SIM Transfer fraud (ID theft?)

All your passwords needs a full sweep. This is my nightmare. Now that I am at home all the time, I wouldn't even know I would loose connection since I am on WiFi.


I am just gonna disable WiFi for a while, my mental health hasn't been great recently

I hope your cases are quickly resolved so you can move on. Goodluck!

Madevilz wrote: ↑ What else should I do now? Or is there anything I can do about this?

Ask Fido to put a PIN on your account. That way changes to your account, including port-outs, require that PIN. So even if a fraudster knows your phone number, even if it's because they stole your phone and wallet, without that PIN Fido isn't supposed to let anyone make changes to your account.

Nevertheless there have been reports of fraudsters "social engineering" their way around security checks, e.g. Winnipeg woman says scammers stole her mobile phone number | CBC News and Someone stole your cell number? Acting fast is critical, this industry expert says. I don't know if it's possible but you might want to ask Fido to put a note on your account that you want them to enforce the PIN requirement without exception, i.e. the onus is on you not to forget it.

bylo wrote: ↑ Ask Fido to put a PIN on your account. That way changes to your account, including port-outs, require that PIN. So even if a fraudster knows your phone number, even if it's because they stole your phone and wallet, without that PIN Fido isn't supposed to let anyone make changes to your account.

Nevertheless there have been reports of fraudsters "social engineering" their way around security checks, e.g. Winnipeg woman says scammers stole her mobile phone number | CBC News and Someone stole your cell number? Acting fast is critical, this industry expert says. I don't know if it's possible but you might want to ask Fido to put a note on your account that you want them to enforce the PIN requirement without exception, i.e. the onus is on you not to forget it.

Thanks for letting me know. Wonder why the Fido fraud center didn't say anything about the PIN.
They told me they locked our numbers and that they can't be transferred anymore. They are supposed to call me back, i'll ask for the PIN.

You could file a police report.

The danger of this event (being ported out without knowing, seemingly) is greatly exaggerated.
There is no financial loss to legitimate owner, nor gain to the would-be thief, to port-out a number (porting out a number to another cell-provider always requires a New Account. But a new account requires some Identifications, (or/and) a credit-card.
Some error/mistakes might have occurred, but certainly this doesn't look like someone trying to steal your money.
Notice: Porting out a number doesn't ask for, never asked for, doesn't require providing, of any financial info. You can port out just having your Number and one of the following: PIN, or Old customer Number, or IMEI of the phone. Why is it so easy ? Because there is nothing to gain out of it.

sintox wrote: ↑ The danger of this event (being ported out without knowing, seemingly) is greatly exaggerated.
There is no financial loss to legitimate owner, nor gain to the would-be thief, to port-out a number (porting out a number to another cell-provider always requires a New Account. But a new account requires some Identifications, (or/and) a credit-card.
Some error/mistakes might have occurred, but certainly this doesn't look like someone trying to steal your money.
Notice: Porting out a number doesn't ask for, never asked for, doesn't require providing, of any financial info. You can port out just having your Number and one of the following: PIN, or Old customer Number, or IMEI of the phone. Why is it so easy ? Because there is nothing to gain out of it.

There is a financial loss. A lot of companies these days link your phone number to your account for the authentication process. If you plan to reset your password or make any electronic transactions, you'll likely get a text message to your number. Someone having control of your number can possibly do a lot of damage. If there is nothing to gain out of it, why do scammers bother to do the SIM transfer?

Should OP put some kind alerts in credit bureau?

GeneralStore wrote: ↑ There is a financial loss. A lot of companies these days link your phone number to your account for the authentication process. If you plan to reset your password or make any electronic transactions, you'll likely get a text message to your number. Someone having control of your number can possibly do a lot of damage. If there is nothing to gain out of it, why do scammers bother to do the SIM transfer?

Exactly this : The SIM theft is to be able to access other accounts that require 2FA (Banking, confidential info emails).

I've seen a personnal accountant have his number ported out fraudulently and it was a huge hassle for him to warn every of his client about potential ID theft since the criminal who ported the number managed to reset his professional email account using 2FA.

smartie wrote: ↑ Should OP put some kind alerts in credit bureau?

Should I? And how do I do this?
Trying to google "credit bureau canada" for some kind of contact, couldn't find anything other than transunion's and equifax's website.

