Forum Discussion
Fraudulent activity by a TMobile employee switching my SIM # to a new device to steal funds
Hola,
Sorry for the long post to follow.
Here is what happened to me recently. On Sunday 1/19/2020 around 2:30pm, I noticed that I lost T-Mobile network connection. Everybody around me, including those with T-Mobile network were fine, with 4-5 signal bars. I assumed it was a phone/setting issue, rebooted the phone, reset the network setting, but nothing. Removing the SIM and re-entering did nothing either. I decided to turn off my phone for a little bit then an hour later, when I turned it on, I still had the same issue, WIFI was working though. I decided to try my friend's SIM to see if it was a phone issue or SIM and network connection came back so it was a SIM issue. I decided to call TMobile with my friend's phone that evening and they were able to reactivate my phone. I asked them what happened and they said that they were not sure, most likely a glitch.
Fast forward to Tuesday morning 1/21/2020 at 4am (I wake up early), I checked my bank account and see that there was a unauthorized transfer from my bank to my coinbase (a site where you trade cryptocurrency). I immediately tried to logon to coinbase but my logon and pw were not working. I set up a 2steps verification for coinbase where you also need to receive a text to your phone and enter the code before you can successfully login to the site.
It was at that point that I realized what happened. Someone had taken over my SIM that Sunday so that they could receive the text verification. After I called my bank to dispute the charge, after I called coinbase to lock my account, I started to do some research online which confirmed that the SIM hacking was a real thing but they said that someone would have to call the phone company and impersonate me, and know my 6 digit password in order to make any change to the account. I immediately called Tmobile to find out if that was the case. The rep told me that she only saw my calls requesting to reactivate my phone and that no one else called. She then said that there was only a "Follow-up" showing on my account that day. I asked what a "Follow-up" was and she said it was when the customer opens a case and that a rep goes back into the account later to follow-up. It was at that point that she realized that the rep switch my SIM to another device. She immediately raised the issue of fraud, asked me to hold then went to talk to a supervisor. She came back saying that a fraud case has been opened and that they will investigate. As for me, I had nothing to worry about and that they added some extra protection on my account so that it never happens again. But that that was it and I would have to deal with the banks to get my money back.
I spend the rest of the day checking my credit, changing all my passwords, adding a red flag to my 3 credit reports, then this morning, found out that another $2500 has been transferred out of one of my account. The banks were fine to deal with and said they will dispute the charges but I have to wait for the inquiry and a determination will be made after. On the other hand, the crypto website coinbase, told me that I was on my own and that they only insured the lost money if their entire site was hacked and said that I should have protected my account better.
I called TMobile right after to inquire if they had a fraud team or legal team I could talk to but the only thing I received was the following address: Tmobile wireless legal department
12920 South East 38 street
Bellevue Washington 98006
It has been a nightmare for the last 2 days, the level of stress is out of control and all I get from T-Mobile is a sorry but that’s all we can do.
So the question is, isn’t T-Mobile responsible for this given that it was an employee who did this?
Note: I am assuming only an employee would have access to their system unless their whole system got hacked and that would be a bigger issue…
I only know it was someone with access to the Tmobile system because the rep on the phone told me.
But even if it was someone impersonating me without my 6 digit code (unique password that I use for TMobile by the way, not written down anywhere and that nobody knows), how would they be able to request to move my SIM info to a new device without a misstep from someone given that they don’t have the password to the account?
Sorry for the long post. Hopefully someone from Tmobile will read this and can provide me assistance.
Gracias,
Khoi
Note: If your phone suddenly loses cellular network and everybody around you on the same network are fine, remember to call your cell phone provided immediately to avoid what happened to me.
Gosh, that's a nightmare of a situation especially considering you may not be able to get those funds back from coinbase. I know that with every day passing you need more answers. Unfortunately, this is a situation that only our fraud team can handle. I hate to repeat the same info you've been given multiple times, but we have to allow the fraud department to research what exactly happened which will determine the outcome.
- NicF999Newbie Caller
aznfrenchboyca wrote:
Actualización:
I also posted on the Tmobile facebook page and received a response. I responded as well (edited to remove the rep last name. Not sure if he would want me to post his name).
