[Johnman9000]

My phone was a Xaomi Redmi Note 8 Pro. And my carrier was Mint Mobile.

6-8-21 while I was at work. I received 3 texts from Mint Mobile giving me temporary passwords that I never requested. I thought it was odd so I logged into my Mint account from a desktop pc and changed my password.

6-9-21 at 11pm I received 3 simultaneous texts from Metro by T-Mobile. first a welcome message, followed by two more text messages showing a balance on a account of $381.44 and $571.44.

Immediately my phone lost service. Mint mobile was unavailable until 7AM. Metro by T-mobile refused to help me due to my name not being on the account.

I quickly tried to change all my email addresses on important websites. and remove my phone number from my email address. But Hotmail still allowed my number to be used for recovery even though I managed to remove it before the hacker gained access to my email account and changed my password and locked me out.

At 7AM I was finally able to contact mint mobile and they said I needed to contact Metro..
Metro gave me the run around and hung up on me..
Finally the third attempt at receiving help they had found odd activity on my account and decided to help me.
The Metro Rep made a temporary account for me and took my phone number back from the hacker.

At 9AM I was able to go to Metro store and buy a cheap phone and pay for a month of service to gain control of my phone number.

I was unable to retrieve my email address until the next day due to too many password reset requests.

Once I had my email address back I did not find any activity. The hacker must of deleted any emails related to password resets.

I thought all was well and this ordeal was behind me until 6-22-21 when I got a email from "Freewallet", It is a crypto currency website.
I made a account with them back in 2017 and never used them for anything. I had actually forgotten about them entirely.

The email said there was a login attempt from a device "Redmi Note 8" Which was at home without mobile service but connected to my wifi network.

This leads me to believe that this device itself is what allowed the hacker to do what they did.

I do not have any odd apps on my phone. It is just normal basic stuff from the google app store. amazon, ebay, paypal, credit karma, pokemonGo, ect.

There must be some kind of exploit or spyware on my phone that allowed them to retrieve the temporary passwords from mint mobile. which would explain how they were able to find out my account number and pin code. which then allowed them to port my phone number to the Metro network.

Then they must of targeted my email address in hopes of finding some crypto currency to steal. I have used several other crypto websites in the past but currently do not have any.

I think this suggests that perhaps a data leak somewhere may of exposed my email address and phone number along side crypto websites i have used before.

What amazes me the most is if that is true. How they also managed to find the exploit or spyware in my Redmi Note 8 which allowed them to pull this off.

Or is it possible for somebody to spoof a mobile network and receive my text messages?
That situation might explain why there were three requests for temporary passwords from mint mobile. Perhaps they got it on the 4th try.
But it also does not explain why the attempt at freewallet login came from a "Redmi Note 8" Unless they are able to spoof that also and make it appear as if a "trusted device" was signing in?

How can i be sure? Also, Is it safe to go back to Mint Mobile?

[mustang7757]

Hi, welcome to AC!

Factory reset that device, enable 2 step authentication, have your mobile network work with you on your account maybe change numbers or activate pin or more authentication .

See if this guide can help

https://forums.androidcentral.com/sh...d.php?t=966023

[B. Diddy]

Welcome to Android Central! It may be that you were the victim of SIM hijacking: us.norton.com/internetsecurity-mobile-sim-swap-fraud.html

[Kizzy Catwoman]

I am so sorry this has happened to you. How frightening. It is shocking how metro refused to help you when you told them that you were the victim of fraud. I would do as the guys suggest and get your number changed asap.

[J Dubbs]

Yep you're going to have to do a clean sweep and change everything. Unfortunately your current info is now floating around the dark web, waiting for anyone that has a hankering, to try and hack you. Being connected to cryptocurrency puts a huge target on your back I'm glad you came out of this without any major losses.

[WhizzWr]

This is called SIM Swap Attack.
The hackers did not hack your device, rather they use social engineering to trick your operator (Mint Mobil) to port out your number to new provider (Metro).

You must have had your personal information (like full name, address, phone number, even DOB) leaked in the past. The hacker uses this info to execute con-trick pretending as you to Mint Mobil, maybe via phone, maybe by going to a brick-and-mortar store, or resetting your Mint Mobile account password.

Resetting your device is good for precaution, but that is not the root cause.

You have to change password of EVERY account linked to the compromised email/phone number AND activate non-sms 2FA. E.g Google Authenticator (TOTP) or Yubikey. This includes and ESPECIALY your main e-mail.

The latter cannot be emphasized enough, activate 2FA everywhere!

[L0n3N1nja]

I could have done this to you simply knowing your name, phone number, address, and that you use mint mobile. No need to hack a phone to fraudulently port a number.

Should mention I used to port multiple numbers a week for 4 years while working at Verizon. I know how the process works on the back end. Company policy didn't allow us to port a number over without valid photo ID as a way to cut back on fraud but still fairly easy to commit online.

[smvim]

Taking into consideration your chosen carrier is Mint Mobile (a MVNO contracted with T-Mobile), once you intentionally replied to messages from other carriers you opened yourself up to being compromised. Reading through your posting though, please clarify if your carrier actually is Mint Mobile, or is it Metro PCS? They are in fact two different companies, that happen to be MVNOs using T-Mobile's cellular network.
Deal only with the carrier you have an actual account with. When you receive random messages from unknown sources, it's often best to just delete them.