FR
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Register now!

Unauthorized SIM Swapping (Koodo prepaid)

Kristowhy
Model Citizen / Citoyen Modèle

‎11-05-2022 04:11 PM

This is a head's up for anyone here who has or knows others with a Koodo prepaid account to be on the lookout for possible unauthorized SIM swapping of their account.

 

So far 3 different Koodo prepaid users have been affected by the SIM swapping attacks which took place just a few days ago.  According to one affected user, an internal investigation has begun.   

 

For more info/details check out this thread:

https://community.koodomobile.com/prepaid-79951/unauthorized-sim-swap-on-koodo-prepaid-7814679

 

PS:   Make sure 2FA (2 factor authentication) is enabled on your PM account in addition to having a strong password. 2FA should also be enabled on the email account (Google, Outlook, etc) used for your PM account as well.

0 Bravos
13 REPLIES 13

Kristowhy
Model Citizen / Citoyen Modèle
In response to gpixel

‎12-06-2022 12:23 PM

After about 4 week from these incidents, Telus/Koodo has finally rolled out 2FA like we have here at PM.  A step in the right direction...yay!

 

What's also interesting is that the Koodo prepaid selfserve site is now identical to that of PM....but with slightly different shading and pics.  

0 Bravos

gpixel
Mayor / Maire
In response to Kristowhy

‎11-23-2022 02:05 AM - edited ‎11-23-2022 08:15 PM

Screenshot_20220915-224026.png

0 Bravos

Kristowhy
Model Citizen / Citoyen Modèle
In response to gpixel

‎11-23-2022 12:08 AM

Sadly this situation seems to be getting worse as the weeks roll by with more victims posting.  One affected user has now moved all his business and lines away from Telus.

 

The recent updates in the thread below are quite alarming!

 

https://community.koodomobile.com/prepaid-79951/unauthorized-sim-swap-on-koodo-prepaid-7814679/index...

 

 

0 Bravos

gpixel
Mayor / Maire

‎11-13-2022 03:33 AM - edited ‎11-13-2022 04:11 AM

I suggest everyone to change their passwords. there could be a new security breach with credentials leaked. the same thing happened back in feb/2020. PM still hasn't said anything, but we were directly affected by it. that is why all these new security features were implemented into PM. the issues the customers are having are very similar to the issues we had here.

 

this could also explain PMs system outage. these dates seem to be very close to eachother...

0 Bravos

Kristowhy
Model Citizen / Citoyen Modèle

‎11-11-2022 02:45 PM

@BKNS27 yeah a few affected users were saying that days ago...it's entirely possible.  

 

@softech yeah fingers crossed!  No matter how much security tech is implemented, the weakest link always involves people.

 

0 Bravos

softech
Oracle
Oracle
In response to Kristowhy

‎11-11-2022 02:35 PM - edited ‎11-11-2022 02:57 PM

thanks @Kristowhy for the update

 

Now, I hope PM and Koodo are using a separate call centres and they will start hiring "smarter" reps

0 Bravos

BKNS27
Mayor / Maire
In response to Kristowhy

‎11-11-2022 02:32 PM

Inside job then

0 Bravos

Kristowhy
Model Citizen / Citoyen Modèle
In response to Kristowhy

‎11-11-2022 02:27 PM

@softech @darlicious 

 

UPDATE: the main thread (in my OP) has been further updated by those involved with some pretty eye opening contents...  😲

 

simswap.jpg

 

0 Bravos

Kristowhy
Model Citizen / Citoyen Modèle

‎11-07-2022 11:48 PM

@softech here are another two victims in another thread.  Yikes!  

 

https://community.koodomobile.com/other-80596/account-hacked-sim-swap-7814829

 

First user their email was hacked.  Second user their SIM was changed without any warning or confirmations.  Both used Newton (crypto) and suffered financial losses.  😐

 

0 Bravos

BKNS27
Mayor / Maire

‎11-06-2022 01:16 AM - edited ‎11-06-2022 01:44 AM

@Kristowhy 

It could have been an inexperienced Koodo operator that didn’t complete the credentials screening.

Good thing PM have a 2FA and online chat and private messaging to screen all credentials before allow access to accounts. Also not under pressure over the phone to allow for SIM swapping.

But nothing is full proof though.

0 Bravos

Community_QA
Model Citizen / Citoyen Modèle
In response to Kristowhy

‎11-06-2022 12:36 AM

@Kristowhy Koodo still has no 2FA?  did Koodo update their Self serve like us?

 

0 Bravos

Kristowhy
Model Citizen / Citoyen Modèle
In response to softech

‎11-05-2022 08:40 PM

@softech wrote:

second time in 3 days, it looks like a targeted attack.. or there are some unsafe apps on the phone?

Hard to say, but what's concerning to me is that two of the users did not receive any emails with the 2FA codes that should be sent out when a SIM card change is done via the online account.  It seems they just received the email notifications that a SIM change was done and nothing else. 😐

 

Koodo/Telus really needs to upgrade the Koodo prepaid selfserve site ASAP with 2FA like we have here with PM.

 

 

softech
Oracle
Oracle

‎11-05-2022 08:20 PM

second time in 3 days, it looks like a targeted attack.. or there are some unsafe apps on the phone?

 

Anyway, better be very safe and be careful 

 

Thanks for the heads up @Kristowhy 

0 Bravos
Copyright © 2024 Khoros, LLC
Need Help? Let's chat.