SIM Card Swap: How To Stop The SCAM?

Account Takeover Protection

gramps28 wrote:

Account Takeover Protection

FWIW, Account Takeover Protection has been replaced with a new SIM protection feature:

It happens because t mobile didn't exactly tell you the truth. Or at least didn't explain it right. When you swap a sim card, t mobile sends a text message to the device in question. It explains that you have 10 minutes to tell them it was not you, or they will complete the swap. And that's total BS. Because chances are you wont notice until its to late. Then you will call Tmobile and they can probably fix it. But by that time they have already changed all your email passwords, and changed the passwords on all your credit card online accounts and pointed two factor authentication on your Amazon and PayPal accounts to their own emails and cell phones.

JustAskingg wrote:

After the swap is made over the phone, fraudsters can access your bank accounts, PayPal, crypto accounts and completely wipe you out with next to no recourse.

How can they wipe you out without having your bank credentials? The scam artist still needs your financial institutions credentials to grab your money.

By the way, use an Authenticator app that does NOT depend on your phone number/mobile operator as you will need the actual phone for the 2FA to be successful. TMo offers this feature to access its website.

JustAskingg wrote:

I called T-Mobile customer service and asked them how to prevent this from happening. They said that whenever someone wants to swap their SIM card, T-Mobile sends a text to your phone BEFORE swapping it out. This is good because if you don't confirm that you want to do this (which fraudsters can't because they don't have your actual physical phone) then they have to go to a T-Mobile store to further complete the transaction, making it hard for them to follow through with the ruse.

So if this is true, why does it still keep happening? And what else can be done?

I was a victim of the SIM swap scam yesterday. My daughter and I are account owners. Both of us never got a text BEFORE the swap was initiated. Stll waiting to hear from TMo how this happened. Wen I got a new SIM at the store later in the day, I asked how the swap was done. She said that in their system, it says if it was done at the store or via customer care. In my case, that field showed N/A. Weird.

What should be done? The weakest link is the TMo person (store employee or customer care). Most likely they are not well trained. If training is the issue, the manager should be fired. If it was an inside job, the person who did the swap should be fired. My $0.02. In either case, the customer should be adequately compensated. If not, there is NO incentive for TMo to prevent these things from happening.

I worked at Bell Labs decades ago and when we were designing fault tolerant systems, our boss used to constantly say, “always check the checker”.

gramps28 wrote:

Account Takeover Protection

This is a double-edged sword. If the TMo account credentials are compromised and if the use of the 2FA authenticator app is not enabled, the scammer can turn off the account takeover protection. There is always a tradeoff between convenience and security. Some key security related functions should NOT be made available via website.

Just found on my T-Mobile account privacy and settings slider for SIM card protection, you can do one account or all. Hope that helps