Fraudulent activity by a TMobile employee switching my SIM # to a new device to steal funds

aznfrenchboyca wrote:

Actualización:

 

I also posted on the Tmobile facebook page and received a response. I responded as well (edited to remove the rep last name. Not sure if he would want me to post his name).

 

TMobile rep:

"Hello. Thanks for reaching out to T-Force. You depend on your cellphone to stay connected to all that is important to you. At T-Mobile we take account security and privacy very seriously. You did all the right things by contacting your bank, credit agencies, and us to let tell us what happened. When this type of thing happens with a T-Mobile account there are a number of possibilities or causes. The good thing is that a fraud case has been opened with your account. Our fraud team will be able to investigate the changes made on your account to determine exactly what happened and take the necessary steps for anyone involved. We're not able to discuss the exact details like names or locations found on the account as it's an internal process. Our fraud team will contact you if they need any additional information directly. From here you'll want to continue working with your bank and other accounts to get things back to normal and keep them secured. If you would like to speak with someone in our fraud team or have more questions I would encourage you to send a written response to the address you were given. Be sure to include your full name, phone number and any relevant account details so they can respond correctly. Here in T-Force we're your total one stop shop for all things Magenta. We have access to the same information and details as our Customer Care team does, but you can work with us at your own pace instead of having to be on the phone. Give me a holler if you have any other questions we can assist with. T-Force is always standing by! "
 

 

Me:

"The problem is Nathan is I barely slept for the last 2 days, my coinbase asset are most likely gone since they are not insured. All I got from tmobile was what you just said. "Sorry and work with your bank".Given that it was an internal issue and that my account was compromised because of tmobile, I would hope that tmobile would step up and help me retrieve the funds that I lost."

 

TMobile rep:

 

"I completely understand where you're coming from. These types of situations can take up a lot of your time getting everything straightened out. T-Mobile does everything possible to keep your account and connection secured. We also recommend setting up 2-step authentication with your account and using a strong My T-Mobile password that is different from any of your other accounts. I hear you that this has caused stress and caused you to lose money from your bank accounts. I'm truly sorry that this happened and I hope that none of our customers have to go through this. To be transparent, T-Mobile would not be able to help you retrieve or replace the funds that were lost. We can only recommend that you continue working with your bank to file this as a fraud claim and have them investigate. If you have any additional questions or concerns about your fraud case I would strongly encourage you to make a submission in writing to the fraud address you were provided. They will be better able to explain any details and provide you guidance on next steps or information."

 

I am just hoping to read some opinion/advice because I really don't know what else to do at this point.

I understand your frustration with the whole crypto shiz. I have a rather large portfolio with both Coinbase and my Cashapp balance. Here is what I do since I am paranoid. 1) You need to just accept the Crypto loss (trust me I know, I've been there. It's hard but there's virtually nothing anyone can do since Crypto is not FDIC Insured.) accept the loss, and 2) Get a 2nd Line and phone. This is what I did, I bought 2 iPhone 12 Pro Max's that were identical! I set up the accounts where I keep my Crypto and extra cash up on my main phone, and on the 2nd, I set up 2FA (2Factor Authentication) on the secondary phone. Yes it costs more, but it was well worth the added protection. I ALSO 3) WOULD PIN LOCK YOUR SIM, that's another safeguard I did, so if SOMEONE should steal my sim, once inserted they'd have to unlock the actual sim to use it. 4) I also use google Authenticator for both apps, meaning I have 4FA essentially. You MUST safeguard you uninsured Crypto like that. One other thing I was thinking of getting once my Crypto Wallet hits a certain threshold is I'm looking to purchase the Ledger Nano X. It's an external "Thumbdrive" with its OWN Authentication safeguards. So if someone steals it you can track em and they won't even know nor be able to even see what on the Drive 😂 hope this helps.. and I'm sincerely sorry for that Loss of yours. 

I have the same fraud with my mobile phone on Oct 3rd.  I received the text from T-Mobile that my phone SIM has been assigned to a different phone.  This compromised the two factor authentication I have set on emails, Venmo, Robinhood and all financial accounts. Since hacker had control of my phone, they were able to change passwords and start financial transactions and transfers on various accounts.  Luckily I saw this on time and was able to reverse and get SIM assigned back to me.  This seems to be an insider in TMobile job otherwise how does SIM get transferred without approval though it needs PIN and text to Mobile phone to make any changes.  This is terrible.  I have written to Federal Communications Commission, for investigation in TMobile practices.  This is a broader issue at TMobile.  

