Community

pavellyzhin · ‎03-27-2019

Just before my working day was over I started receiving emails from paypal indicating there were changes completed to my account and new charges/payments to my account. I tried to recover paypal account to found out my phone suddently stopped working - no calls or messages, emergency calls only.

After a few hours dealing with my credit card provider and Paypal, I realized I could see call and messages throught my PM account, these calls and messages I did not make. My phone was always (!) with me and it worked this morning.

So, I blocked services as "Lost/Stole Phone". When I pressed a button "Change SIM Card" I noticed it has last 4 numbers which are completely different from a SIM card number in my phone.

How did it happend and what shall I do?

Did anybody have the same experience?

I could not even imagine it is possible to steal your phone number and use it to make purchases with PalPal!

Pizzaeh · ‎04-05-2019

@stonechucker Agree with some of what you're saying.

I know that the moderators and their Fraud/Systems team have access to everything that's occurred. That's clear. I also understand that the reason it may be taking so long to inform the customers is not because of what the moderators can/can't do - they're only allowed to do what they're mangers/team leaders are allowing them to do. This is what I have a problem with.

You say that the customers can purchase a new SIM card, switch it in Self-Serve and continue on. I completely disagree with you on that point. The customer should wait until they have been informed by Public Mobile that it is safe to do so. Other customers telling the affected customers to go ahead and switch the SIM card, without knowing the details of how it occurred, is incorrect, in my opinion and is just asking for trouble. We can agree to disagree.

pavellyzhin · ‎04-05-2019

@stonechucker wrote:
There should be a record of the changes in the back end which the tech team can work on without further interruption to the subscriber.

How long will it take to check records? 10days? Months? Years? Is a tech team on vacation or it does not exist?

@stonechucker wrote:
As this new card is now holding the number, the best and most efficient to get the phone number working again is to reassign a new SIM now via self-serve after changing the login credentials.

Just for you information, if it was safe to do it I expect PM to tell me about it. But they did not. With an excess to cellphone and your name somebody could create personall hell with draining your bank accounts, going in debt, messing facebook, emails, etc. Do you want to put at risk everything by doing just "best and more efficient to get the phone working again is to reassign a new SIM "? I don't think so!

stonechucker · ‎04-05-2019

@pavellyzhin, in the number of days you've been waiting you could have ordered a new SIM, or even travelled the 120 km to get a new one. I'm sorry it's inconvenient for you, but now that you've said this, buy 2 or more, so that you have a backup.

geopublic · ‎04-05-2019

My recommendation to the OP is to keep your Public Mobile account active and arrange to switch your SIM as soon as possible.

The reason you need to take back your phone number is so that you can be in a better position to monitor what is going on if this in fact is a case of identity theft.

For example if these people were trying to open up new accounts or trying to setup 2 step authentication with other sites your would be able to take action before things get ugly.

Better safe that sorry!!

Edit: Not sure why my previous replies were not getting posted. Glad this one got through.

geopublic · ‎04-05-2019

@pavellyzhin wrote:
There are a couple issues with just a replacement of a SIM card.

First of all, not all of us live in a big cities and the closest place for me where I could get a new SIM is 120 km away from me.

Secondly, if the solution is just a replacement of SIM card I expect PM to mail me a new card or at least to tell me to go and buy a new one.

And a last one, but more important problem is that it was not me who created these problems by not securing a password. It looks like this is an internal PM security issue. If it was so easy for somebody to change sim card they could do it again and again. PM did not inform me it is safe now to change SIM.

@geopublic wrote:
First of all I can understand your frustration and you have every right to feel upset, having to wait 10 days without a resolution is totally unaccepetable.

My question after reading the entire post is since you still had access to your account via selfserve why didn't just purchase a new SIM and replace the hacked one ro regain access to your phone until PM completed their investigation

My recommendation to you is to keep your Public Mobile account active and arrange to switch your SIM as soon as possible.

The reason you need to take back your phone number is so that you can be in a better position to monitor what is going on if this in fact is a case of identity theft.

For example if these people were trying to open up new accounts or trying to setup 2 step authentication with other sites your would be able to take action before things get ugly.

Better safe that sorry!!

stonechucker · ‎04-05-2019

@Pizzaeh,

I have to disagree with you. The moderators can do the back end stuff with the tech team without having to have the subscriber waiting multiple days to have their service restored.

