User Profile
Shad_
Roaming Rookie
Joined 2 years ago
User Widgets
Contribuciones
Re: SIM Swap vulnerabilities/ 2FA risks
Like so many others the same exact thing happened to me. Tmobile let an unauthorized user who didnt have my device, or my pin, or a valid matching picture ID (all of which Tmobile had on file to use to verify the port request) and still approved the port being requested from 2500 miles away from where I live. Imagine all those red flags and they still let it go through. After the fact they blamed the thief, Coinbase who the thief reset my psswd using device they gave them before converting and transferring all the assets in the account, and even me, and they still do to this day as we sit in arbitration 18 months later. Researching my case they have known this was an issue for many years, proven by what I mention below, and the fact they have something in their eula specifically about it and crypto. Rather than address it they would prefer to pass the losses on to their customers which is proven by their actions. What modern feat of technology was needed to stop my sim swap? Something that should be right up a phone companies alley, a 2 min phone call to me before approving. It gets even worse. As you can see in this article https://www.androidpolice.com/t-mobiles-finally-taking-sim-swap-fraud-seriously-with-new-transfer-pins/ they have had a feature in place that would have protected all their customers that went through this. For the years they have known about this scam, they have had an interal setting called NOPORT. It prevents ports from going through and is only made available to their own internal employees to protect them from this scam. At first I did tremendous amounts of research into tracking down the thief and providing it to Tmobile. They refused to provide any to me whatsoever, including those of their own internal investigation telling me I would need a court order. It became apparent to me and the detectives involved that pursuing the thief was simply not something Tmobile even tries to do, its all about debt mitigation and you instantly become their opponent instead of both of you pursuing the thief. Media is finally starting to catch on and I have done two separate interviews for MSNBC and Yahoo finance and after all the dealing with FCC last year they passed legislation that forces companies like this to properly verify identity before a swap. This forced Tmobile to finally change policy enough to try to contact customer first and eliminate the lone wolf employees involved by making 2 necessary to do one. Again, all that is really needed is to simply call the account holder and ask if he approves the port, it takes 2 minutes and protects your customers from years of stress and financial losses. If this happens to you take them to arbitration. They will do nothing but lie to you, try to shift blame and intentionally waste as much of your time as possible with multiple legal firms burying you in information requests then refusing to do anything once they get them. Transferring accounts like that is gross negligence and they can not hide behind an EULA to shield them from this negligence.27Visto1like0ComentariosRe: SIM Swap vulnerabilities/ 2FA risks
sweetpeach wrote: This is why I've been advised to record completely non nonsensical answers to security questions (I have to write them down so I don't forget them) and passwords generated by computer. It's about all you can do, like locking your door, make it so hard to hack you that they move on to the next one... All that wasted time on your end makes no difference at all when tmobile hands out those keys to your front door. I had a password that was 30 characters long with numbers, symbols and caps and in the end it was all just needless hassle for me as the thief simply resets your password after being handed your account on a device they control. This crime involves the thief just telling the Tmobile rep their phone got broken. I have records for my sim swap showing that is ALL they did, say the phone was broken. The csr then bypassed all other security and transferred my service to that thief and their new device. If you really want to protect yourself then leave Tmobile for a company that actually cares about security. Tmobile has been hacked 7 times in the last 4-5 years, and has more sim swap cases than all other providers combined. DO NOT use the 2fa they recommend, this is the crux of the sim swap scam as they really just need to control your tmobile account and then they can start using all the information that they bought from dark web sites where all those tmobile hacks leaked it, like the latest one where a lone 20 year old made off and put up for sale nearly 100million past and present tmobile customers information on a site called cybercrime. That 20 year old described Tmobiles security as laughably bad, and that is after 6 or so previous hacks so they are either unwilling or incapable of properly securing your account and information.25Visto1like0ComentariosRe: Fraudulent activity by a TMobile employee switching my SIM # to a new device to steal funds
Like so many others the same exact thing happened to me. Tmobile let an unauthorized user who didnt have my device, or my pin, or a valid matching picture ID (all of which Tmobile had on file to use to verify the port request) and still approved the port being requested from 2500 miles away from where I live. Imagine all those red flags and they still let it go through. After the fact they blamed the thief, Coinbase who the thief reset my psswd using device they gave them before converting and transferring all the assets in the account, and even me, and they still do to this day as we sit in arbitration 18 months later. Researching my case they have known this was an issue for many years, proven by what I mention below, and the fact they have something in their eula specifically about it and crypto. Rather than address it they would prefer to pass the losses on to their customers which is proven by their actions. What modern feat of technology was needed to stop my sim swap? Something that should be right up a phone companies alley, a 2 min phone call to me before approving. It gets even worse. As you can see in this article https://www.androidpolice.com/t-mobiles-finally-taking-sim-swap-fraud-seriously-with-new-transfer-pins/ they have had a feature in place that would have protected all their customers that went through this. For the years they have known about this scam, they have had an interal setting called NOPORT. It prevents ports from going through and is only made available to their own internal employees to protect them from this scam. At first I did tremendous amounts of research into tracking down the thief and providing it to Tmobile. They refused to provide any to me whatsoever, including those of their own internal investigation telling me I would need a court order. It became apparent to me and the detectives involved that pursuing the thief was simply not something Tmobile even tries to do, its all about debt mitigation and you instantly become their opponent instead of both of you pursuing the thief. Media is finally starting to catch on and I have done two separate interviews for MSNBC and Yahoo finance and after all the dealing with FCC last year they passed legislation that forces companies like this to properly verify identity before a swap. This forced Tmobile to finally change policy enough to try to contact customer first and eliminate the lone wolf employees involved by making 2 necessary to do one. Again, all that is really needed is to simply call the account holder and ask if he approves the port, it takes 2 minutes and protects your customers from years of stress and financial losses. If this happens to you take them to arbitration. They will do nothing but lie to you, try to shift blame and intentionally waste as much of your time as possible with multiple legal firms burying you in information requests then refusing to do anything once they get them. Transferring accounts like that is gross negligence and they can not hide behind an EULA to shield them from this negligence.16Visto2likes0Comentarios