- Feb 6, 2017
- 96,308
- 11,952
- 113
https://lifehacker.com/how-to-prevent-and-respond-to-a-sim-swap-scam-1835627474
Sharing this info with the community here.
Sharing this info with the community here.
Whoah never heard of this until now. This is crazy scary.https://lifehacker.com/how-to-prevent-and-respond-to-a-sim-swap-scam-1835627474
Sharing this info with the community here.
I know , very worried about thisWhoah never heard of this until now. This is crazy scary.
Yeah I agree, plus not sharing date of birth or phone numbers with soc media , which I don't.First thing you can prevent this by having account level PIN which you can do on T-Mobile as well. This prevents anyone from porting your number. I believe the zdnet editor didn't have this and also had pretty weak passwords just because he had 2fa via SMS.
Similarly, is it even possible for his legit phone to get that notification if the service was already stolen?Here is my question....in the article, the author wrote about an example from another journalist from ZDNet, that TMO had sent a text saying if that change wasn't correct, to call 611. He said that since TMO took his cell service, that wasn't possible. I was under the impression that 611 would go through no matter what; similar to 911.
Not sure never tried it without serviceHere is my question....in the article, the author wrote about an example from another journalist from ZDNet, that TMO had sent a text saying if that change wasn't correct, to call 611. He said that since TMO took his cell service, that wasn't possible. I was under the impression that 611 would go through no matter what; similar to 911.
Maybe they change something , you would receive a notification.Similarly, is it even possible for his legit phone to get that notification if the service was already stolen?
In any case, I'd had an account level PIN on Verizon for years, plus take other precautions.
I use the built-in eSIM with my Pixel 3 XL. The eSIM is electronically identified with the phone and cannot be used separately from the phone. I've also used LastPass password manager for many years. I'm not concerned.
I contacted Fi to be sure of my answer. If someone wanted to change my eSIM to a physical SIM, they would not only have to have my Fi password (long, complicated, and kept in LastPass), they would also have to have actual physical access to my phone that contains the eSIM. In other words, it is impossible for a thief to hijack my Fi eSIM and gain access to my account.Aren't you still vulnerable to a social engineered attack where a thief could contact your provider and convince them that "you" want to start using a physical SIM? Or does the eSIM make this impossible?
Don't make these hackers hard at work to figure it out lol, just say yeah it easy to obtain so they go to the next thingI contacted Fi to be sure of my answer. If someone wanted to change my eSIM to a physical SIM, the would not only have to have my Fi password (long, complicated, and kept in LastPass), they would also have to have actual physical access to my phone that contains the eSIM. In other words, it is impossible for a thief to hijack my Fi eSIM and gain access to my account.
Also, I was giving T-Mobile a try a year or so ago and the default PIN they used were the last 4 digits of my SSN, IIRC. I requested that be changed and was told multiple times that it couldn't be done. Accurate or not, the response I got to my requests were enough of a concern to drop them after one month.
Hey there XXXXX, thanks for reaching out to your friendly neighborhood T-Force for assistance. Here at T-Mobile your account security and privacy are our #1 priority and I want you to know that we're always on your side to ensure you're well protected. To avoid situations like this, we have 3 main lines of defense available to you to ensure you rest easy knowing your account is secure. First off is obviously your T-Mobile account passcode. This 6 to 15 digit security passcode prevents anyone, without you actively sharing it with them and authorizing them, from making any kind of changes in your account. It's always a good rule of thumb to make it good for you to remember, but hard to guess. After that, and the most relevant for us here in social media, is correctly setting your My T-Mobile online line permissions and creating a strong password for your online account. Only lines with Primary Account Holder and Full permissions are allowed to make changes like these, and owners of those lines and onlines account must make sure to set strong passwords to avoid any brute force attempts to access your information. And third but definitely no less important, we always require the person asking for a SIM change to verify a One Time PIN before making changes. This can be delivered to either the line in question or the email attached to the account, all according to the permissions you have set. Without verifying this OTP, there's no way we're able to change your SIM and you must visit one of our T-Mobile stores with your identification to do so.
Together, these three methods provide us with the means to protect your account and ensure you're always aware of all the comings and goings of your account. Pretty good, right?