The OP has his/her original SIM and has verified that it no longer matches what is in the Self-Serve account. This means the change has happened by a process that is either behind the scene and somehow inserted a different SIM number, or someone has access the login credentials and has changed the SIM number to a new card.

As this new card is now holding the number, the best and most efficient to get the phone number working again is to reassign a new SIM now via self-serve after changing the login credentials.

There should be a record of the changes in the back end which the tech team can work on without further interruption to the subscriber.

pavellyzhin · ‎04-05-2019

There are a couple issues with just a replacement of a SIM card.

First of all, not all of us live in a big cities and the closest place for me where I could get a new SIM is 120 km away from me.

Secondly, if the solution is just a replacement of SIM card I expect PM to mail me a new card or at least to tell me to go and buy a new one.

And a last one, but more important problem is that it was not me who created these problems by not securing a password. It looks like this is an internal PM security issue. If it was so easy for somebody to change sim card they could do it again and again. PM did not inform me it is safe now to change SIM.

@geopublic wrote:

First of all I can understand your frustration and you have every right to feel upset, having to wait 10 days without a resolution is totally unaccepetable.

My question after reading the entire post is since you still had access to your account via selfserve why didn't just purchase a new SIM and replace the hacked one ro regain access to your phone until PM completed their investigation

geopublic · ‎04-05-2019

@geopublic wrote:
@pavellyzhin wrote:
Day 10 (April 5). - No changes. Seriously? 10 (ten!!!!) days without a phone!
I starting to believe there is no such a thing as a fraud department in Public Mobile and mods are just waiting until I fed up and quit.

Ok, my plan renewal is in 2 days. It looks like I have no choice as to leave PM and its a great solution of this problem!

I got Rogers SIM card and its working good!
First of all I can understand your frustration and you have every right to feel upset, having to wait 10 days without a resolution is totally unaccepetable.

My question after reading the entire post is since you still had access to your account via selfserve why didn't just purchase a new SIM and replace the hacked one ro regain access to your phone until PM completed their investigation?

@pavellyzhin, if you are still monitoring this post my recommendation to you is to keep your Public Mobile account active and arrange to switch your SIM as soon as possible.

The reason you need to take back your phone number is so that you can be in a better position to monitor what is going on if this in fact is a case of identity theft.

For example if these people were trying to open up new accounts or trying to setup 2 step authentication with other sites your would be able to take action before things get ugly.

Better safe that sorry!!

geopublic · ‎04-05-2019

@geopublic wrote:
@pavellyzhin wrote:
Day 10 (April 5). - No changes. Seriously? 10 (ten!!!!) days without a phone!
I starting to believe there is no such a thing as a fraud department in Public Mobile and mods are just waiting until I fed up and quit.

Ok, my plan renewal is in 2 days. It looks like I have no choice as to leave PM and its a great solution of this problem!

I got Rogers SIM card and its working good!
First of all I can understand your frustration and you have every right to feel upset, having to wait 10 days without a resolution is totally unaccepetable.

My question after reading the entire post is since you still had access to your account via selfserve why didn't just purchase a new SIM and replace the hacked one ro regain access to your phone until PM completed their investigation?

@pavellyzhinif you're still accessing this forum my recommendation is to keep your Public Mobile account active by replacing your SIM and regaining access to your phone ASAP.

The reason I say this is because if there is identity theft going on here by re-gaining access to your phone you will get a better uderstanding of what they were up to by monitoring incomming messages on your phone.

For example they were trying to open up new accounts, setting up two step authentication etc .....

Hopefully that is not the case but if I were you I would be planning for the worse case scenario.

Hope this helps and good luck.

Pizzaeh · ‎04-05-2019

With all due respect, other customers shouldn't have to explain to the OP (or other affected customers) what to do in terms of getting their service back up and running in cases of being hacked/cloned SIM cards. That's the job of Public Mobile. I'm not faulting any individual moderators; this is the system they have to deal with. Instead, there should be a process in place on how to handle incidences like this.

I get it, these things take time to investigate, and from the company's point of view they may not want to divulge every detail due to ongoing security/privacy/legal concerns. However, in the meantime please give some direction to the customers that are affected. We all know that getting a new SIM card and changing it in self-serve can be done, but is it safe to use the same number? That is what Public Mobile needs to inform the customers about within a few days of being notified, not after 10 days.

stonechucker · ‎04-05-2019

Yes, I agree - @pavellyzhin, as others have already mentioned, get a new SIM at local retail, and replace the SIM registered in SelfServe.