TMobile rep:
"Hello. Thanks for reaching out to T-Force. You depend on your cellphone to stay connected to all that is important to you. At T-Mobile we take account security and privacy very seriously. You did all the right things by contacting your bank, credit agencies, and us to let tell us what happened. When this type of thing happens with a T-Mobile account there are a number of possibilities or causes. The good thing is that a fraud case has been opened with your account. Our fraud team will be able to investigate the changes made on your account to determine exactly what happened and take the necessary steps for anyone involved. We're not able to discuss the exact details like names or locations found on the account as it's an internal process. Our fraud team will contact you if they need any additional information directly. From here you'll want to continue working with your bank and other accounts to get things back to normal and keep them secured. If you would like to speak with someone in our fraud team or have more questions I would encourage you to send a written response to the address you were given. Be sure to include your full name, phone number and any relevant account details so they can respond correctly. Here in T-Force we're your total one stop shop for all things Magenta. We have access to the same information and details as our Customer Care team does, but you can work with us at your own pace instead of having to be on the phone. Give me a holler if you have any other questions we can assist with. T-Force is always standing by! "
Me:
"The problem is Nathan is I barely slept for the last 2 days, my coinbase asset are most likely gone since they are not insured. All I got from tmobile was what you just said. "Sorry and work with your bank".Given that it was an internal issue and that my account was compromised because of tmobile, I would hope that tmobile would step up and help me retrieve the funds that I lost."
TMobile rep:
"I completely understand where you're coming from. These types of situations can take up a lot of your time getting everything straightened out. T-Mobile does everything possible to keep your account and connection secured. We also recommend setting up 2-step authentication with your account and using a strong My T-Mobile password that is different from any of your other accounts. I hear you that this has caused stress and caused you to lose money from your bank accounts. I'm truly sorry that this happened and I hope that none of our customers have to go through this. To be transparent, T-Mobile would not be able to help you retrieve or replace the funds that were lost. We can only recommend that you continue working with your bank to file this as a fraud claim and have them investigate. If you have any additional questions or concerns about your fraud case I would strongly encourage you to make a submission in writing to the fraud address you were provided. They will be better able to explain any details and provide you guidance on next steps or information."
I am just hoping to read some opinion/advice because I really don't know what else to do at this point.
I understand your frustration with the whole crypto shiz. I have a rather large portfolio with both Coinbase and my Cashapp balance. Here is what I do since I am paranoid. 1) You need to just accept the Crypto loss (trust me I know, I've been there. It's hard but there's virtually nothing anyone can do since Crypto is not FDIC Insured.) accept the loss, and 2) Get a 2nd Line and phone. This is what I did, I bought 2 iPhone 12 Pro Max's that were identical! I set up the accounts where I keep my Crypto and extra cash up on my main phone, and on the 2nd, I set up 2FA (2Factor Authentication) on the secondary phone. Yes it costs more, but it was well worth the added protection. I ALSO 3) WOULD PIN LOCK YOUR SIM, that's another safeguard I did, so if SOMEONE should steal my sim, once inserted they'd have to unlock the actual sim to use it. 4) I also use google Authenticator for both apps, meaning I have 4FA essentially. You MUST safeguard you uninsured Crypto like that. One other thing I was thinking of getting once my Crypto Wallet hits a certain threshold is I'm looking to purchase the Ledger Nano X. It's an external "Thumbdrive" with its OWN Authentication safeguards. So if someone steals it you can track em and they won't even know nor be able to even see what on the Drive 😂 hope this helps.. and I'm sincerely sorry for that Loss of yours.
- ashg2000Roaming Rookie
I have the same fraud with my mobile phone on Oct 3rd. I received the text from T-Mobile that my phone SIM has been assigned to a different phone. This compromised the two factor authentication I have set on emails, Venmo, Robinhood and all financial accounts. Since hacker had control of my phone, they were able to change passwords and start financial transactions and transfers on various accounts. Luckily I saw this on time and was able to reverse and get SIM assigned back to me. This seems to be an insider in TMobile job otherwise how does SIM get transferred without approval though it needs PIN and text to Mobile phone to make any changes. This is terrible. I have written to Federal Communications Commission, for investigation in TMobile practices. This is a broader issue at TMobile.
