Forum Discussion
Victimized by SIM card swap scam; would like to engage T-mobile regarding aftermath
Hello all. I’m writing this here because there doesn’t seem to be a way for me to engage T-mobile over email (so as to send them all the evidence related to my horrible experience), and I’m hoping that a representative monitoring the forums will pick up on this and provide a way for me to discuss this with T-mobile over email.
Two day ago on the 25th of January, I was victimized by a SIM card swap scam perpetrated by some total strangers in New Jersey (I live in Washington state myself). The fraudsters apparently called T-mobile, impersonated me, and got my number transferred to their SIM card, which they then used to gain access to my bank account and PayPal account, leading to two days of hassle and anguish, as well as the financial damage listed below:
- $10,000 from my bank account that I cannot use pending investigation of fraud
- $1,075 in charges made to my credit card from my PayPal account
- Approximately another $100 in non-credit card-funded charges made using my PayPal account
- $62 I had to spend with my bank to preemptively decline further charges from PayPal before I was able to report the fraud (as PayPal, amazingly enough, doesn’t have 24-hour customer service, so I wasn’t able to stop the fraud until they opened shop at 6AM the next day)
- Plus whatever other information the fraudsters have been able to glean from the data associated with my number that they may yet put to nefarious use
I've had to spent the past day and a half closing and reopening accounts with my banks, changing phone numbers and passwords associated with my credit cards, and losing sleep in general because of this attack, and all because someone at T-mobile evidently didn't follow procedure (or worse). As outlined in this enlace, it's apparently now T-mobile policy that "SIM card changes will now require either SMS verification from the customer or the credentials of two employees". My niece, who is the owner and administrator of the account that my number (the one that was stolen) falls under, absolutely was no contacted by T-mobile prior to the SIM swap taking place; she only received a SMS notification after the SIM card change had already taken place (and we still have the message itself to prove it), at which point it was already too late to prevent the fraudsters from gaining access to my bank/online accounts. T-mobile also did nothing in terms of verifying identity before they handed control of my phone number to these fraudsters, as the PIN my niece set up on the account was evidently never asked for (she has never shared that PIN with anybody, including me, so it's not possible for the fraudsters to know it). As for the possibility that two employee credentials were used to effect the SIM card change -- well, that'd mean that this was an inside job, and would make it even more pivotal for T-mobile to contact me so that I can help them root out these bad actors from their ranks.
In any case, I would like for any T-mobile representative perusing these forums to contact me so that we can continue to discuss this matter over the phone and over email. I strongly believe that T-mobile is culpable for the damage I suffered as a result of this fraud, because under no circumstances should any T-mobile representative simply hand over control of my phone number to some guy who found my name/address/number off internet white pages or whatever without even bothering to verify the matter with the customer who owns the number.
Enhui Hao
- SarcasticWholeNetwork Novice
muralin wrote:
How did the scammers gain access to your financial accounts' credentials? You cannot steal the money with just the SIM swap scam?
With your various user names and passwords saved to your phone it doesn't take much to brake into your Google account and pull up all your passwords. We think we are between a rock and a hard place because we have so many accounts that require passwords and some require just letters, others want upper case and lower case then some want a number added in while still others want all that and a special character. I'm guessing the time will come when they will require a photo of my butt to digitally map and compare to that photo of me mooning the opposing teams bus back in high school. I am so sick of Google and ALL of the cell service companies.
- ashg2000Roaming Rookie
BobT wrote:
Y’all might want to look into the new SIM protection feature:
https://tmo.report/2022/12/t-mobiles-new-sim-protection-is-now-live-heres-how-to-enable-it/
Thanks for sharing!!
- ashg2000Roaming Rookie
Good for you!! Not here to argue or need to convince anyone that this happened to me. Just shared my experience.
- BobTLTE Learner
Y’all might want to look into the new SIM protection feature:
https://tmo.report/2022/12/t-mobiles-new-sim-protection-is-now-live-heres-how-to-enable-it/
- muralinNewbie Caller
Criminals first change personal email (yahoo, hotmail, gmail) password by receiving password reset code on the phone after sms swap.
