cancel
Showing results for 
Search instead for 
Did you mean: 

Possible SIM swap

Pigma
Good Citizen / Bon Citoyen

I believe I've been the victim of a SIM swap attack. Here are the series of events that leaves me to believe this (I work in IT security, so I'm somewhat familiar with these attacks):

 

1. Suddenly, my phone wasn't connecting to any Public Mobile network (I'm not talking about Wifi or Cellular Data, I mean the actual Public Mobile network directly).

 

2. My Gmail account was suddenly bombarded with registrations to new websites and services, including a PayPal account registration.

 

3. I visited a store that serves Public Mobile clients, and they didn't know what a SIM swap was, so I opted to purchase a new SIM card to change it myself.

 

4. I opened my Public Mobile profile/account via the website, and noticed that the SIM card that was registered didn't match with the one in my cellphone.

 

5. I changed to the new SIM card, and my phone started working again, however:

 

6. My number is now different that the one I've used in the past decade with Public Mobile.

 

7. I went back to the store and they were just as confused as I was, and suggested I post here.

 

My question is, what do I do now if I can't go into any store since those don't exist anymore, and those who resell don't have access to anything.

31 REPLIES 31

@Pigma 

Although @JoyLuck suggestion has merit it may also open up a whole different set of problems. You cannot transfer phone numbers between accounts and you can't transfer rewards either so while you may save your number you're still in a spot. But working within the realm of telus and where the blame lies for the security failure of your account. There's no reason you can't be offered a free sim card and a minimal charge telus account and port your number back in. Which you should be able to do sooner than 30 days.

Pigma
Good Citizen / Bon Citoyen

@JoyLuck wrote:

@Pigma 

 

Can you ask a mod that if you open another PM account right now whether they can get your number back right away?


That's a really smart idea. Can any mods comment on that idea?

 

Hopefully they can port community rewards and all that, because I have some nice bonuses for being a member in almost a decade now. Wouldn't wanna lose those.

 

Thanks for the suggestion!

@Pigma 

 

Can you ask a mod that if you open another PM account right now whether they can get your number back right away?

@Pigma most customers receive their number back within days. I'm thinking because you changed sims, it messed up the system? not sure... maybe the perpetrators changed your number just before you were able to change your sim. 

 

it does make sense what the mods are saying. they don't have that ability to change your number before the 30 days mark.

Pigma
Good Citizen / Bon Citoyen

If they could name those things restricting them that fall under law and regulation, then I would have to agree. My situation up until now has simply been a lot of reaching out and hoping for the best.

 

I'll keep the thread updated.

@Pigma 

This might be a problem that in a way is out of Pm s hands in the aspect that it might be WCC  regulations preventing them from returning your number immediately but it is your original number. However there should be a way for them to deal with telus to retrieve the phone number from the holding pool and reserve it to give it back to you in 30 days. The managers need to reach out to their contacts with telus and make this arrangement. They don't want to guarantee something that they can't 100% be sure they can do but it sounds like they will be trying their very best to do so. This is a major inconvenience for you unfortunately....just keep the pressure on to ensure they do everything can to right this wrong perpetuated by neither of you.....dang fraudsters!

Pigma
Good Citizen / Bon Citoyen

Update for new mods stepping into this:

 

My latest message with a mod on this issue: 

 

"I've checked again and we tried to force a bit the system but it did not allow us to change back the number because you've (note from OP/user: this wasn't done by me. This is the issue I'm trying to fix!) changed the number once and you are allowed to do it only 1 time per billing cycle.

This means you will need to wait 30 days in order to be able to change the number again. However, we cannot guarantee that you have 100% to receive back that number even if it's kept by the system.

 

Please reach us in 30 days and we will be more than happy to try to give you back your beloved number".

 

I understand that there are security features which limit abuse by users and clients, but it's quite amazing to me that no one at Public Mobile would be able to override this at all. This happened either because there was a system malfunction/error, or a malicious person attempted to SIM swap me. In any case, I'm left in awe at how an attacker or a system bug has the upper hand compared to Public Mobile system admins.