- CliffxNewbie Caller
This happened to me a month ago, T-Mobile said it could of been a mistake. Then happened 2 days ago. IT seems everyone at T-Mobile is incompetent when it comes to security controls to prevent this from happening.. I was assured a "flag" was on my account to prevent this from happening. That was a lie as this happened less than 30 days after the first incident. I'm ready to start legal action and question their compliance whether is is GDPR/PCI-DSS/SOX/GLBA.
If T-Mobile employees are falling to social engineering attacks that results in fraudulent changing of someone's SIM card. T-Mobile is at fault for a lack of policy and training.
- 0sopsys0Newbie Caller
dragon1562 is trying to keep up the discussion, via the link posted below.. There’s several different threads regarding SIM swap attacks.. I feel it’s kind of clear that scammers are either taking advantage of the pandemic or taking the risks because of it.
https://community.t-mobile.com/accounts-services-4/sim-swap-vulnerabilities-2fa-risks-31971
I'm thinking of starting a kind of survey where users could share their experiences and perhaps see if there's a bigger picture or more common denominators. I'm a web developer so form applications and charts are my thing. - AskingquestionsNewbie Caller
Hello others affected,
I have been investigating this exact same issue for over a year. Exact same thing, passwords changes, account PIN number changed, multiple emails from T-Mobile with different phone numbers to call, all in the name of some Magenta Marketing Platform? (Google it) ? I just called in and spoke with a representative about 2 months ago. Thought I secured my account with a new PIN number. Yet when I log into my account, it states my PIN number hasn't been changed in almost 10 months. Monthly stats don't even come close to what my phone states, compared to the amount of texts, data reflected in T-Mobile sure.
Unlike most here I do not have Coinbase nor Crypto currency, however analytics have shown multiple, almost nightly, account/network switches and sure enough Crypto currency transfers / data transmission. I have see it link to household IOT such as my first alert smoke alarm, chamberlain garage door hub, and my vehicle 4G. For the sake of transparency, I think this is a much bigger issue involving/starting when I activated my vehicle online app that connects to my car for remote start, parking location, maintenance and service, etc. I believe they are using random customers SIM. I noticed my text messages went up by over 400%, not a concern for T-Mobile as they investigate and said nothing found out of the ordinary. My bill is a constant 70$/month, I would have never noticed unless I pressed to view the pdf image of the monthly bill. For the past 10 months, my bill is almost comical. It's a text message to numbers, followed my hundreds of short codes, followed by a certain friends number, then hundreds of short codes again. It goes on for 50 to 100 pages monthly. All with zero concern to T-Mobile, I'm the only crazy one I guess, but I thought I'd share my experience from the other side of this possible fraudulent activity.The traces connecting to my home network, IOT, and vehicle all have to do with dealerships and their access to your vehicle 4G remotely. Possibly via the software X-Time? (Google it) They all state a name XXX...Garage. So with everyone having a cellular phone number with a SIM, and a 4G connected vehicle. I can only imagine how much fraud is occurring. I can't deactivate my Vehicle 4G network according to the Dealership.
- Asiabugg28Newbie Caller
This same thing happened to me last night except for Tmobile confirmed to me when I went into the store to get my Sim straightened out that the Sim switch was in fact done by a T-Mobile employee. I am filing a police report with my local PD and will be contacting an attorney to try and get my money back from Tmobile due to their negligent employee. This is terrible. I also have a contact to our local news and since it's in LA it's not a small new station. After I get my attorneys involved I am going to contact the local station so that they can make this known to all. I will be searching for a new company soon. T-Mobile offered NOTHING but to lock up my SIM. Pretty sad. They don't care about us, just our $$.
- Shad_Roaming Rookie
Like so many others the same exact thing happened to me. Tmobile let an unauthorized user who didnt have my device, or my pin, or a valid matching picture ID (all of which Tmobile had on file to use to verify the port request) and still approved the port being requested from 2500 miles away from where I live. Imagine all those red flags and they still let it go through. After the fact they blamed the thief, Coinbase who the thief reset my psswd using device they gave them before converting and transferring all the assets in the account, and even me, and they still do to this day as we sit in arbitration 18 months later.
Researching my case they have known this was an issue for many years, proven by what I mention below, and the fact they have something in their eula specifically about it and crypto. Rather than address it they would prefer to pass the losses on to their customers which is proven by their actions. What modern feat of technology was needed to stop my sim swap? Something that should be right up a phone companies alley, a 2 min phone call to me before approving.