Interesting. 2 more questions:
- How will the criminal know my email address associated with my financial institution unless it was compromised as part of the breach? I use 4 different email addresses for different purposes (one for financial services, one for other services like TMo, Netflix, etc, one for personal email and one for everything else).
- I was a victim of a TMo SIM swap scam yesterday. I never got an SMS asking me if I initiated a swap. After the swap was completed, my daughter who is the primary account holder got an SMS that the swap was successful. She immediately asked me if I initated the swap and I noticed that the signal strength indicator on my phone had disappeared. I immediately called my broker and bank and blocked all my accounts (11 accounts across both). Both asked me a lot of personal info to confirm I was the legitimate customer. I dont believe the scam artist will have access to all the needed information to muck around with my accounts. In fact, my bank asked me to hang up and then called my wife's phone to continue the discussion. How can a bank share any of a person's credentials with only an email address and the phone number associated with the 2FA. By the way, I drove to the TMo store and got a new SIM - yes, 2 TMo employees at the store authenticated me to do another SIM swap.
- ashg2000Roaming Rookie
Please send me your phone, email address which linked to it for the password reset and bank account username for which you get two factor authentication code on this phone and I will give you a fine demonstration of it real time.
Criminals first change personal email (yahoo, hotmail, gmail) password by receiving password reset code on the phone after sms swap. Then changed the password for financial institutions as they had hold/access of my personal email and phone and could further use the phone for two factor authentication to log in. With all the data breaches over the years at many companies, username information is widely available.
- muralinNewbie Caller
How did the scammers gain access to your financial accounts' credentials? You cannot steal the money with just the SIM swap scam?
- ashg2000Roaming Rookie
I have the same fraud with my mobile phone on Oct 3rd 2022. I received the text from T-Mobile that my phone SIM has been assigned to a different phone. This compromised the two factor authentication I have set on emails, Venmo, Robinhood and all financial accounts. Since hacker had control of my phone, they were able to change passwords and start financial transactions and transfers on various accounts. Luckily I saw this on time and was able to reverse and get SIM assigned back to me. This seems to be an insider in TMobile job otherwise how does SIM get transferred without approval though it needs PIN and text to Mobile phone to make any changes. This is terrible. I have written to Federal Communications Commission, for investigation in TMobile practices. This is a broader issue at TMobile.
- syaoranTransmission Titan
Most people don't realize how much info they give away just from doing everyday tasks. When you walk into a store, they already know who you are, your address, phone number, what credit cards you have, how much credit you have, and so on. Apps like Facebook mine your phone even if you never launch or sign-in to the app. eSIM's contain way more information than a pSIM but either can be compromised from having a malicious app on your device or even walking by the wrong person skimming devices in public. Don't save passwords, addresses, or payment info in your browsers. Those conveniences are just as easy to access by the right person as it is for you to fill in that webform. Never use the same passwords twice and across multiple sites and make sure you update your recovery information for anything, like an e-mail address to ensure that no one can compromise your accounts from something you used to use but no longer do. Enable 2FA when it is an option to help try and make it tougher for anyone to compromise your accounts and information.
- magentamuffinNewbie Caller
I just want to say that the SAME THING HAPPENED TO ME. I was sleeping one time when I was getting T-mobile text alerts to approve the sim swap. I denied it twice and called Tmobile right away. The 1st representative told me someone is in the process of getting "their number back" and asked me if I wanted a new number. I SAID NO. He said he will handle the situation and we ended the call. Immediately, I lost service and had to call with another phone. By the time I called the second agent, my AMAZON, BANK, AND PAYPAL HAVE BEEN COMPROMISED. The first agent as not able to stop the sim swap but the second agent restored my number back to me. THE FACT THAT THIS CAN BE DONE SO EASILY IS SO WRONG. I have no idea how they were able to collect to much data and how they were able to impersonate me. I did change all my passwords but exactly WHAT INFORMATION DID THEY HAVE ON ME TO BE ABLE TO DO THIS? THIS COULD HAPPEN AGAIN.
Contenido relacionado
- Hace 7 meses