This will get your phone number back in your control, and make sure you have removed the lost/stolen block. I believe you have already changed your password for SelfServe, but if you haven't, do that first.

Dogbert · ‎04-05-2019

It's more likely that someone has discovered the password to your online PM login.

Activated a new SIM for another phone, but kept your phone number.

That's why you couldn't make any calls using the phone in your pocket, as the SIM was deactivated upon activation of a new one.

geopublic · ‎04-05-2019

@pavellyzhin wrote:
Day 10 (April 5). - No changes. Seriously? 10 (ten!!!!) days without a phone!
I starting to believe there is no such a thing as a fraud department in Public Mobile and mods are just waiting until I fed up and quit.

Ok, my plan renewal is in 2 days. It looks like I have no choice as to leave PM and its a great solution of this problem!

I got Rogers SIM card and its working good!

First of all I can understand your frustration and you have every right to feel upset, having to wait 10 days without a resolution is totally unaccepetable.

My question after reading the entire post is since you still had access to your account via selfserve why didn't just purchase a new SIM and replace the hacked one ro regain access to your phone until PM completed their investigation?

pavellyzhin · ‎04-05-2019

Day 10 (April 5). - No changes. Seriously? 10 (ten!!!!) days without a phone!

I starting to believe there is no such a thing as a fraud department in Public Mobile and mods are just waiting until I fed up and quit.

Ok, my plan renewal is in 2 days. It looks like I have no choice as to leave PM and its a great solution of this problem!

I got Rogers SIM card and its working good!

pavellyzhin · ‎04-02-2019

Day 7 (April 2) - no changes.

Now I am without a phone for a full week.

Its difficult to stay patient when you rely on your phone too much these days.

@Mary_M wrote:
Hey @pavellyzhin,

thank you for your patience!

Our team is still looking into this - please stay in touch with the current mod assisting you Rest assured that we will get to the root of the issue.

Regards,

Mary

Mary_M · ‎04-02-2019

Hey @pavellyzhin,

thank you for your patience!

Our team is still looking into this - please stay in touch with the current mod assisting you Rest assured that we will get to the root of the issue.

Regards,

Mary

** Please do not post private info such as: phone number, account number, pin etc.. This is a public forum. **

pavellyzhin · ‎04-01-2019

Update:

Day 6 (April 1). Nobody from PM contacted me. Sent a message to a previous Moderator reminding about 24 hours period which ended 24 hours ago 🙂

pavellyzhin · ‎04-01-2019

I had access to my account with an old password that is why I was able to put a Lost Phone status.

It will be extremely stupid for hackers to get acces to my account, change SIM card but leave the old password where I could block all the hard work they did before?

I do not have an access to a history of activity with my account. And because of it I cant say if the sim card was changed with the use of my account or it was done other ways, inside a PM.

@LovesToPM wrote:
@pavellyzhin Sorry to hear about this incident. I hope Public Mobile can help resolve some parts of this mystery.

In any case, for full resolution, you may have to do some detective work yourself.
Reading these tips may provide more information or insight:
https://www.wikihow.com/Prevent-Hacking

Sometimes through no fault of our own, we just happen to be at the wrong place at the the wrong time.

Here are some important questions to ask:
When your SIM was already changed by the hacker, were you still able to logon your Public Mobile account using the same usual password?
How long have you had that password?
Do you use the same password or similar one on any other account(s)?
When and on which devices have you used to access your Public Mobile account?

I hope we can identify the issue to prevent it from happening again.

LovesToPM · ‎04-01-2019

@pavellyzhin Sorry to hear about this incident. I hope Public Mobile can help resolve some parts of this mystery.

In any case, for full resolution, you may have to do some detective work yourself.

Reading these tips may provide more information or insight:
https://www.wikihow.com/Prevent-Hacking

Sometimes through no fault of our own, we just happen to be at the wrong place at the the wrong time.

Here are some important questions to ask:

When your SIM was already changed by the hacker, were you still able to logon your Public Mobile account using the same usual password?

How long have you had that password?
Do you use the same password or similar one on any other account(s)?

When and on which devices have you used to access your Public Mobile account?

I hope we can identify the issue to prevent it from happening again.

pavellyzhin · ‎04-01-2019

I answered in the similar thread. OP there had identical issue last week.

As for me, I dont connect to open wifi, there is no needs for me to use open wifi. My route from home to office is 5 minutes and I have data to cover weekends if I am not at home. So, the problem was not with open WiFi access.

