Community

zallan · ‎07-22-2025

My bank has informed me that someone used SMS authentication to make changes to my account and I never received the SMSs. The SMS was sent Saturday July 19th around 1PM. I did receive SMSs after that time, and still can. After doing a little digging, I found this:

https://www.vice.com/en/article/hacker-got-my-texts-16-dollars-sakari-netnumber/

Which is probably a long shot, but thought I would provide it.

Thanks in advance for any assistance you can provide!

zallan · ‎07-22-2025

Sorry, I should have provided more info about the exploit. What actually happened was that someone added my debit card to a rogue iPhone Wallet, and was able to (apparently) somehow approve this over SMS. My bank did flag it as suspicious, and locked the account, thankfully.

I did not receive the SMS message to auth the change. I received SMS before and after. If you look at the article I linked there was an exploit in the US that specifically . I know Canadian telcos use a different number assignment/control system, so not sure if this is a new thing here, or if I am chasing a ghost.

Thanks for your response!

zallan · ‎07-22-2025

Thanks for taking the time to respond.

I have some experience with infosec, so not my first rodeo. I have never personally had any issues like this, but have helped many people with similar situations. I was posting to see if anyone had a similar issue in the past. It is a strange one. Hopefully it is not an issue with Public, and I am not insinuating it is. Wanted to see if anyone had a similar experience.

Thanks again!

zallan · ‎07-22-2025

Yeah, everything works.

I am pretty familiar with SIM swapping. This seems like some sort of more sophisticated attack, or I am chasing a ghost. Thought I would post to see if anyone else has had similar issues. Thanks for taking the time to respond!

slusagm · ‎07-22-2025

Your sim card and phone still work? There used to be som fraud which people can take over the account and changed your sim card on the account and request SMS for 2FA codes. That's why 2fa sms is never a recommended way anymore. Authenticator app or security key is slightly safer

If you think your accounts were compromised, start changing password, include the PM login, banks and email. You might even want to replace your current sim card

Rastin · ‎07-22-2025

Identify theft is a pain to deal with. I would recommend changing all passwords to everything that you have bank, email being the most important. Delete any account your not using. Like old emails, apps on your phone basically anything you ever logged into your whole life and change password or delete the account. They got your info somewhere and it's probably from something you have forgotten about years ago. One of the best things you can do is change your number. Linus tech tips did a show on how easy it is to hack 3g and steal texts and calls

Meow · ‎07-22-2025

It looks like somebody has stolen your identity.

In order to log in to a Bank somebody has to know your account number or log in ID AND password. In some cases Bank will send SMS or call number on file and provide a code to complete log in.
From what you said it looks like somebody got hold on your banking log in credential and somehow managed to receive SMS on his/her mobile phone.

Change your Bank password right away! Consider changing your mobile number, too.

Community

Bank told me SMS auth was used to approve changes to my account: SMS never received!