 

Is there really nothing else to do besides wait 30 days in order to merely attempt to solve the issue? This is getting quite compicated.

Pigma
Good Citizen / Bon Citoyen

@darlicious wrote:

@Pigma 

I'm trying to get you some better support. Keep an eye on your private messages. Hopefully this will happen quickly for you.


Will do. Thank you kindly.

Pigma
Good Citizen / Bon Citoyen

@darlicious wrote:

@Pigma 

WHAT?!! This is unacceptable customer support you are recieving and you never should have been sent to a kiosk for this issue. @Catherine_T or @Alan_K  should get on top of why you are recieving this kind of customer support. I suggest you open a new service request and get a more senior member of the moderator team to handle your issue.

 

@Oana_S 

Can you step in and help this customer?


 

I can't thank you enough for your help. Much appreciated. 😃

@Pigma 

I'm trying to get you some better support. Keep an eye on your private messages. Hopefully this will happen quickly for you.

@Pigma 

WHAT?!! This is unacceptable customer support you are recieving and you never should have been sent to a kiosk for this issue. @Catherine_T or @Alan_K  should get on top of why you are recieving this kind of customer support. I suggest you open a new service request and get a more senior member of the moderator team to handle your issue.

 

@Oana_S 

Can you step in and help this customer?

Pigma
Good Citizen / Bon Citoyen

Update on the situation

 

I was advised by an account manager to go to one of two store locations in my city. I did, and was sadly greeted by this: IMG_20201030_152431-min.jpg

 

This was the same for both locations. This was a 100km round trip as one location was in the west of the city, and the other at the far eastern side.

 

I was just told by an admin working on my situation that my old, legitimate phone number was now unavailable and that we couldn't do anything. This honestly leaves me quite confused. An admin has stated that they are now working on the issue again. Thank you.

Turns out I need to contact you guys in 30 days to attempt to fix this since your system only allows one number change per billing cycle.

 

From my understanding, if I stop paying my account, my number is held in limbo for 90 days (as expressed by the self-serve account). I tried calling said number and it is indeed "deactivated". How is it that there's nothing that we can do to fix this? Where is this number and why was it switched at all? I understand that this might be an SIM attack, but are we now letting the bad parties get away with this? And if that's the case, why is there nothing that can be done? It seems odd to me that some person could maliciously make this happen, but that the people managing and serving us can't.

 

I comprehend that Public Mobile operates on a community-based customer support, but is there no exceptions to be made to escalate such a situation higher? Perhaps someone could contact me directly?

 

This is very frustrating.

@Pigma if you've already spoken to them, then don't worry too much. your number is most likely out of commission at the moment. mods are probably looking into the issue

Pigma
Good Citizen / Bon Citoyen

I understand that things take their appropriate time and that not all things can be fixed in an instant. It's just that we were doing a back and forth and it suddenly dropped and stopped.

 

I'm just worried about my original phone number being in the wrong hands considering how so many things are tied to it when it comes to banking, business and all that. My colleagues and customers aren't able to communicate with me for the time being either.

 

I'll patiently wait for a response from the team.

@Pigma 

How did they leave it (the issue) did they say we're working on it or something to that effect? 

 

Sometimes a service request will be passed over to the next shift which may or may not be in the same office, city or country.

 

Other times it may get passed to the tech team to work on and the same moderator will work exclusively on resolving your issue.

 

Do you feel as though it's not being treated as urgent enough? With any interaction you have with the moderators at the end you can ask for a review link to rate your customer support.

Pigma
Good Citizen / Bon Citoyen

Thank you for your quick response.

Jb456
Mayor / Maire

@Pigma 

 

From help article link.

 

https://www.publicmobile.ca/en/on/get-help/articles/get-support#:~:text=During%20peak%20periods%2C%2....

 

When Are Moderators Available And How Long Till I Get A Response?

 

During business hours, we strive to answer customer messages swiftly. You will often get an answer within an hour. During peak periods, you may need to wait up to 48 hours.

