My Mom just had her phone number and email account stolen

[COcheesehead]

I'm sorry to hear about your mom's experience.

For some reason, this NYTimes article did not offer a gift link, but maybe they think it is important enough to make public. It's about passkeys:

Passkeys Are the New Passwords. You Should Start Using Them Now.

Passkeys are supposed to replace passwords. Here’s why that matters — and why we recommend them.

www.nytimes.com

Let me know if you hit a paywall, and I will see if I can find the gift link.

I use passkeys whenever possible

 

[48Fire]

I'm sorry to hear about your mom's experience.

For some reason, this NYTimes article did not offer a gift link, but maybe they think it is important enough to make public. It's about passkeys:

Passkeys Are the New Passwords. You Should Start Using Them Now.

Passkeys are supposed to replace passwords. Here’s why that matters — and why we recommend them.

www.nytimes.com

Let me know if you hit a paywall, and I will see if I can find the gift link.

Good article, I was able to see it, no paywall. Within 3 minutes of obtaining my Mom's code, the hacker established their own passkey

 

[JoeWras]

So does number lock work no matter where the phone is physically located? My Mom never lost possession of her phone, somehow the hacker stole her number, and transferred it to his phone.

To port-out a number, physical possession of the phone is not required.

 

[socca]

.. Fixing it all has been a huge mess. I don’t know all of the details but they’re pretty sure it stems from their shared Xfinity account.

During my last Xfinity internet renewal the Comcast rep aggressively pushed Xfinity Mobile (one year free!) I replied that I didn’t want to rely on one service provider for all of my communications. There may be higher probability of retaining internet access after a storm with two separate providers. The rep pointed out that Comcast just leases space from Verizon so the Xfinity internet service is separate from the mobile service. I don’t know how much integration there is between Xfinity Internet and Mobile, but I’m comfortable keeping T-Mobile for cell service. I didn’t consider any security risk that might exist with using Xfinity for both internet and mobile service.

 

[braumeister]

I replied that I didn’t want to rely on one service provider for all of my communications. There may be higher probability of retaining internet access after a storm with two separate providers.

I think that's smart, and I feel the same.

 

[WhenIsItTime]

My Mom tried giving all her information to somebody in India.

 

[Koolau]

Make sure to have an extra PIN on your cell phone for port-out. Most carriers allow this, but it typically is not the default. And don't make the PIN same as your other PINs.

Sorry. Details, please? "port out?"

 

[engineernerd]

Sorry. Details, please? "port out?"

You "port out" your cell number whenever you switch cell service companies without also changing your phone number. You're moving your phone number to a new device with a new provider.

So the scammer pretends they're you and want to switch, and the store employee gets your existing service provider to allow the number to be associated with the new phone they're selling to "you" (the scammer).

I think if the scammer also has access to your email they can reset your password at a financial institution. I don't remember for sure, since I'm not in the habit of forgetting my passwords.

 

[Alan]

This seems to solve the problem; or am I being too simplistic?

I’m afraid so. Your phone number can be stolen without access to the phone or any PIN number.

SIM theft primarily occurs through SIM swapping, where a criminal tricks your mobile carrier into transferring your phone number to a SIM card they control. This allows them to intercept two-factor authentication (2FA) codes and take over your financial or social media accounts.

What is SIM-swapping fraud and what are the signs?

Cyber-criminals are collecting personal information on social media to hijack mobile phone numbers.

www.bbc.co.uk

 

[MBSC]

I assume the bad guys use the path of least resistance, so I asked AI if scammers are more likely to transfer my number to their burner phone with the same carrier instead of porting-out. The response was yes, because it's usually easier to convince the current carrier to move the number to another SIM. Verizon calls it SIM Protection. This article was a reference.

Weak authentication processes in telecoms enable SIM swap fraud — This allows fraudsters to easily hijack phone numbers...

SIM swap fraud occurs when a fraudster convinces a mobile carrier to transfer a victim’s phone number to a SIM card they control. Once the swap is complete, the victim’s phone loses network connectivity, and the fraudster receives all calls and texts, including one-time passwords for account access.

Full article: A deep dive into the growing threat of SIM swap fraud - Thomson Reuters Institute

That article links to this one:

A Bank of America customer says a hacker was able to drain $38,000 from his account after compromising his phone in a SIM-swapping attack....[He] later learned someone had taken over his Xfinity Mobile number by calling the company and pretending to be him.

Full article: Bank of America customer out $38K after falling victim to SIM swapping

 

[48Fire]

You "port out" your cell number whenever you switch cell service companies without also changing your phone number. You're moving your phone number to a new device with a new provider.

So the scammer pretends they're you and want to switch, and the store employee gets your existing service provider to allow the number to be associated with the new phone they're selling to "you" (the scammer).

I think if the scammer also has access to your email they can reset your password at a financial institution. I don't remember for sure, since I'm not in the habit of forgetting my passwords.

Thanks for the additional clarification. I'm learning on the fly, too, in between being scared to death. I'll add more details to this post that will give everyone chills. Think Savannah Guthrie's Mom.

 

[48Fire]

You "port out" your cell number whenever you switch cell service companies without also changing your phone number. You're moving your phone number to a new device with a new provider.

So the scammer pretends they're you and want to switch, and the store employee gets your existing service provider to allow the number to be associated with the new phone they're selling to "you" (the scammer).

I think if the scammer also has access to your email they can reset your password at a financial institution. I don't remember for sure, since I'm not in the habit of forgetting my passwords.

Yes! Absolutely 100%, and they tried, but since I was tied into it, we were able to stop it, and lock down bank and Vanguard before they did.