This happened to me a month ago, T-Mobile said it could of been a mistake. Then happened 2 days ago. IT seems everyone at T-Mobile is incompetent when it comes to security controls to prevent this from happening.. I was assured a "flag" was on my account to prevent this from happening. That was a lie as this happened less than 30 days after the first incident. I'm ready to start legal action and question their compliance whether is is GDPR/PCI-DSS/SOX/GLBA. 

If T-Mobile employees are falling to social engineering attacks that results in fraudulent changing of someone's SIM card. T-Mobile is at fault for a lack of policy and training.

dragon1562 is trying to keep up the discussion, via the link posted below.. There’s several different threads regarding SIM swap attacks.. I feel it’s kind of clear that scammers are either taking advantage of the pandemic or taking the risks because of it. 
https://community.t-mobile.com/accounts-services-4/sim-swap-vulnerabilities-2fa-risks-31971

I'm thinking of starting a kind of survey where users could share their experiences and perhaps see if there's a bigger picture or more common denominators. I'm a web developer so form applications and charts are my thing.

Hello others affected, 

I have been investigating this exact same issue for over a year. Exact same thing, passwords changes, account PIN number changed, multiple emails from T-Mobile with different phone numbers to call, all in the name of some Magenta Marketing Platform? (Google it) ? I just called in and spoke with a representative about 2 months ago. Thought I secured my account with a new PIN number. Yet when I log into my account, it states my PIN number hasn't been changed in almost 10 months. Monthly stats don't even come close to what my phone states, compared to the amount of texts, data reflected in T-Mobile sure. 
Unlike most here I do not have Coinbase nor Crypto currency, however analytics have shown multiple, almost nightly, account/network switches and sure enough Crypto currency transfers / data transmission. I have see it link to household IOT such as my first alert smoke alarm, chamberlain garage door hub, and my vehicle 4G. For the sake of transparency, I think this is a much bigger issue involving/starting when I activated my vehicle online app that connects to my car for remote start, parking location, maintenance and service, etc. I believe they are using random customers SIM. I noticed my text messages went up by over 400%, not a concern for T-Mobile as they investigate and said nothing found out of the ordinary. My bill is a constant 70$/month, I would have never noticed unless I pressed to view the pdf image of the monthly bill. For the past 10 months, my bill is almost comical. It's a text message to numbers, followed my hundreds of short codes, followed  by a certain friends number, then hundreds of short codes again. It goes on for 50 to 100 pages monthly. All with zero concern to T-Mobile, I'm the only crazy one I guess, but I thought I'd share my experience from the other side of this possible fraudulent activity. 

The traces connecting to my home network, IOT, and vehicle all have to do with dealerships and their access to your vehicle 4G remotely. Possibly via the software X-Time? (Google it) They all state a name XXX...Garage. So with everyone having a cellular phone number with a SIM, and a 4G connected vehicle. I can only imagine how much fraud is occurring. I can't deactivate my Vehicle 4G network according to the Dealership. 

This same thing happened to me last night except for Tmobile confirmed to me when I went into the store to get my Sim straightened out that the Sim switch was in fact done by a T-Mobile employee. I am filing a police report with my local PD and will be contacting an attorney to try and get my money back from Tmobile due to their negligent employee. This is terrible. I also have a contact to our local news and since it's in LA it's not a small new station. After I get my attorneys involved I am going to contact the local station so that they can make this known to all. I will be searching for a new company soon. T-Mobile offered NOTHING but to lock up my SIM. Pretty sad. They don't care about us, just our $$.

Like so many others the same exact thing happened to me. Tmobile let an unauthorized user who didnt have my device, or my pin, or a valid matching picture ID (all of which Tmobile had on file to use to verify the port request) and still approved the port being requested from 2500 miles away from where I live. Imagine all those red flags and they still let it go through. After the fact they blamed the thief, Coinbase who the thief reset my psswd using device they gave them before converting and transferring all the assets in the account, and even me, and they still do to this day as we sit in arbitration 18 months later. 

