Forum Discussion
Victimized by SIM card swap scam; would like to engage T-mobile regarding aftermath
Hello all. I’m writing this here because there doesn’t seem to be a way for me to engage T-mobile over email (so as to send them all the evidence related to my horrible experience), and I’m hoping that a representative monitoring the forums will pick up on this and provide a way for me to discuss this with T-mobile over email.
Two day ago on the 25th of January, I was victimized by a SIM card swap scam perpetrated by some total strangers in New Jersey (I live in Washington state myself). The fraudsters apparently called T-mobile, impersonated me, and got my number transferred to their SIM card, which they then used to gain access to my bank account and PayPal account, leading to two days of hassle and anguish, as well as the financial damage listed below:
- $10,000 from my bank account that I cannot use pending investigation of fraud
- $1,075 in charges made to my credit card from my PayPal account
- Approximately another $100 in non-credit card-funded charges made using my PayPal account
- $62 I had to spend with my bank to preemptively decline further charges from PayPal before I was able to report the fraud (as PayPal, amazingly enough, doesn’t have 24-hour customer service, so I wasn’t able to stop the fraud until they opened shop at 6AM the next day)
- Plus whatever other information the fraudsters have been able to glean from the data associated with my number that they may yet put to nefarious use
I've had to spent the past day and a half closing and reopening accounts with my banks, changing phone numbers and passwords associated with my credit cards, and losing sleep in general because of this attack, and all because someone at T-mobile evidently didn't follow procedure (or worse). As outlined in this enlace, it's apparently now T-mobile policy that "SIM card changes will now require either SMS verification from the customer or the credentials of two employees". My niece, who is the owner and administrator of the account that my number (the one that was stolen) falls under, absolutely was no contacted by T-mobile prior to the SIM swap taking place; she only received a SMS notification after the SIM card change had already taken place (and we still have the message itself to prove it), at which point it was already too late to prevent the fraudsters from gaining access to my bank/online accounts. T-mobile also did nothing in terms of verifying identity before they handed control of my phone number to these fraudsters, as the PIN my niece set up on the account was evidently never asked for (she has never shared that PIN with anybody, including me, so it's not possible for the fraudsters to know it). As for the possibility that two employee credentials were used to effect the SIM card change -- well, that'd mean that this was an inside job, and would make it even more pivotal for T-mobile to contact me so that I can help them root out these bad actors from their ranks.
In any case, I would like for any T-mobile representative perusing these forums to contact me so that we can continue to discuss this matter over the phone and over email. I strongly believe that T-mobile is culpable for the damage I suffered as a result of this fraud, because under no circumstances should any T-mobile representative simply hand over control of my phone number to some guy who found my name/address/number off internet white pages or whatever without even bothering to verify the matter with the customer who owns the number.
Enhui Hao
- muralinNewbie Caller
How did the scammers gain access to your financial accounts' credentials? You cannot steal the money with just the SIM swap scam?
- muralinNewbie Caller
Criminals first change personal email (yahoo, hotmail, gmail) password by receiving password reset code on the phone after sms swap.
Interesting. 2 more questions:
- How will the criminal know my email address associated with my financial institution unless it was compromised as part of the breach? I use 4 different email addresses for different purposes (one for financial services, one for other services like TMo, Netflix, etc, one for personal email and one for everything else).
- I was a victim of a TMo SIM swap scam yesterday. I never got an SMS asking me if I initiated a swap. After the swap was completed, my daughter who is the primary account holder got an SMS that the swap was successful. She immediately asked me if I initated the swap and I noticed that the signal strength indicator on my phone had disappeared. I immediately called my broker and bank and blocked all my accounts (11 accounts across both). Both asked me a lot of personal info to confirm I was the legitimate customer. I dont believe the scam artist will have access to all the needed information to muck around with my accounts. In fact, my bank asked me to hang up and then called my wife's phone to continue the discussion. How can a bank share any of a person's credentials with only an email address and the phone number associated with the 2FA. By the way, I drove to the TMo store and got a new SIM - yes, 2 TMo employees at the store authenticated me to do another SIM swap.
- ashg2000Roaming Rookie
Good for you!! Not here to argue or need to convince anyone that this happened to me. Just shared my experience.
- ashg2000Roaming Rookie
BobT wrote:
Y’all might want to look into the new SIM protection feature:
https://tmo.report/2022/12/t-mobiles-new-sim-protection-is-now-live-heres-how-to-enable-it/
Thanks for sharing!!
- SarcasticWholeNetwork Novice
muralin wrote:
How did the scammers gain access to your financial accounts' credentials? You cannot steal the money with just the SIM swap scam?
With your various user names and passwords saved to your phone it doesn't take much to brake into your Google account and pull up all your passwords. We think we are between a rock and a hard place because we have so many accounts that require passwords and some require just letters, others want upper case and lower case then some want a number added in while still others want all that and a special character. I'm guessing the time will come when they will require a photo of my butt to digitally map and compare to that photo of me mooning the opposing teams bus back in high school. I am so sick of Google and ALL of the cell service companies.
Contenido relacionado
- Hace 8 meses