Madevilz wrote: ↑ Should I? And how do I do this?
Trying to google "credit bureau canada" for some kind of contact, couldn't find anything other than transunion's and equifax's website.

https://www.consumer.equifax.ca/persona ... it-report/
https://www.transunion.ca/assistance/fr ... -resources

Any hint on which Can banks ? Coz there are only 8-10 banks, and my two banks doesn't allow to change creds with texting. Also remember there is a limit on sending money without leaving traces (Why the limit ? Because the bank will reverse or refund customers who report fraudulent trans, so they (banks) want to keep it within limit).

GeneralStore wrote: ↑ There is a financial loss. A lot of companies these days link your phone number to your account for the authentication process. If you plan to reset your password or make any electronic transactions, you'll likely get a text message to your number. Someone having control of your number can possibly do a lot of damage. If there is nothing to gain out of it, why do scammers bother to do the SIM transfer?

Indeed. Some banks now require 2FA to login to your account. Email systems also strongly encourage 2FA. So while SIM porting alone doesn't let a hacker cause financial loss, it's one factor that they need to do it. Once a hacker breaks into your email account they can find relevant info like bank account and credit card numbers, name and address, date of birth, SIN, etc. that they can use in conjunction with your phone number to login to your bank's online system. Even if they don't have your bank login password there's enough to social engineer their way to a password reset. From there they can do funds transfer and cause other losses. The same sort of info can get them into your Amazon account to make unauthorized purchases and so on. Google will provide countless examples of clever use of individual pieces of information to complete a jig-saw puzzle of someone's identity.

While the theft of a phone number may seem to be a mere inconvenience, in the hands of a hacker it's pure gold.

GeneralStore wrote: ↑ https://www.consumer.equifax.ca/persona ... it-report/
https://www.transunion.ca/assistance/fr ... -resources

thanks

Is this a case for Fraud Warning?
Also, is it a free service?

Madevilz wrote: ↑ thanks

Is this a case for Fraud Warning?
Also, is it a free service?

I would consider it more as a fraud alert, since there isn't any confirmation of any misuse. You can place a fraud alert for free with Equifax, but you will need to pay for TransUnion.

sintox wrote: ↑The danger of this event (being ported out without knowing, seemingly) is greatly exaggerated.
There is no financial loss to legitimate owner, nor gain to the would-be thief, to port-out a number (porting out a number to another cell-provider always requires a New Account. But a new account requires some Identifications, (or/and) a credit-card.
Some error/mistakes might have occurred, but certainly this doesn't look like someone trying to steal your money.
Notice: Porting out a number doesn't ask for, never asked for, doesn't require providing, of any financial info. You can port out just having your Number and one of the following: PIN, or Old customer Number, or IMEI of the phone. Why is it so easy ? Because there is nothing to gain out of it.

sintox wrote: ↑Any hint on which Can banks ? Coz there are only 8-10 banks, and my two banks doesn't allow to change creds with texting. Also remember there is a limit on sending money without leaving traces (Why the limit ? Because the bank will reverse or refund customers who report fraudulent trans, so they (banks) want to keep it within limit).

This is completely false and misguided.

As other posters have identified the ability to intercept or hijack 2FA is a major security flaw. TD only offers 2FA via text, which is idiotic. You don't "change creds" with 2FA, it's a requirement to log in.

Also not sure how you'd move any amount of money "without a trace?" Every transaction is logged.

Madevilz wrote: ↑ thanks

Is this a case for Fraud Warning?
Also, is it a free service?

I stand corrected - TransUnion offers it for free if you do it online on their self-service website. You only have to pay if you do it by telephone or mail.

good chance someone stole your bill which has your account number, in order to port your number you need to do that. The more reason for online billing. Also double check your passwords as said by the others.

Before everyone gets over excited about being victimized, remember that porting-out always requires an ID, or/and, a Credit-card/Debit card (from a Can bank/inst). So that's the trace. Some hard-head will try to counter-argue with: "But maybe they stole the credit-card from other person too". Then the argument will never end because as soon as one method of prevention is presented, you will say: But he has that stolen too. There is no end.

About no trace, one can take money without trace (other than a hooded shadow) by using ATM withdrawal. But the ATM-PIN has no relationship with email creds. ATM-pin can never changed with email or texting. At any rate, the amount there, is not a concern at all (banks-wise). As for other ways (larger amount) to another Can bank/inst, then there is a trace behind, so the thief will hear the police very very soon. As for withdrawing money to an oversea bank/inst, then the Can bank/inst WILL call confirm you before any significant amount is actually transferred.

I feel like I need to clear up this misunderstanding that I keep seeing in these SIM hijack threads. People keep making this mistake that this has to do with 2FA when it doesn't.

The issue here is online services allowing password resets via phone number. It's not about bypassing 2FA