cancel
Showing results for 
Search instead for 
Did you mean: 

What's behind all the SIM-jacking incidents?

sheytoon
Mayor / Maire

It seems to be a daily occurrence, yet we never hear about the root cause, and people are still able to log in to their accounts.

 

Is it malicious attackers, a PM system glitch, or some other reason?

 

I would think if attackers were doing this, and they had enough info like account holder's name, phone number, account number, they would also probably change the password to the self serve account.

 

Is this happening as frequently with all operators? What am I missing?

12 REPLIES 12

@kb_mv Like yours better but had lost the link. 'ta


>>> ALERT: I am not a CSA. Je ne suis pas un Agent du soutien à la clientèle.


@Luddite wrote:

 

Password strength checker: https://www.bennish.net/password-strength-checker/


@Luddite Another good option is https://www.my1login.com/resources/password-strength-test/

 

If you enter the same password into both, they may give differing opinions on the strength of the password and the site I posted will tell you why.

Luddite
Oracle
Oracle

Unfortunately PM requires your email address as username. So, best to, at least, use an exclusive to PM alias and decent password.

 

Password strength checker: https://www.bennish.net/password-strength-checker/


>>> ALERT: I am not a CSA. Je ne suis pas un Agent du soutien à la clientèle.

@gpixel  Koodo been breached a few times. I have 3 accounts still with Koodo. Never had an issue yet. Fingers crossed lol.

 

There are breaches everywhere. Just put your email in on link below. See if your info has been breached at one point in time.

 

https://haveibeenpwned.com/

 

It's not just data breaches that result in simjacking. It also comes down to people themselves who are just careless online. People need to realize that anything they do online leaves a digital footprint. Even if a website is no longer in existence info can be found through caches. If people stop using the same password for everything and make them very strong. Use a specific email for important stuff while a second email for social stuff they should be ok. I mentioned on an older thread in the past that I've had same Hotmail address since like 1998 and get under 10 spam emails a month. Not many can say that.

 

If you google 'simjacking" there are a few good links that come up with people posting articles on how, why and what you can do to protect yourself.

 

At the end of the day it really comes down to people being careless. Just go through your Facebook friends list and click " About Info". 

Screenshot_20210121_003705.jpg

 

Then log out of your Facebook and try checking "About Info" on another FB account that doesn't have that person on the friends lists. Some have it set where it won't be visible while others have it set to everything is visible doesn't matter if you're a friend or not. Even email address.

 

Although data breaches, etc do play a very strong part. People just being careless online have a part as well. Just look at how many people come on these forums and post everything required for a sim jack. Pretty sure those people have personal info on another 100 sites out there.

 

Simjackers are professionals. They know what to do, what to look for, who's an easy target. It's their job. Just like you're a professional and know what to do in your job. Although I bet simjackers get paid more lol.

 

 

I've spoken to a lot of the members who were victim to it.  the one thing they all have in common is they were active members before Feb/march 2020 

only one recent member had activated an account around may/june 2020.

 

many, if not all, never or rarely participated in the forums till the day they were hacked.

 

there were also port out fraud attempts in the forums, but I haven't seen them for a long time now. they all seem to be change sim.

 

I'm thinking most fraudsters know of this technique now and have alerted friends

Simjackers don't bother changing PM password. What's the point? 

 

From changing sim card # it probably takes them under 30 seconds to gain access to your PayPal account (if you have one) and collect the quick easy money first.. Then proceed from there through all the other potential accounts they can get in.

 

At the other end. I'd say minimum 20 minutes (for a super savvy PM forum user) to figure out what's going on after doing their check list of tests as to why their phone ain't working. You see many threads. "my phone hasn't worked since yesterday, hasn't worked in 48 hours, hasn't worked in 3/4 days, hasn't worked in a week". 

 

In n out is a simjackers goal. Easy peasy.

 

Then add to the fact the smart ones do it late at night when the victim is sleeping. So they have a few hours to play around.


@gpixel wrote:

 

 

pm login credentials were leaked even though they won't admit it

 


curious.. where you got this info from?

the main sim jacking is from the February security breach because before that time there was none of this. I also believe there was another breach recently after speaking with one customer. so I suggest you guys change your passwords

 

pm login credentials were leaked even though they won't admit it

 

HALIMACS
Mayor / Maire

@sheytoon 

 

Here's my 2 cents worth.

 

Public Mobile, being an online only provider, requires users to be somewhat competent and capable of utilizing services on an online-basis only.  

 

I would say MOST users are - but some are not.

 

There are some who post on this Community who clearly aren't reading or understanding the information supplied by Public Mobile about the nature of this service.  They post personal information that leave some of us gasping when they post excessively personal information on the Community. 

 

I'm thinking these folks, while having the best of intentions in going with Public Mobile, may be somewhat out of their realm.

 

SO, Public Mobile fits a niche that alot can use, but maybe not all.  (without a little help from their friends...)

esjliv
Mayor / Maire

@sheytoon ,

I am thinking inline with @computergeek541 , in terms of Public Mobile having all their guts basically put out there on the forum. So we hear of these cases more than customers from other providers. Where as other providers have stores or call centers to contact and everything is more behind the scenes.

 

I have not heard of SIM-Jacking until I became a PM customer. I do not like. It makes me angry. And I wish there was more PM could do, but I guess we all have to be careful for ourselves really.

 

I have put in a ticket months ago when I noticed much chatter on the forum about this topic wanted to know more. 

 

In regards to security one mod's answer was:

"I would recommend you to secure your self serve account with a more stronger password, and change it from time to time, and not to share to anyone the information related to your account, since only these can constitute a source for a potential SIM hijacking."

 

Any one is a target, not to freak anyone out or anything. Not just SIM jacking, but other frauds out there too.

Oh to live in a bubble...wait, some of us already are - LOL.

Gunner123
Deputy Mayor / Adjoint au Maire

@computergeek541 wrote:

@sheytoon wrote:

It seems to be a daily occurrence, yet we never hear about the root cause, and people are still able to log in to their accounts.

 

Is it malicious attackers, a PM system glitch, or some other reason?

 

I would think if attackers were doing this, and they had enough info like account holder's name, phone number, account number, they would also probably change the password to the self serve account.

 

Is this happening as frequently with all operators? What am I missing?


This happens at all carriers. I think part of this has to do with there being no over-the-phone customer service so many instances that people would never hear about are post about on this website.  The issue is concerning, and I do know that Public Mobile has been informed that this seems to be happening more lately.


@computergeek541 Hi thanks for your response  I was wondering the same thing is it people being careless?  how are they getting into peoples accounts?


@sheytoon wrote:

It seems to be a daily occurrence, yet we never hear about the root cause, and people are still able to log in to their accounts.

 

Is it malicious attackers, a PM system glitch, or some other reason?

 

I would think if attackers were doing this, and they had enough info like account holder's name, phone number, account number, they would also probably change the password to the self serve account.

 

Is this happening as frequently with all operators? What am I missing?


This happens at all carriers. I think part of this has to do with there being no over-the-phone customer service so many instances that people would never hear about are post about on this website.  The issue is concerning, and I do know that Public Mobile has been informed that this seems to be happening more lately.

Need Help? Let's chat.