Forum Discussion
SIM Swap vulnerabilities/ 2FA risks
So with the onset of SIM swap attacks as well as numerous links over the year I wanted to start a discussion to talk about things that we as consumers can do to better protect ourselves. As well as I...
Like so many others the same exact thing happened to me. Tmobile let an unauthorized user who didnt have my device, or my pin, or a valid matching picture ID (all of which Tmobile had on file to use to verify the port request) and still approved the port being requested from 2500 miles away from where I live. Imagine all those red flags and they still let it go through. After the fact they blamed the thief, Coinbase who the thief reset my psswd using device they gave them before converting and transferring all the assets in the account, and even me, and they still do to this day as we sit in arbitration 18 months later.
Researching my case they have known this was an issue for many years, proven by what I mention below, and the fact they have something in their eula specifically about it and crypto. Rather than address it they would prefer to pass the losses on to their customers which is proven by their actions. What modern feat of technology was needed to stop my sim swap? Something that should be right up a phone companies alley, a 2 min phone call to me before approving.
It gets even worse. As you can see in this article
they have had a feature in place that would have protected all their customers that went through this. For the years they have known about this scam, they have had an interal setting called NOPORT. It prevents ports from going through and is only made available to their own internal employees to protect them from this scam.
At first I did tremendous amounts of research into tracking down the thief and providing it to Tmobile. They refused to provide any to me whatsoever, including those of their own internal investigation telling me I would need a court order. It became apparent to me and the detectives involved that pursuing the thief was simply not something Tmobile even tries to do, its all about debt mitigation and you instantly become their opponent instead of both of you pursuing the thief.
Media is finally starting to catch on and I have done two separate interviews for MSNBC and Yahoo finance and after all the dealing with FCC last year they passed legislation that forces companies like this to properly verify identity before a swap.
This forced Tmobile to finally change policy enough to try to contact customer first and eliminate the lone wolf employees involved by making 2 necessary to do one. Again, all that is really needed is to simply call the account holder and ask if he approves the port, it takes 2 minutes and protects your customers from years of stress and financial losses.
If this happens to you take them to arbitration. They will do nothing but lie to you, try to shift blame and intentionally waste as much of your time as possible with multiple legal firms burying you in information requests then refusing to do anything once they get them. Transferring accounts like that is gross negligence and they can not hide behind an EULA to shield them from this negligence.
