SO STUPID! AFTER SETTING UP GOOGLE AUTHENTICATOR THEY STILL OFFER SMS OPTION!
For added security from SIM swapping I set up Google authentication on my account for the express purpose so that no one could log in with an SMS code yet you still give that as an option which defeats the entire purpose of setting up Google authentification! This makes absolutely no sense. How can I turn off the option to sign in with sms? so even after setting up Authenticator they give three options to sign in: SMS face ID Authenticator so of course it still leaves me vulnerable to someone Sim swapping if they can log in with my SMS. come on T-Mobile wake up!
eSim swap
I've moved to France for a job but would like to keep my US number AND get a european number. My employer is willing to pay for my service here but can only do so using a SIM card. Is it possible toswap my US based SIM for an eSIM and use a European service SIM simultaneously? I've been using a temporary tourist eSIM from Orange but need something more permanent and economic. ¿Qué debo hacer?SIM Card Swap: How To Stop The SCAM?
I just learned thatfraudsters can get enough information(from online or a phishing email you click on) toget T-Mobile to swap out the SIM card on your phone for one in their possession. After the swap is made over the phone, fraudsters can access your bank accounts, PayPal, crypto accountsand completely wipe you out with next to no recourse. I called T-Mobile customer service and asked them how to prevent this from happening. They said that whenever someone wants to swaptheir SIM card, T-Mobilesends a text to your phone BEFORE swapping it out. This is good because if you don't confirm that you want to do this(which fraudsters can't because they don't have your actual physical phone) then they have to go to a T-Mobile store to further complete the transaction, making it hard for them to follow through with the ruse. So if this is true, why does it still keep happening? And what else can be done? I mean, what if you accidentally click on a fraudulent email that you don't know is part of a scam, go to bed, wake upandfind out you're penniless, contact T-Mobile and your bank, only to have them bothsay they can't help. Is there any other way to proactively prevent this from happening?SIM Swap vulnerabilities/ 2FA risks
So with the onset of SIM swap attacks as well as numerous links over the year I wanted to start a discussion to talk about things that we as consumers can do to better protect ourselves. As well as I hope to share information and ideas to T-mobile to improve their security when it comes to our accouts. For those of you who don't know about the scam that has been going on a attacker will pretend to be you to get T-mobile to assign them a sim card with your number. It is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification in which the second factor or step is a text message or call placed to a mobile telephone. Think whenever a bank for example sends you the little 6 digit code to your phone to reset a password as a example. I believe T-mobile should have measures in place that allow for a customer to require a instore visit as a pre-requiste before any kind of change like that can occur. T-mobile should also be sending updated alerts before any kind of change happens on the account to both the cell numbers on the account as well as the email address on file. These alerts should require approval before the change itself can actually go through. This would be far more full proof than just having a pin on the account and would prevent this scam from working as easily as it does. Thankfully, this has not happened to me but it is concerning as T-mobile is really lacking in providing tools for consumers to secure themselves.
Victimized by SIM card swap scam; would like to engage T-mobile regarding aftermath
Hello all. I'm writing this here because there doesn't seem to be a way for me to engage T-mobile over email (so as to send them all the evidence related to my horrible experience), and I'm hoping that a representativemonitoring the forums will pick up on this and provide a way for me to discuss this with T-mobile over email. Two day ago on the 25th of January, I was victimized by a SIM card swap scam perpetrated by some total strangersin New Jersey (I live in Washington state myself). The fraudsters apparently called T-mobile, impersonated me, and got my number transferred to their SIM card, which they then used to gain access to my bank account and PayPal account, leading to two days of hassle and anguish, as well as the financial damage listed below: $10,000 from my bank account that I cannot use pending investigation of fraud $1,075 in charges made to my credit card from my PayPal account Approximately another $100 in non-credit card-funded charges made using my PayPal account $62 I had to spend with my bank to preemptively decline further charges from PayPal before I was able to report the fraud (as PayPal, amazingly enough, doesn't have 24-hour customer service, so I wasn't able to stop the fraud until they opened shop at 6AM the next day) Plus whatever otherinformation the fraudsters have been able to glean from the data associated with my number that they may yet put to nefarious use I've had to spent the past day and a half closing and reopening accounts with my banks, changing phone numbers and passwords associated with my credit cards, and losing sleep in general because of this attack, and all because someone at T-mobile evidently didn't follow procedure (or worse). As outlined in this link, it's apparently now T-mobile policy that "SIM card changes will now require either SMS verification from the customer or the credentials of two employees". My niece, who is the owner and administrator of the account that my number (the one that was stolen) falls under, absolutely was not contacted by T-mobile prior to the SIM swap taking place; she only received a SMS notification after the SIM card change had already taken place(and we still have the message itself to prove it), at which point it was already too late to prevent the fraudsters from gaining access to my bank/online accounts. T-mobile also did nothing in terms of verifying identity before they handed control of my phone number to these fraudsters, as the PIN my niece set up on the account was evidently never asked for (she has never shared that PIN with anybody, including me, so it's not possible for the fraudsters to know it). As for the possibility that two employee credentials were used to effect the SIM card change -- well, that'd mean that this was an inside job, and would make it even more pivotal for T-mobile to contact me so that I can help them root out these bad actors from their ranks. In any case, I would like for any T-mobile representative perusing these forums to contact me so that we can continue to discuss this matter over the phone and over email. I strongly believe that T-mobile is culpable for the damage I suffered as a result of this fraud, because under no circumstances should any T-mobile representative simply hand over control of my phone number to some guy who found my name/address/number off internet white pages or whatever without even bothering to verify the matter with the customer who owns the number. Enhui Hao
