User Profile
muralin
Newbie Caller
Joined 2 years ago
User Widgets
Contribuciones
Re: SIM Card Swap: How To Stop The SCAM?
gramps28 wrote: Account Takeover Protection This is a double-edged sword. If the TMo account credentials are compromised and if the use of the 2FA authenticator app is not enabled, the scammer can turn off the account takeover protection. There is always a tradeoff between convenience and security. Some key security related functions should NOT be made available via website.35Visto0likes0ComentariosRe: SIM Card Swap: How To Stop The SCAM?
JustAskingg wrote: I called T-Mobile customer service and asked them how to prevent this from happening. They said that whenever someone wants to swaptheir SIM card, T-Mobilesends a text to your phone BEFORE swapping it out. This is good because if you don't confirm that you want to do this(which fraudsters can't because they don't have your actual physical phone) then they have to go to a T-Mobile store to further complete the transaction, making it hard for them to follow through with the ruse. So if this is true, why does it still keep happening? And what else can be done? I was a victim of the SIM swap scam yesterday. My daughter and I are account owners. Both of us never got a text BEFORE the swap was initiated. Stll waiting to hear from TMo how this happened. Wen I got a new SIM at the store later in the day, I asked how the swap was done. She said that in their system, it says if it was done at the store or via customer care. In my case, that field showed N/A. Weird. What should be done? The weakest link is the TMo person (store employee or customer care). Most likely they are not well trained. If training is the issue, the manager should be fired. If it was an inside job, the person who did the swap should be fired. My $0.02. In either case, the customer should be adequately compensated. If not, there is NO incentive for TMo to prevent these things from happening. I worked at Bell Labs decades ago andwhen we were designing fault tolerant systems, our boss used to constantly say, "always check the checker".18Visto0likes0ComentariosRe: Victimized by SIM card swap scam; would like to engage T-mobile regarding aftermath
Criminals first change personalemail (yahoo, hotmail, gmail)password by receiving password reset code on the phone after sms swap. Interesting. 2 more questions: How will the criminal know my email address associated with my financial institution unless it was compromised as part of the breach?I use 4 different email addresses for different purposes (one for financial services, one for other services like TMo, Netflix, etc, one for personal email and one for everythingelse). I was a victim of a TMo SIM swap scam yesterday. I never got an SMS asking me if I initiated a swap. After the swap was completed, my daughter who is the primary account holder got an SMS that the swap was successful. She immediately asked me if I initated the swap and I noticed that the signal strength indicator on my phone had disappeared. I immediately called my broker and bank and blocked all my accounts (11 accounts across both). Both asked me a lot of personal info to confirm I was the legitimate customer. I dont believe the scam artist will have access to all the needed information to muck around with my accounts. In fact, my bank asked me to hang up and then called my wife's phone to continue the discussion. How can a bank share any of a person's credentials with only an email address and the phone number associated with the 2FA. By the way, I drove to the TMo store and got a new SIM - yes, 2 TMo employees at the store authenticated me to do another SIM swap.5Visto0likes0ComentariosRe: SIM Card Swap: How To Stop The SCAM?
JustAskingg wrote: After the swap is made over the phone, fraudsters can access your bank accounts, PayPal, crypto accountsand completely wipe you out with next to no recourse. How can they wipe you out without having your bank credentials? The scam artist still needs your financial institutions credentials to grab your money. By the way, use an Authenticator app that does NOT depend on your phone number/mobile operator as you will need the actual phone for the 2FA to be successful. TMo offers this feature to access its website.37Visto0likes0Comentarios