As technology has become more ubiquitous, people have been exposed to more scams that try to separate them from their money and, in some cases, identity.
But while most people know not to open strange attachment, giving out personal information to strangers over the phone or transfer money to a mysterious person who is meant to be an old friend or a long lost relatives, not everyone is aware that you can do almost everything right and they become a victim of fraud horrifically stress and trauma.
One that is very difficult to remove and cancel.
Earlier this month, Alison (who has asked to remain anonymous) was about the way home from an appointment in Mississauga when he saw the phone is no longer connected to its carrier services.
He turned his phone off and on, but it still will not connect to Rogers. He had no service at all, and he was not sure why. Thinking it might be a blackout Rogers, he went to a friend’s house and jumped on Wi-Fi to investigate, only to be jazzed up with some email informing him that his PayPal password has been changed and his account has been connected to the phone.
He also received an email saying that someone has bought close to $ 2,000 worth of merchandise on a credit card via PayPal.
Unable to call Rogers or PayPal to find out what was going on, he went to the nearest Rogers store and told employees that he had lost the services and helpless look someone is draining his PayPal account. The incident must be related, but he was not sure what was going on.
Employees, almost as confused her, saying that the problem is serious and that they would check his account immediately. One employee asked if he canceled a planned phone earlier that day and moved her phone number to a new carrier. He said no. He said that the numbers he numbers him for more than 20 years is no longer associated with the account and has been ported to another service provider.
He insisted that he made no such request, and Rogers began the long process of flagging accounts for fraudulent activities and its settings with a new number and driver’s license.
Alison, it turns out, was a victim of fraud is a relatively new and highly sophisticated called SIM swapping.
How does it work?
According to Wired, a SIM swap occurs when a bad actor convincing your operator to switch your phone number and the SIM card to the SIM information they have. They may do this by contacting your provider by telephone or via online chat support, and they may get you to switch providers by providing them with personal information, such as your date of birth or account number.
Although you would think a large telecommunications company will conduct a thorough inspection before the port number of customers, SecurityIntelligence said scammers exploit attractive workers-often with their loving-side to convince them to surrender SIMS and numbers.
This is something commonly referred to as social engineering.
According to the article, IBM’s Cyber Security Intelligence Index 2014 found that 95 percent of all security incidents involving human errors.
“Many of them are successful security attacks from external attackers who prey on human weakness in order to lure people in the organization to unwittingly provide them with access to sensitive information.”
So by playing stupid or pretend to forget key details, scammers may be able to convince the telecom employees to give them access to your numbers and related information. If a scammer trying to get your driver’s license for a few days or weeks, there is a good chance someone will finally give them what they want.
Scammers may also collect your personal information through malware or phishing scams (which occurs when the scammer asks you to cough up personal information by tricking you complete an online form you consider legitimate).
Some experts also say that one can only find out information about you via social media.
Unfortunately for the victim, the people who control the phone you may be planning to do more than making a long-distance call and stick you with the bill-they may wish to take advantage of the weakness in two factors checks based authentication text to gain access to your bank account or more sensitive.
In the case of Alison, fraudsters quickly gain access to his PayPal account to have a password (or the password reset code) sent to them via text. Because they have a phone number and driver’s license, they receive all the texts and phone calls intended for him and had almost an hour of unfettered access to the telephone before she reported the incident to Rogers.
Once the fraudsters have your phone number and driver’s license, he can lock you out of your online banking, email and social media accounts and have a new password sent to them via text. If you’ve set up two-factor authentication based text (which means you’ve asked your text service when someone is trying to break into your account from a new device or foreign), safety features are two steps you can use to benefit fraudsters need someone to swap your SIM.
They can have full control of your phone without physically having remarkable devices troubling.
“After I got a new driver’s license and have my phone back, I immediately called PayPal and ask them to close the account,” said Alison.
