12-13-2020 06:06 PM - edited 01-06-2022 01:33 AM
got a victim of sim jacking today, followed by my PayPay account getting hacked. Managed to buy a new PM sim card right away, do the "sim card change", and everything seems to be back to normal. A few questions though:
- how exactly did they manage to do the sim swap? from what I was reading online it's usually a result of a "human negligence" when someone calls customer support, pretends to be me, comes up with an explanation as to why they can't answer all the security questions, and asks to switch the sim card. Since PM doesn't seem to have live agents that answer phone calls does that mean that the only way is to hack my account with PM by picking my password (which I kind of doubt, having a strong randomly generated password)? Are there other ways of changing the sim card I am not aware of?
- why can't PM send an automatic email notification to a user who's sim card has just been changed? Just in case the change was fraudulent. If that was the case I would've learned about the "jacking" even sooner.
- since this "sim jacking" is getting more common, can't PM introduce another layer of security for the "change the sim" functionality? Such as asking us a security question for example. Just to make it slightly more difficult for the bad guys.
Thank you
12-14-2020 09:40 AM
I agree, PM needs more security. Some 2 way authentication and email notifications that a different IP signed in to your account would go along way with stopping a large majority of these guys.
Another thing I was wondering if people have taken photos of the SIM and are waiting for it to be activated.
12-13-2020 07:06 PM
@yvinogradov wrote:the passwords (PM, PayPal, and the rest of the critical ones) have been changed.
I am curious to know if PM keeps the logs of the user activity at self serve and can tell me how exactly the sim card switch took place.
once again on the subject of "security questions" - why can't they ask us these questions to confirm our identity for the most critical tasks (change sim, change number, etc). If they don't use them for this, then what are they there for in the first place?
1. The answer of your "security questions" is used when you want to reset your password. After login to your account, PM had verified your identity. Therefore, no future check.
2. Remember your account PIN#. It is used to certain task when you call 611 from your cellphone.
12-13-2020 06:52 PM
So sorry to hear this happened to you. Have you let the moderators know about this? If not, contact them.
To contact the Public Mobile Moderator_Team, there are two ways to reach them:
1 - Click the bubble comment circle on the bottom right hand side of your screen, or use this link to:
Get Help With SIMon the Public Mobile chatbot
OR
2 - Use this link to:
Private Message to Public Mobile Moderators(PM Customer Service Representatives)
12-13-2020 06:28 PM
the passwords (PM, PayPal, and the rest of the critical ones) have been changed.
I am curious to know if PM keeps the logs of the user activity at self serve and can tell me how exactly the sim card switch took place.
once again on the subject of "security questions" - why can't they ask us these questions to confirm our identity for the most critical tasks (change sim, change number, etc). If they don't use them for this, then what are they there for in the first place?
12-13-2020 06:15 PM - edited 12-13-2020 06:16 PM
If you are using the same password and email address for other web login, some one got of your password from another website and use the same password on PM self-serve login.
People should not use the same password for every online login.
Change your password ASAP.
12-13-2020 06:15 PM
We are still trying to understand exactly what you are wondering. PM did not officially confirm this to be a problem and only they can investigate to find the exact cause. I have thought about the exact same thing to implement email confirmation as a security enhancement when the sim or phone number is requested to be changed. They cannot assume it is always the owner logging into the self-serve account. Even if they reach out to mods, account verification is required, so i don't know how sim jack is possible unless they actually get access to the self-serve account or if there is a glitch in their systems that is somehow changing peoples sim cards.
______________________________________________________________________
I am not a mod. Do not send me private message with your personal info.
If you need to contact PM Customer Support Agent, send a Private Message.
12-13-2020 06:13 PM
With public mobile, somebody likely gain access via your self service account and change SIM card that way. Need to have a stronger self service account password, or email account password, and not to re-use password between accounts. Might need to change your self service password if not done already. Also, double check your other online accounts.
You are right... there have been more SIM jacking recently. PM has recently strengthened port protection, but not SIM jacking.