In Germany you have to go to a store physically to demand your sim to be swapped and they will only do it if you bring your ID card to identify yourself
Theory all countries but there's a human factor here also.... in Poland I get eSim for my email just calling them and asking... Not even security questions ever asked xD Imagine... Just spoof my phone number, call from my iPhone from a Macbook nearby (bluetooth vulnerabilities), all different methods (they even don't know existing... or they probably even didn't care detecting that it's fake... (even spoofing from VOIP gate will do - that's trivial to detect - but often will pass)
Edit: if an attacker would try to swap your SIM via the hotline (not the physical store), they’d have to know first your Providers Account number and second the last digits of your bank card number. Then they can prompt for a SIM swap which needs to be authorized by a 6 digit code sent to your current phone number, which they don’t have access to unless you’d give them that code
The problem is these journalist arent covering the entire scam. The victims typically has their email accounts compromised before the sim swap. This isn't just in the cell companies. Think about it. They said about 2000+ Sim swapping victims in the more recent numbers. There are roughly 300 million cell users in the United States alone. Clearly it's something that rarely happens and the victims were compromised far before the sim swapping
Collecting someone's ID? How quaint! Believe it or not fake IDs have been used in every bar, strip joint, etc for the last 50 years. $15/hour clerks are not trained by the FBI or NSA in to spot fake IDs. A high school kid can print you up a new ID in ten minutes. Sheesh!
My company requires an account password for the phone to get a SIM card. Probably because I called in and added it. Just add an account password that cannot be bypassed. If you forget it sucks😊 but otherwise your account is protected.
Secure your SIM with a PIN. There's a tutorial on RUclips. Then, use a pin to secure your phone account. Finally... Always request a pin for your accounts at the bank. Oh, and make certain your family has a code word in emergencies. That way, AI scam calls won't work.
With most of these companies you agreed to arbitration before their selected judge, when you first got the account. It is in the pages and pages of tiny print you agreed to.
have you seen what kind of people work in the stores? barely high school graduates, I'm sure they can easily be bribed if a criminal organization wants.
There should be recordings, no? They should be able to know exactly who did it. Unless the recordings were already erased but doubt it the scammers gonna take their sweet time and i bet recording last a while before being deleted.
Please note that this also applies to eSIM. This video is exaggerating the swim swap issue by showing a physical sim card. Hackers are not physically stealing your sim card they are cloning yours remotely.
The carriers are the problem. They dont have safties requirements for a SIM swap like voice ID, which credit card companies have. A requirement for physical ID isnt there either. Also the phone emlpoyees themselves are the criminals. They get these jobs at phone companies and do the swap for criminal organizations. This is the number one way the swap happens.
@@ricardodiez4311 that would be best policy, imo. only problem is, that in these days everything basically forcing you to use online banking via phone everywhere, cash soon won't be even option any more etc. they making more problems than solutions, world is loosing critical thinking and commons sense, from phones, cars, jobs, whatever
Paypal saved the day. Not the banks that held her money and allowed the assets to be transferred. Not the phone company that reassigned her phone number to the scammer. . Paypal identified the suspicious transaction and aborted it.. Never gonna complain about paypal fees again...
2:19 They protected this investigator's identity by showing us his face. There are criminals who specialize in identifying people by their faces. By showing his face, they have blatantly revealed his identity; the opposite of what they said.
This convinces me that a land line is still an important asset. If the company issuing the SIM has to call you on another line, they won't deal with the person who has attempted the scam.
Or you could and should have a second cell phone. Where I live landlines are history. You could not have gotten a new one for ten years, in most of the country it the service is completely canceled.
We got rid of our landline because we were receiving so many calls from scammers. At that time, almost none of them used mobile phones (where I live). We are now starting to get occasional calls to our mobiles.
Landlines can equally be affected by this. Instead of calling the company and saying your phone was "lost or stolen" they call the company and say you're moving, or you're switching from landline to cell phone. This attack actually pre-dates cell phones by several decades. It's just more prevalent now that all our banking is done with codes sent to our phones.
Phone carriers are at obviously at fault ! It's ridiculous they don't check that phone is active or not, you can call it and verify if there is a person or not !
You completely fail to understand how this scam works lol. The people who get in touch with your phone company already have your crucial information, so your phone company cannot tell if it's really you or not. And how does checking to see if the phone is active or not make any difference? Stolen phones are used and active just like regular phones. Like the video says, don't go posting your personal information because identity theft comes in many forms, and this is one of them
@@jsncrso ofcourse they do otherwise it wouldn't work. However my point was that to prevent this from happening operator always knows that phone is online since it's connect to the network. So if someone says "i lost my phone" you can see that it's not true.
Something to add, most Major Cell Phone Carriers have an added security measure specifically designed to help prevent "SIM Swapping". It requires extra measures to perform the actions atop any existing measures and can even include your physical presence along with proper identification at one of their store locations. It may take slightly longer, and require a few additional steps when you decide to upgrade your phone, but it's well worth the minor inconvenience for the added protection.