 

[48Fire]

I assume the bad guys use the path of least resistance, so I asked AI if scammers are more likely to transfer my number to their burner phone with the same carrier instead of porting-out. The response was yes, because it's usually easier to convince the current carrier to move the number to another SIM. Verizon calls it SIM Protection. This article was a reference.



That article links to this one:

I think that's what happened to my mom. She's pretty clueless.

 

[VanWinkle]

An update on my earlier post. I talked to my step mother last night. She is paying cash for everything including utilities. This involves driving to each place and paying the bills. I tried to convince her to use
checks again, but she is paranoid now and trusts no one. This will likely spiral into some unhealthy results
on her body and mind. I am 500 miles from her but let her know I would make a trip to her area if she needed any help getting things settled. She has disconnected all contact with the outside world. It isn't just money that gets stolen from the elderly.

 

[socca]

You "port out" your cell number whenever you switch cell service companies without also changing your phone number. You're moving your phone number to a new device with a new provider. ...

I logged into my mobile provider account and enabled SIM Change and Port Out blocking. These are disabled by default - I don't know why. Learn something new every day.

 

[RetMD21]

If I have to use a phone number for 2FA I prefer to use my Google Voice to avoid some of these problems. Some businesses (Fidelity) won't allow it.

 

[kgtest]

Yikes. I battled hackers December 31, 2023. Caused a bit of an argument with the Mrs. Hackers tried to bill pay to a stash house PO.

Thankfully I have worked in IT many decades. They somehow compromised outlook, then added an email alias to the hackers account that instantly gave them full access to all my email history on my server. Decades of accounts.

Password resets commenced by hacker via 1 link sign-ons where they could.

All said in done, the only account that was unrecoverable was my facebook/instagram. All others were not able to be reset via hackers attemps on 1-click sign-ons... as I noticed the rogue email alias in Outlooks web settings and immediately removed it. Then they continually tried to reset my password feverishly. Once I had stopped the email hack, they got mad.

My phone started ringing constantly from rogue numbers for the next 48 hours straight.

HAD I NOT had PC access to the actual outlook app on my desktop, I would have not been able to notice the outlook email telling me to check my alias profile, as the spam emails and spam phone calls were coming in simultaneously my mobile device was effectively useless.

The calls stopped, I notified my bank of the billpay deal, they cancelled the check.


Hacker = 0 kgtest = 1

 

[Just_Steve]

I assume the bad guys use the path of least resistance, so I asked AI if scammers are more likely to transfer my number to their burner phone with the same carrier instead of porting-out. The response was yes, because it's usually easier to convince the current carrier to move the number to another SIM. Verizon calls it SIM Protection. This article was a reference.



That article links to this one:

Good info, just went to verizon and locked all numbers and also locked sims.

 

[CautaServans]

I logged into my mobile provider account and enabled SIM Change and Port Out blocking. These are disabled by default - I don't know why. Learn something new every day.

Good idea, @socca! Thanks to this thread, I activated and changed (from default) the SIM PIN. I’m going to see if port-out blocking is available. Thanks, @48Fire , for sharing your mom’s story. It certainly is helpful to hear these tips.

 

[pacergal]

I logged into my mobile provider account and enabled SIM Change and Port Out blocking. These are disabled by default - I don't know why. Learn something new every day.

Thank you for this info. I just did this for our phones.
I, too, Learn something new on the forum every day!

 

[statsman]

Phone hacking. Email hacking. There really isn't a place that is 100% safe, it would appear.

 

[Lewis Clark]

Yikes. I battled hackers December 31, 2023. Caused a bit of an argument with the Mrs. Hackers tried to bill pay to a stash house PO.

Thankfully I have worked in IT many decades. They somehow compromised outlook, then added an email alias to the hackers account that instantly gave them full access to all my email history on my server. Decades of accounts.

Password resets commenced by hacker via 1 link sign-ons where they could.

All said in done, the only account that was unrecoverable was my facebook/instagram. All others were not able to be reset via hackers attemps on 1-click sign-ons... as I noticed the rogue email alias in Outlooks web settings and immediately removed it. Then they continually tried to reset my password feverishly. Once I had stopped the email hack, they got mad.

My phone started ringing constantly from rogue numbers for the next 48 hours straight.

HAD I NOT had PC access to the actual outlook app on my desktop, I would have not been able to notice the outlook email telling me to check my alias profile, as the spam emails and spam phone calls were coming in simultaneously my mobile device was effectively useless.

The calls stopped, I notified my bank of the billpay deal, they cancelled the check.


Hacker = 0 kgtest = 1

Unfortunately, not all of us have the expertise to fight it as you did.

 

[48Fire]

Unfortunately, not all of us have the expertise to fight it as you did.

Absolutely, and even when the problem is identified, NOBODY helps. Not AOL, not Spectrum, and not the police.

 

[48Fire]

Good idea, @socca! Thanks to this thread, I activated and changed (from default) the SIM PIN. I’m going to see if port-out blocking is available. Thanks, @48Fire , for sharing your mom’s story. It certainly is helpful to hear these tips.

You're welcome, every hour something else is still happening. Mom's new Visa that just came in the mail already has charges on it, according to Mom

 

[easysurfer]

An update on my earlier post. I talked to my step mother last night. She is paying cash for everything including utilities. This involves driving to each place and paying the bills. I tried to convince her to use
checks again, but she is paranoid now and trusts no one. This will likely spiral into some unhealthy results
on her body and mind. I am 500 miles from her but let her know I would make a trip to her area if she needed any help getting things settled. She has disconnected all contact with the outside world. It isn't just money that gets stolen from the elderly.

This is sad. There is a special place in hell for those type of scammers. Those scammers wouldn't even blink before robbing an elderly person of life savings or a kid's lemonade stand money.