 

Moderators are available:

 

Monday to Friday from 8 AM to midnight Eastern time.

 

Saturday and Sunday from 8 AM to 10 PM Eastern time.

Pigma
Good Citizen / Bon Citoyen

Does anyone know if there are any operating hours from moderator support? My situation was suddenly cut off yesterday around 8:30pm flat and mods have been unresponsive since.

 

I understand this is "community run", but I would just like to plan accordingly for my situation, considering that time is crucial.

 

Thank you.

@geopublic 

All your recommendations have been implemented I only suggested the name change because the name and account number were accessible when the SIM swap occurred. Just in case.

Pigma
Good Citizen / Bon Citoyen

Will do!

 

Thanks for the recommendation!

@Pigma 

When you get the moderators to change your email address if you want to match your community profile and recieve any possible community rewards you will have to create a new community profile with the new email address and contact the moderators from that profile and change your self serve email that way.

 

If you have only changed your sim card and password in your account you are still vulnerable to a fraudulent port since access to your account was compromised the fraudsters have had access to your name and account #. Go into your account and change your name. Clark Kent, Betty Grable anything this way any port request will fail if they don't know the name on the account.

Pigma
Good Citizen / Bon Citoyen

Thank you for your reply.

 

Lorren is currently helping me out promptly and it appears she might get my number back. This would require much less damage control - essentially none.

 

Thank you all for your help. I'll keep you posted for future reference.

geopublic
Mayor / Maire

@Pigma  The name on your selfserve account is insignificant and not worth worrying about.

 

Change the password on your selfserve account immediately and use a strong password.

 

Secure your Gmail account because it may have also been compromised.

 

Call your bank, cc company and freeze your accounts.

 

Secure all your other online accounts and use an authenticator app when possible.

 

Good luck.

Pigma
Good Citizen / Bon Citoyen

Done!

Thank you.

RosieR
Mayor / Maire

@Pigma sorry to hear this had happened to you.  The stores cannot help you as they don't have access to your account.  Follow the suggestions already given by @gpixel and @esjliv  and contact the moderators to fix it for you.  I hope it's not too late to get back your old phone number.  Take care and good luck!  

@Pigma mods will help you with your phone number. for the future reference, don't register your personal email. use a burner account. ask mods to change your email for you. anyways you can opt out of the 2 step verification

 

  • go to Gmail click on your profile picture
  • click manage your Google account
  • look under the security tab and you should find the options "use your phone number to sign in" and "2 step verification" turn them both off


@Pigma wrote:

I can still login to the self-serve account and have changed my password everywhere.

However, my Gmail uses my phone number as 2FA but also has Google Auth as a backup for events like these.

 

The last 4 digits for the SIM card in the Self-Serve now match the SIM cards I just purchase moments ago, but when verifying beforehand, it didn't, indicating to me that I was indeed being SIM swapped attacked.


@Pigma ,

 

Make sure to change your security questions, if you have any as well.

Let the moderators know about this, though the link @gpixel provided.

 

I hope you stopped the fraudsters in their tracks!

Pigma
Good Citizen / Bon Citoyen

I can still login to the self-serve account and have changed my password everywhere.

However, my Gmail uses my phone number as 2FA but also has Google Auth as a backup for events like these.

 

The last 4 digits for the SIM card in the Self-Serve now match the SIM cards I just purchase moments ago, but when verifying beforehand, it didn't, indicating to me that I was indeed being SIM swapped attacked.

esjliv
Mayor / Maire

Hello @Pigma ,

 

So sorry, this does not sound good.

 

Can you still log into your SELF SERVE account?

When you check your SELF SERVE account does your the 4 digits listed there match the last four digits of your SIM in your phone?

You can find this under "Change Sim Card" on your Overview account:

esjliv_0-1596590590569.png

 

If the numbers are different, let the moderators know this, and start changing your passwords with PM accounts, banking, etc.

Pigma
Good Citizen / Bon Citoyen

Thank you for your swift response!  😃

Need Help? Let's chat.