It gets even worse. As you can see in this article
they have had a feature in place that would have protected all their customers that went through this. For the years they have known about this scam, they have had an interal setting called NOPORT. It prevents ports from going through and is only made available to their own internal employees to protect them from this scam.
At first I did tremendous amounts of research into tracking down the thief and providing it to Tmobile. They refused to provide any to me whatsoever, including those of their own internal investigation telling me I would need a court order. It became apparent to me and the detectives involved that pursuing the thief was simply not something Tmobile even tries to do, its all about debt mitigation and you instantly become their opponent instead of both of you pursuing the thief.
Media is finally starting to catch on and I have done two separate interviews for MSNBC and Yahoo finance and after all the dealing with FCC last year they passed legislation that forces companies like this to properly verify identity before a swap.
This forced Tmobile to finally change policy enough to try to contact customer first and eliminate the lone wolf employees involved by making 2 necessary to do one. Again, all that is really needed is to simply call the account holder and ask if he approves the port, it takes 2 minutes and protects your customers from years of stress and financial losses.
If this happens to you take them to arbitration. They will do nothing but lie to you, try to shift blame and intentionally waste as much of your time as possible with multiple legal firms burying you in information requests then refusing to do anything once they get them. Transferring accounts like that is gross negligence and they can not hide behind an EULA to shield them from this negligence.
- aznfrenchboycaRoaming Rookie
Hola K-T,
Sorry it happened to you too. I tracked the IP down and mine was from Toronto Canada. I'm sure they used a VPN to reroute and hide their IP though. The case is still open with my bank. They temporarily credited my account the $2500 I lost but have not made a final determination yet. As for the money I lost from coinbase, coinbase told me I was out of luck, that they did not get hacked so the money would not be insured. I hope you didn't lose too much from coinbase.
I spoke to some FBI cybercrime office and the guy told me straight forward that nobody would do anything unless I lost thousands of dollars.
Luckily I kept most of my crypot assets elswhere and only lost a few hundreds from coinbase. T-Mobile eventually covered that lost for me.
- Bingbong2021Newbie Caller
Hello, I have somehow stumbled upon this thread after only being affected by the same crime as I read above. Yesterday on 12/21/21 around 4 pm I received a "verification" text about changing my coinbase password AND my T-Mobile password. And I dial the number for T-Mobile customer service my cell service drops. I'm still connected to wifi but my wifi calling was disabled. I turn my phone on and off, then in a panic I realize I've probably just been hacked. I use the wifi to access my online banking only to see that $750 has been transferred to my coinbase account. Now I'm losing my mind and the only thing I think to do is physically go to a T-Mobile store to get my service restored as I have no way of calling anyone for help. The employees were able to get my service on but didn't know what to do to stop the people from hacking me. They did ask if I knew anyone who worked for the phone company or if anyone had access to my SIM card/old sims, all of which the answer is no. I end up closing my checking account, canceling all of my cards and changing my phone number. Today, 12/22/21 I wake up to yet again another text confirming that I changed my T-Mobile password. They're literally trying to do this again! After hours on the phone with T-Mobile "experts" and my bank. When I called T-Mobile today they told me they'd put "extra protection" in place for my account and that now my account would be under investigation for fraud. Not sure why it wasn't under investigation since yesterday. I'm now awaiting a call back from the "higher ups" at T-Mobile. Hopefully my phone will remain in service so I can access the call and not someone else impersonating me. If this issue persists I plan on closing my T-Mobile account and going else where. This has been such a pain to deal with, all while battle what I thought was COVID (I tested negative today!) and trying to prepare for the holiday season. Stay safe everybody. Just know that this scam is far from over or "solved" as the green icon at the top of this thread indicates.
- magentatechieBandwidth Buddy
I'm just throwing this out there but something else to consider is that the e-mail address associated with your T-Mobile account could have been compromised. I encourage everyone to add 2 step authentication to their e-mail account because someone could log in to your e-mail to receive the one time pin that is sent out when performing a SIM update. If you're getting notifications that your password on T-Mobile.com has changed, it could be because of the e-mail address access.
Contenido relacionado
- Hace 2 meses
- Hace 2 años
- Hace 2 años
- Hace 6 meses
- Hace 7 años