Sim card swap scam

Toggle sidebar Toggle sidebar
First thing you can prevent this by having account level PIN which you can do on T-Mobile as well. This prevents anyone from porting your number. I believe the zdnet editor didn't have this and also had pretty weak passwords just because he had 2fa via SMS.

I have seen this many times especially on T-Mobile sub reddit. After that from more than a year back now I believe T-Mobile started the account level pin where you need to provide that to have any account change or port out. Obviously if some keeps their birthday as that pin or 1234 then it ain't doing much

Kind of understandable if common man doesn't know about some of the secure practices but was surprised to see lot of tech bloggers didn't use password managers and use unique randomized password for every website along with 2nd factor authentication.
 
bhatech said:
First thing you can prevent this by having account level PIN which you can do on T-Mobile as well. This prevents anyone from porting your number. I believe the zdnet editor didn't have this and also had pretty weak passwords just because he had 2fa via SMS.
Click to expand...
Yeah I agree, plus not sharing date of birth or phone numbers with soc media , which I don't.
 
I use the built-in eSIM with my Pixel 3 XL. The eSIM is electronically identified with the phone and cannot be used separately from the phone. I've also used LastPass password manager for many years. I'm not concerned.
 
Last edited:
I have heard of this before and was terrified, but I took the lock down advice and I feel a little better. This reminds me of the old phone cloning from the early days of cell phones, but far less complicated so a dumber criminal can pull this off.
 
Here is my question....in the article, the author wrote about an example from another journalist from ZDNet, that TMO had sent a text saying if that change wasn't correct, to call 611. He said that since TMO took his cell service, that wasn't possible. I was under the impression that 611 would go through no matter what; similar to 911.
 
Golfdriver97 said:
Here is my question....in the article, the author wrote about an example from another journalist from ZDNet, that TMO had sent a text saying if that change wasn't correct, to call 611. He said that since TMO took his cell service, that wasn't possible. I was under the impression that 611 would go through no matter what; similar to 911.
Click to expand...
Similarly, is it even possible for his legit phone to get that notification if the service was already stolen?

In any case, I'd had an account level PIN on Verizon for years, plus take other precautions.
 
Golfdriver97 said:
Here is my question....in the article, the author wrote about an example from another journalist from ZDNet, that TMO had sent a text saying if that change wasn't correct, to call 611. He said that since TMO took his cell service, that wasn't possible. I was under the impression that 611 would go through no matter what; similar to 911.
Click to expand...
Not sure never tried it without service
Mooncatt said:
Similarly, is it even possible for his legit phone to get that notification if the service was already stolen?

In any case, I'd had an account level PIN on Verizon for years, plus take other precautions.
Click to expand...
Maybe they change something , you would receive a notification.
 
And, among his entire family, they had only one phone? These days, that's like not having an email address.

BTW, mustang7757, thanks for the thread. Something to keep my eye on. (And I'm going to have to find out if my MVNO can somehow use my eSIM.)
 
TraderGary said:
I use the built-in eSIM with my Pixel 3 XL. The eSIM is electronically identified with the phone and cannot be used separately from the phone. I've also used LastPass password manager for many years. I'm not concerned.
Click to expand...

Aren't you still vulnerable to a social engineered attack where a thief could contact your provider and convince them that "you" want to start using a physical SIM? Or does the eSIM make this impossible?

I'm thinking of making the switch to Fi and going with an eSIM.

Also, I was giving T-Mobile a try a year or so ago and the default PIN they used were the last 4 digits of my SSN, IIRC. I requested that be changed and was told multiple times that it couldn't be done. Accurate or not, the response I got to my requests were enough of a concern to drop them after one month.
 
sixty_four said:
Aren't you still vulnerable to a social engineered attack where a thief could contact your provider and convince them that "you" want to start using a physical SIM? Or does the eSIM make this impossible?
Click to expand...
I contacted Fi to be sure of my answer. If someone wanted to change my eSIM to a physical SIM, they would not only have to have my Fi password (long, complicated, and kept in LastPass), they would also have to have actual physical access to my phone that contains the eSIM. In other words, it is impossible for a thief to hijack my Fi eSIM and gain access to my account.

Edit:
I should add that in order to gain access to my LastPass account, they would not only have to have my LastPass password (a long and complicated phrase that only I would know), since I use two factor authentication, they would also have to have my fingerprint.
 
Last edited:
TraderGary said:
I contacted Fi to be sure of my answer. If someone wanted to change my eSIM to a physical SIM, the would not only have to have my Fi password (long, complicated, and kept in LastPass), they would also have to have actual physical access to my phone that contains the eSIM. In other words, it is impossible for a thief to hijack my Fi eSIM and gain access to my account.
Click to expand...
Don't make these hackers hard at work to figure it out lol, just say yeah it easy to obtain so they go to the next thing
 
sixty_four said:
Also, I was giving T-Mobile a try a year or so ago and the default PIN they used were the last 4 digits of my SSN, IIRC. I requested that be changed and was told multiple times that it couldn't be done. Accurate or not, the response I got to my requests were enough of a concern to drop them after one month.
Click to expand...


Mine isn't my last four of my social. Whoever told you that was incorrect.
 
I had never heard of this.

I just chatted with T-Mobile about it and this is what they told me.

Hey there XXXXX, thanks for reaching out to your friendly neighborhood T-Force for assistance. Here at T-Mobile your account security and privacy are our #1 priority and I want you to know that we're always on your side to ensure you're well protected. To avoid situations like this, we have 3 main lines of defense available to you to ensure you rest easy knowing your account is secure. First off is obviously your T-Mobile account passcode. This 6 to 15 digit security passcode prevents anyone, without you actively sharing it with them and authorizing them, from making any kind of changes in your account. It's always a good rule of thumb to make it good for you to remember, but hard to guess. After that, and the most relevant for us here in social media, is correctly setting your My T-Mobile online line permissions and creating a strong password for your online account. Only lines with Primary Account Holder and Full permissions are allowed to make changes like these, and owners of those lines and onlines account must make sure to set strong passwords to avoid any brute force attempts to access your information. And third but definitely no less important, we always require the person asking for a SIM change to verify a One Time PIN before making changes. This can be delivered to either the line in question or the email attached to the account, all according to the permissions you have set. Without verifying this OTP, there's no way we're able to change your SIM and you must visit one of our T-Mobile stores with your identification to do so.

Together, these three methods provide us with the means to protect your account and ensure you're always aware of all the comings and goings of your account. Pretty good, right?
Click to expand...
 
You must log in or register to reply here.

Similar threads

AC News
News Google expands Scam Detection feature to Pixel Watch 3 and its predecessor
Replies
0
Views
167
Android Central News Discussion
AC News
AC News
AC News
News OnePlus 13T teased with a 'shortcut key' swap for the fabled Alert Slider
Replies
0
Views
268
Android Central News Discussion
AC News
AC News
S
  • Solved
Question Need Advanced Help to Download an Application
Replies
4
Views
737
Ask a Question
Smithfield
S
Richard_Indy
eSIM vs SIM battery usage
Replies
5
Views
2K
Samsung Galaxy S25 Series
SyCoREAPER
SyCoREAPER
S
A56 - Dual Sim issue with sms notification[Solved]
Replies
2
Views
2K
Samsung Galaxy A Series
mustang7757
mustang7757

Latest posts

Trending Posts

Members online

Total: 7,415 (members: 5, guests: 7,410)

Forum statistics

Threads
955,598
Messages
6,965,353
Members
3,163,342
Latest member
Clemens Ratte-Polle

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom