Forum Discussion
Victimized by SIM card swap scam; would like to engage T-mobile regarding aftermath
Hello all. I’m writing this here because there doesn’t seem to be a way for me to engage T-mobile over email (so as to send them all the evidence related to my horrible experience), and I’m hoping that a representative monitoring the forums will pick up on this and provide a way for me to discuss this with T-mobile over email.
Two day ago on the 25th of January, I was victimized by a SIM card swap scam perpetrated by some total strangers in New Jersey (I live in Washington state myself). The fraudsters apparently called T-mobile, impersonated me, and got my number transferred to their SIM card, which they then used to gain access to my bank account and PayPal account, leading to two days of hassle and anguish, as well as the financial damage listed below:
- $10,000 from my bank account that I cannot use pending investigation of fraud
- $1,075 in charges made to my credit card from my PayPal account
- Approximately another $100 in non-credit card-funded charges made using my PayPal account
- $62 I had to spend with my bank to preemptively decline further charges from PayPal before I was able to report the fraud (as PayPal, amazingly enough, doesn’t have 24-hour customer service, so I wasn’t able to stop the fraud until they opened shop at 6AM the next day)
- Plus whatever other information the fraudsters have been able to glean from the data associated with my number that they may yet put to nefarious use
I've had to spent the past day and a half closing and reopening accounts with my banks, changing phone numbers and passwords associated with my credit cards, and losing sleep in general because of this attack, and all because someone at T-mobile evidently didn't follow procedure (or worse). As outlined in this enlace, it's apparently now T-mobile policy that "SIM card changes will now require either SMS verification from the customer or the credentials of two employees". My niece, who is the owner and administrator of the account that my number (the one that was stolen) falls under, absolutely was no contacted by T-mobile prior to the SIM swap taking place; she only received a SMS notification after the SIM card change had already taken place (and we still have the message itself to prove it), at which point it was already too late to prevent the fraudsters from gaining access to my bank/online accounts. T-mobile also did nothing in terms of verifying identity before they handed control of my phone number to these fraudsters, as the PIN my niece set up on the account was evidently never asked for (she has never shared that PIN with anybody, including me, so it's not possible for the fraudsters to know it). As for the possibility that two employee credentials were used to effect the SIM card change -- well, that'd mean that this was an inside job, and would make it even more pivotal for T-mobile to contact me so that I can help them root out these bad actors from their ranks.
In any case, I would like for any T-mobile representative perusing these forums to contact me so that we can continue to discuss this matter over the phone and over email. I strongly believe that T-mobile is culpable for the damage I suffered as a result of this fraud, because under no circumstances should any T-mobile representative simply hand over control of my phone number to some guy who found my name/address/number off internet white pages or whatever without even bothering to verify the matter with the customer who owns the number.
Enhui Hao
Most people don't realize how much info they give away just from doing everyday tasks. When you walk into a store, they already know who you are, your address, phone number, what credit cards you have, how much credit you have, and so on. Apps like Facebook mine your phone even if you never launch or sign-in to the app. eSIM's contain way more information than a pSIM but either can be compromised from having a malicious app on your device or even walking by the wrong person skimming devices in public. Don't save passwords, addresses, or payment info in your browsers. Those conveniences are just as easy to access by the right person as it is for you to fill in that webform. Never use the same passwords twice and across multiple sites and make sure you update your recovery information for anything, like an e-mail address to ensure that no one can compromise your accounts from something you used to use but no longer do. Enable 2FA when it is an option to help try and make it tougher for anyone to compromise your accounts and information.
Please send me your phone, email address which linked to it for the password reset and bank account username for which you get two factor authentication code on this phone and I will give you a fine demonstration of it real time.
Criminals first change personal email (yahoo, hotmail, gmail) password by receiving password reset code on the phone after sms swap. Then changed the password for financial institutions as they had hold/access of my personal email and phone and could further use the phone for two factor authentication to log in. With all the data breaches over the years at many companies, username information is widely available.
Y’all might want to look into the new SIM protection feature:
https://tmo.report/2022/12/t-mobiles-new-sim-protection-is-now-live-heres-how-to-enable-it/
These forums are pretty much a peer help forum. You either need to call Customer Care and speak to someone or reach out to T-Mobile via Facebook or Twitter.
I'm sorry to hear this I was also a victim of an unauthorized SIM Card swap and had $15,000 stolen. Of course T-Mobile makes it hard and won't provide information because they don't want to take responsibility for what happened. Did you find a way to get your money back? Im still going through the process of figuring this out myself so if anyone has any useful information please pass it on to us.
Same thing just happened to me. I received massive spam texts last night so I got tired of blocking/reporting them so I put my phone on silent and went to bed. Woke up this morning to find out my email password has been reset/changed and then discovered a few minutes before the change that Tmobile sent me a equipment has been modified email which was suspiciously in my inbox trash can. I never delete and send emails to my trash. It was all Tmobile fault that they got into my email cause I have my number as an account recovery which I fixed and the timelines matches up. I got the Tmo email about equipment change and then two minutes later, got email about password reset. Fortunately I didn't have any money stolen from me and I hope you can get resolution to your problem.
I was also a victim of sim swap fraud. They took 12k from my voyager app, and the crazy part is it was a T-mobile supervisor who by-passed by pin code and authorized the sim swap change, during that time my account was compromised. Do you guys have any updates on your case?
I had the same situation. T-mobile swap my SIM card without my authorization. I lost $40,000 from my bank due to their negligence.
I just want to say that the SAME THING HAPPENED TO ME. I was sleeping one time when I was getting T-mobile text alerts to approve the sim swap. I denied it twice and called Tmobile right away. The 1st representative told me someone is in the process of getting "their number back" and asked me if I wanted a new number. I SAID NO. He said he will handle the situation and we ended the call. Immediately, I lost service and had to call with another phone. By the time I called the second agent, my AMAZON, BANK, AND PAYPAL HAVE BEEN COMPROMISED. The first agent as not able to stop the sim swap but the second agent restored my number back to me. THE FACT THAT THIS CAN BE DONE SO EASILY IS SO WRONG. I have no idea how they were able to collect to much data and how they were able to impersonate me. I did change all my passwords but exactly WHAT INFORMATION DID THEY HAVE ON ME TO BE ABLE TO DO THIS? THIS COULD HAPPEN AGAIN.
I have the same fraud with my mobile phone on Oct 3rd 2022. I received the text from T-Mobile that my phone SIM has been assigned to a different phone. This compromised the two factor authentication I have set on emails, Venmo, Robinhood and all financial accounts. Since hacker had control of my phone, they were able to change passwords and start financial transactions and transfers on various accounts. Luckily I saw this on time and was able to reverse and get SIM assigned back to me. This seems to be an insider in TMobile job otherwise how does SIM get transferred without approval though it needs PIN and text to Mobile phone to make any changes. This is terrible. I have written to Federal Communications Commission, for investigation in TMobile practices. This is a broader issue at TMobile.