Researching my case they have known this was an issue for many years, proven by what I mention below, and the fact they have something in their eula specifically about it and crypto. Rather than address it they would prefer to pass the losses on to their customers which is proven by their actions. What modern feat of technology was needed to stop my sim swap? Something that should be right up a phone companies alley, a 2 min phone call to me before approving.

It gets even worse. As you can see in this article

https://www.androidpolice.com/t-mobiles-finally-taking-sim-swap-fraud-seriously-with-new-transfer-pins/

they have had a feature in place that would have protected all their customers that went through this. For the years they have known about this scam, they have had an interal setting called NOPORT. It prevents ports from going through and is only made available to their own internal employees to protect them from this scam.

At first I did tremendous amounts of research into tracking down the thief and providing it to Tmobile. They refused to provide any to me whatsoever, including those of their own internal investigation telling me I would need a court order. It became apparent to me and the detectives involved that pursuing the thief was simply not something Tmobile even tries to do, its all about debt mitigation and you instantly become their opponent instead of both of you pursuing the thief.

Media is finally starting to catch on and I have done two separate interviews for MSNBC and Yahoo finance and after all the dealing with FCC last year they passed legislation that forces companies like this to properly verify identity before a swap.

This forced Tmobile to finally change policy enough to try to contact customer first and eliminate the lone wolf employees involved by making 2 necessary to do one. Again, all that is really needed is to simply call the account holder and ask if he approves the port, it takes 2 minutes and protects your customers from years of stress and financial losses.

If this happens to you take them to arbitration. They will do nothing but lie to you, try to shift blame and intentionally waste as much of your time as possible with multiple legal firms burying you in information requests then refusing to do anything once they get them. Transferring accounts like that is gross negligence and they can not hide behind an EULA to shield them from this negligence.

Hola K-T,

Sorry it happened to you too. I tracked the IP down and mine was from Toronto Canada. I'm sure they used a VPN to reroute and hide their IP though. The case is still open with my bank. They temporarily credited my account the $2500 I lost but have not made a final determination yet. As for the money I lost from coinbase, coinbase told me I was out of luck, that they did not get hacked so the money would not be insured. I hope you didn't lose too much from coinbase.

I spoke to some FBI cybercrime office and the guy told me straight forward that nobody would do anything unless I lost thousands of dollars.

Luckily I kept most of my crypot assets elswhere and only lost a few hundreds from coinbase. T-Mobile eventually covered that lost for me.

Hello, I have somehow stumbled upon this thread after only being affected by the same crime as I read above. Yesterday on 12/21/21 around 4 pm I received a "verification" text about changing my coinbase password AND my T-Mobile password. And I dial the number for T-Mobile customer service my cell service drops. I'm still connected to wifi but my wifi calling was disabled. I turn my phone on and off, then in a panic I realize I've probably just been hacked. I use the wifi to access my online banking only to see that $750 has been transferred to my coinbase account. Now I'm losing my mind and the only thing I think to do is physically go to a T-Mobile store to get my service restored as I have no way of calling anyone for help. The employees were able to get my service on but didn't know what to do to stop the people from hacking me. They did ask if I knew anyone who worked for the phone company or if anyone had access to my SIM card/old sims, all of which the answer is no. I end up closing my checking account, canceling all of my cards and changing my phone number. Today, 12/22/21 I wake up to yet again another text confirming that I changed my T-Mobile password. They're literally trying to do this again! After hours on the phone with T-Mobile "experts" and my bank. When I called T-Mobile today they told me they'd put "extra protection" in place for my account and that now my account would be under investigation for fraud. Not sure why it wasn't under investigation since yesterday. I'm now awaiting a call back from the "higher ups" at T-Mobile. Hopefully my phone will remain in service so I can access the call and not someone else impersonating me. If this issue persists I plan on closing my T-Mobile account and going else where. This has been such a pain to deal with, all while battle what I thought was COVID (I tested negative today!) and trying to prepare for the holiday season. Stay safe everybody. Just know that this scam is far from over or "solved" as the green icon at the top of this thread indicates. 

I'm just throwing this out there but something else to consider is that the e-mail address associated with your T-Mobile account could have been compromised.  I encourage everyone to add 2 step authentication to their e-mail account because someone could log in to your e-mail to receive the one time pin that is sent out when performing a SIM update.  If you're getting notifications that your password on T-Mobile.com has changed, it could be because of the e-mail address access.