@kselmak wrote:
I'm hopping this works out
Thanks for keeping the community posted. im personally on the edge of my seat with this thread
I was wandering do you connect to open WiFi often or automatically? I know someone who will never connect their phone to somebody's network claiming all the communication can be intercepted. I always thought that was a bit too paranoid. He was network admin at some point and since I read this i think about him and I'm thinking he may be right.

kselmak · ‎04-01-2019

I'm hopping this works out

Thanks for keeping the community posted. im personally on the edge of my seat with this thread

I was wandering do you connect to open WiFi often or automatically? I know someone who will never connect their phone to somebody's network claiming all the communication can be intercepted. I always thought that was a bit too paranoid. He was network admin at some point and since I read this i think about him and I'm thinking he may be right.

pavellyzhin · ‎03-31-2019

Update:

Day one (March 27). I canceled my credit card and the bank reversed all charges. Left a message to Public mobile moderator. Tried to contact PayPal.

Day two. I was contacted by PM moderator for addition information. Was promised that fraud team would contact me in the next 48 hours.

Day three. Paypal still shows unauthorised transactions under pending status. Increadibly difficult to deal with them in this case if you have no phone to make a call. Nobody contacted me from Public mobile.

Day four. Nobody contacted me from Public mobile.

Day five (March 31). Still without phone. Nobody from Public mobile contacted me. Missed a few very important calls this weekend. Thinking about switching a provider.

This was the end of episode 2 of a season 1.

Omarh · ‎03-27-2019

@pavellyzhin I believe you have been hacked using a malware on either your cell phone or laptop. I highly recommend you change all other important passwords such as bank accounts, etc.. from a different known healthy device other than yours.

Make sure to check your devices for viruses and malwares

Best of Luck

Pizzaeh · ‎03-27-2019

@pavellyzhin wrote:
I just realized maybe somebody just ported my number to another provider? Is it possible to do it without me? Then I will have problems! try to recover your bank account without a phone number!

Maybe, but isn't your number still with Public Mobile? So they essentially move the number to a new SIM card, from the looks of it. We may not hear what actually transpired due to privacy issues and or security concerns. When a weakness is found, companies don't want to talk about it, for fear of it continuing to be exploited. They would rather fix it quitely. All, just my random thoughts on it.

popping · ‎03-27-2019

@pavellyzhin wrote:
I just realized maybe somebody just ported my number to another provider? Is it possible to do it without me? Then I will have problems! try to recover your bank account without a phone number!

Yes. It is possible. But you account will be closed as soon as your PM number was ported out from PM. SInce you can still login to your account, you account still at PM.

pavellyzhin · ‎03-27-2019

I just realized maybe somebody just ported my number to another provider? Is it possible to do it without me? Then I will have problems! try to recover your bank account without a phone number!

pavellyzhin · ‎03-27-2019

@srlawren wrote:
@pavellyzhin when you say the SIM card # in your self-serve account was different, it sounds like someone may have guessed your self-serve account password and swapped your SIM card out for their own. You may want to immediately change your self-serve password; use something strong and unique.

It would really difficult to try to guess my password. its not birthday dates or "qwerty" or 1111. I did not noticed any change to any personal information. And the password was old. If these gues are so smart they will definitely change a password 🙂 . In any case, I did it too.

Pizzaeh · ‎03-27-2019

@pavellyzhin what I'm reading about SIM spoofing is they contact the carrier and convince them to move the number by activating a new SIM card. So your number would no longer work with the SIM in your phone. I think that's what happened here based on your description. However, in Public Mobile's case, we can change our SIM's through our self-serve account. Sooooo, the question is did it occur via the self-serve account, or did they contact the moderators and do it that way? I'm leaning towards the self-serve account being hacked, but then again, the weakness in most systems is the human. WOW!!! I gotta have a drink!

srlawren · ‎03-27-2019

@pavellyzhin when you say the SIM card # in your self-serve account was different, it sounds like someone may have guessed your self-serve account password and swapped your SIM card out for their own. You may want to immediately change your self-serve password; use something strong and unique.

>>> ALERT: I am not a moderator. For account or activation assistance, please click here.

pavellyzhin · ‎03-27-2019

I dont use cellphone a lot. I am from the old school - phone to make calls. But yes, I decided to run an antivirus - nothing was found.

@Tony8 wrote:
Sorry to hear about your problem. Could you have Malware (a virus) on your phone?
Malware can be included with apps installed on your phone.

Community

Fraud or cloned SIM?