list of websites and accounts you log into. Don't want that communications app to keep a list of passwords for networks which store your info (contacts, accounts, passwords, etc). Don't want that "smart" onscreen keyboard app basically being a realtime keylogger connected to Microsoft's cloud.

 

Install some obstructions and damage control onto your accounts by linking the 2FA to other things (like other phone numbers) which aren't stored on your phone. So there's no history about which bank you use stored in your messages, there's no way for somebody to use your stolen phone to steal access to those accounts.

 

If your phone software has built-in "security" features then use them. Put a PIN lock on your screen, on your settings, on your "About this device" info, on your SIM card.

 

When it comes to those stupid "secret" question backdoors into your accounts ... "which high school did you attend?", "Darth Vader".

 

Don't spew your personal information - name, address, phone number, etc - all over social media, lol.

 

And all this assumes you control your software, your hardware, your network. If any of these things is compromised then you could be in trouble. Purchase the device and the SIM card through legit vendors. Get rid of malware and spyware. Don't login to private things across wifi hotspots or other open public networks.

 

Think about it from a potential thief's perspective. What information would need to offer Public Mobile to confirm your identity and "steal" your own phone number? How and where could you obtain that information? And, assuming your phone and/or phone number was stolen, what else could the thief steal from you with it?

Vancouverbc
Good Citizen / Bon Citoyen

@Jb456 wrote:

Even different then what the real answer is would be best.

What a great idea.

Q? "What is your favourite colour"?

A:  555-1212

 

What is used as the answer isn't important, only that whatever is typed as the answer matches what the system is expecting. I'm going to use that technique. 

Jb456
Mayor / Maire

@softech 

 

Put your email in on this link. See how many times it's been involved in a data breach or bin paste.

 

https://haveibeenpwned.com/

 

 

mimmo
Retired Oracle / Oracle Retraité

@softech porting requires 3 pieces account name account number and tel number.   So if you name is John doe and selfserve has it as Johnny for the Port will not go through.

 

Sim jacking ie if they get access to your account via email and pass and initiate a sim number change is a different story, hence the suggestion of a different email address or even a Gmail alias ie John+123@gmsil.com instead of john@gmail.com

@softech  yes you're very active on here so I assume you also see all the people that freely post all there personal info on a public forum. Some even have their full name or phone number as their username.

 

Part comes down to people being careless on the internet with their personal information. The other part comes down to some other website having a data breach and people using the same password for every single thing they sign up for. 

 

People have to remember these scammers are professionals and it's their 24/7 job. Hack n make money simple as that!.

 

It's rather simple to take someone's username Google with quotes and try to find similarities on other same usernames for other sites if it's the same person. Chances are (people that use specific usernames definately use the same on other sites) then you just start digging and digging. Before you know it you have the person Facebook info, email and physical address. The list goes on and on. Then even the security answer to "Forgot passwords" need to be very strong. Even different then what the real answer is would be best.

 

"What is my mother's maiden name?". Ok well this person has a wide open Facebook. Start digging through his pictures, likes and posts. Eventually you'll find something about the mother and their name. Voila I just hacked into your email. Now I'm in your email. Just continue to request forgot passwords from all kinds of sites and get into those as well.

 

It's pretty much endless if people don't take the first step in protecting themselves. 

 

Even in the Lounge on these forums I find people post to much personal stuff that opens up an opportunity for scammers.

 

Then personal pictures ain't good. You could reverse image search and see if the same image comes up somewhere else then start digging.

 

I've had my same original Hotmail email address since like 1998 and I get under 10 spam messages a month. I'm sure not many can say the same regarding spam emails. It's all about what and how you do things online.

 

I hope this message gives some type of understanding how easy it is for scammers to get your info and do a simjack. 

 

Won't go into Keyloggers and stuff as that would be a whole other category. 

 

Just stop the personal info online, different strong passwords for every site and be more cautious should help protecting you.


@HALIMACS wrote:

 

EDIT:  On your public mobile profile, your name can be anything you want it to be - doesn't have to be your actual name.

 

 

 


you mean on the PM My Account.. use different name?  would it affect anything we actually need to do with PM?    Also,  if we can use different name, that mean PM would not check name.. how does that get safer?


@HALIMACS wrote:

Hi @Bonbu 

 

Great question.

 

Make passwords strong.

Don't use ANY personal information in user names or on public forums.

Check activity on accounts once in awhile to make sure everything is the way it should be.

 

EDIT:  On your public mobile profile, your name can be anything you want it to be - doesn't have to be your actual name.  Also make sure your security question is something ONLY you would know.  Make sure your PIN number is not a repeating number (i.e. 1111)  or (1,2,3,4)

 

 

 


+1 for the alternate name.  That will definitely address SIM jacking by way of social engineering.  On that note, it would difficult for anyone to sway a moderator to do a SIM swap by trying to be convincing.  I can see this happening in a face to face situation or even over the phone.  It is quite the challenge using private messaging.  

gpixel
Mayor / Maire

@Bonbu unfortunately no, it is inevitable... all we can do is wait and hope 

softech
Oracle
Oracle

 

 

is SIM jacking getting more common these days?  Honest, i never hear these from friends.. but maybe I am following the community daily.. seeing quiet a lot of thread about this... 

Jb456
Mayor / Maire

@Bonbu 

 

Porting or Simjacking? There two different things.

 

Porting see below link.

 

https://www.publicmobile.ca/en/bc/get-help/articles/port-fraud-protection

 

Simjacking. Very strong password. Shouldn't match all your other passwords. Whatever else you do on the Internet. Like social media, etc. Lock that stuff down so not to much information about you is visible publicly. 

 

Even create a new email only for PM with a very strong password. So if your normal day to day email is hacked or a data breach on another site. It's a better chance that the scammers won't get into your PM email as it technically is not posted and used all over the place.

HALIMACS
Mayor / Maire

Hi @Bonbu 

 

Great question.

 

Make passwords strong.

Don't use ANY personal information in user names or on public forums.

Check activity on accounts once in awhile to make sure everything is the way it should be.

 

EDIT:  On your public mobile profile, your name can be anything you want it to be - doesn't have to be your actual name.  Also make sure your security question is something ONLY you would know.  Make sure your PIN number is not a repeating number (i.e. 1111)  or (1,2,3,4)

 

 

 

Need Help? Let's chat.