“They were sympathetic and agreed, but eventually they came back and said the purchase and password changes to all authorized by the account holder and that they did not believe the activity to be suspicious. I totally lost my mind. I do not know if people with my phone number to call them and demanding that they keep the account open and if they listen to them because it is the number associated with the account. I just kept telling my number was stolen and purchases that are not mine, they finally agreed to put a hold on the account, but I was so panicked then. ”
Alison said, continually refreshing his e-mail, fearing the arrival of another message indicating that other accounts have been compromised. Fortunately, only the suspicious email coming from PayPal.
After getting off the phone with PayPal, he called the financial institution and cancel all credit cards associated with it.
“I just canceled everything. I do not know if they have information about my banking or if they have access to my account. After I call the whole thing, I’m afraid that with the number I’ll try to call the company and have a cancellation reversed. I never knew a person could steal your number, so I started thinking that if these smart people, there is more damage they may do so after they have your information. ”
While SIM swap fraud is relatively rare, they appear to be increasing.
Earlier this year, police in Edmonton, Alta. residents warned to be vigilant after three reported attacks SIM Swap.
More recently, Lifehacker shares some SIM swapping horror stories involving people who lose large amounts of regular and cryptocurrency in the attack. In June, Matthew Miller, who writes for ZDnet.com, said that he knew something was wrong when her daughter woke him to tell him that something unusual is happening on his Twitter account. Miller said the hacker deleted his tweets, followers blocked and locked him out of their Google account. He said that T-Mobile says that the representatives agreed to exchange his license because the caller has the appropriate information and no way to tell it’s not her authorization changes.
Miller said the scammers eventually used a bank account to buy $ 25,000 in Bitcoin. It took him quite a lot of time and effort to reclaim the account, and telephone numbers of illegally ported again after he reported the fraud and reclamation of the stolen numbers.
Alison, he denied the allegations PayPal substantially with the credit company and was told that the charge was not possible to go through. He did not have a problem closing the account but said she still felt violated and worried that something else will go wrong.
“I went home and spent hours changing every single password and try to release my phone number from any service that might be associated with it. I’m happy to do it for peace of mind, but I can not help but wonder if it’s too late and if These people already have information from being on my phone for them, “he said.
“It may sound silly, but honestly I feel violated. I’ve had trouble sleeping and generally just feeling a little insecure, or as something else would be stolen or personal information I would end up in the wrong hands again.”
Alison said that Rogers acted quickly to help her.
“The people in the shop were very helpful and sympathetic and agents I’ve spoken to since have been really great,” he said. “I am currently working with the fraud department and plans to file a police report, so they know what is happening and that it could happen to anyone else at any time,” he said.
“Many agents I’ve talked to say that this type of fraud seems to be increasing, with some saying that they had seen an uptick over the last three months.”
While this type of fraud is difficult to prevent because it is difficult to determine how one can get enough information to impersonate you and steal your phone number, Canadian Bankers Association (CBA) website has a few tips to prevent fraudulent SIM swap.
The organization says the customer must set a passcode or PIN with their service providers so that anyone who calls companies that claim they will have to know it in order to make changes to the service.
This pin must be unique and not obvious (so avoid, for example, year of birth or wedding date or anything else that can be easily obtained from your social media accounts).
You also do not have to use the same PIN for multiple services.
CBA also said that one should not publish their phone numbers on any of their social media profiles and limit the amount of personal information they post online, such as their birthday, the names of the elementary school, or the pet’s name.
“Fraudsters can use this guide to answer common identification and imitate you,” the website reads.
CBA also said that people should refrain from using the same password or username on multiple accounts.
“Always create strong, unique passwords for your sensitive accounts.”
And most importantly, people are reminded to not click on links or attachments in suspicious emails or text messages.
“Remember that your bank will never send you an email, or call you on the phone, ask you to disclose personal information such as passwords, credit or debit card numbers, or your mother’s maiden name,” the website reads.
If you believe you have been the victim of fraud, contact your local police service and the Canadian Anti-Fraud Center.
To advertise with Brampton-News, please contact our advertising team here: Advertise with us.