Not really. In many countries (not sure about US) it's fairly common for identity thieves to apply for a large loan once they've gotten access to your banking app. Failing that, they simply drain your credit card (which is not their first choice, as in most countries the maximum overdraft is usually quite limited). Also there may be other limitations, such as capped transaction sum or max daily withdrawal. But even this is not the worst part. In some countries, identity thieves can even sell your property (apartment or home) right under your butt using your stolen identity and the system of electronic public services. The total cost of the whole fraudulent operation is just a few thousand dollars at most, there's essentially zero risk of getting caught, and the victim has no possible way to recover their property (assuming the thieves quickly resold it multiple times through front men)
Right it’s not your fault, it’s not your banks fault the people actually holding your money by the way, it’s your cell phone company’s fault 🤣🤣🤣 please take some responsibility
Cell companies should insist on an in-person appearance to swap sim cards to a new phone. Verify the ID of the person. If they can't make an in-person appearance, it's most likely they are not the person who's authorized to change phones.
Nope not true, the nearest place to me where a cell phone store is, is a 45 mile drive each way, I'm supposed to take 3 hours off work to drive there to show ID in person??? I bought a new phone last night on UScellular, they called, and all I had to do was confirm my name and mailing address and that's where they are mailing the new phone.
Provided your phone isn't mis-delivered. In the past 2 years, I'd guess we've had a half dozen of our packages delivered to a neioghbor and we've receive an equal number of neighbor's packages. I'm even getting emails from companies that I've never had any business relationships. Sorry, but I just don't trust delivery on expensive or sensititive equipment.
Normally, when you do any changes to the account they require a secret code or word before they will be able to access your account or make any changes. If you fail to get that code (forgot), they will require only an in person at the store and with your ID.
If your sim provider gives your phone number to a scammer without your permission then surely they are liable for any loss if it's used to steal from you?
What makes this worse is when you call your bank and no one is there to answer. Hours of operation are 8am-8pm and at 11pm you realize you are being Sim Swapped Scammed. There should be a law th where Banks have to have someone answer you call 24-7 With A Security Specialist at hand 24/. Banks are the problem as well.
@@novampires223 I think they are worse when it comes to getting you your money back. Drag their feet more? Also some Credit Unions you need to be a member of a work force to join them, at least most credit unions work that way.
If you have Verizon you can put a lock on your phone number. You can set up Number Lock for free to protect your mobile number from an unauthorized move. That number can't be moved to another line or carrier unless you remove the lock.
That ridiculous. In Venezuela, for example, cell phone companies register all your data, even your fingerprints, when you buy a new line. If someone goes to a cell phone company and claims to be the owner of some phone number, they will check that just by entering the ID card number, and they will know if that person has that phone number assigned or not. You have to present your physical ID card with your picture and everything.
Here in the US: "Have national ID and voter cards?!! Horrendous! The government will have all our information!!" Idiots galore. I've lived and worked in Mexico, Chile, Thailand, Lesotho, Kenya, Morocco, Egypt, Saudi Arabia, and Emirates. Had government ID for all of those ... just like the nationals.
To aggravate all this, the country's largest bank, Bank of America, allows ONLY sim-based 2FA. This makes all their accounts vulnerable to sim swapping attacks. They can overcome this by simply allowing use of authorization apps, but they don't.
It isn't just BofA. It's pretty much all of the banks and all of the credit unions. The only 2fa that they support is SMS based to your cell phone. If they supported Authorization apps, this will cease to be a problem.
@@SK-hs4fp I know but boa has been caught numerous times doing shady stuff even laundering money. They get hacked all the time and have people info stolen. I had them for a year within that year I go use my debit card to pay for groceries and it's canceled. I go to the bank and they tell me sorry. We had a security breach yesterday so we canceled a lot of debit cards. No text messages about the card after the 3rd time. I closed my accounts they are also the ones who foreclosure on people homes that are not behind on their mortgage.
The average person can't be trusted with authorization apps. They're not tech savvy enough to know how to responsibly manage a 2fa app. They can easily lose access to it or mess something up during set up. This is why banks don't do it.
Easy remedy is to require the owner of the phone to appear in person with multiple identifications for replacing sim cards. Require the card on file as well.
The sad and aggravating part is that when the hackers are caught they get light sentence even though they cause mystery and lost of large amounts of money. Judges need to understand the vast chaos and also people losing their a large sum of money. So how do hackers get into people's phone? That would have been helpful and also what banks are doing to protect their customers. Why would any person or business want to have a bank who doesn't values their customers and have more authentications and verifications for their customers and even notice unusual and suspicious activity going on accounts and cell phones, too. What's more important, have some inconveniences in going to the bank and/or cell phone store or having your phone hacked and money drained from your accounts? Also have more than one verification that has to be verbal to access your accounts or in person.
That’s why many cell companies are doing away with physical sims. When they get caused they should suffer a severe punishment. Many people work hard for their money and they could end up on the streets.
@user-iy1vo2jf2q people need to do away with unnecessary apps. Apple allows you to uninstall almost every app. Android won’t let you uninstall things like Google.
Scam works the same regardless if it's a physical SIM card or eSIM. Scam with eSIM actually could be done easier as it does not require scammer's presence at the shop or physically shipping a new sim card. Transfer can be done remotely.
@@ofcourseimfullofit Swap can be done either way between SIM/eSIM. With eSIM it can be done completely remotely, no need to collect/ship physical card. With eSIM it's possible to steal US phone number while being say in India with no accomplices in US whatsoever.
Every time we go out in the world we are vulnerable to so many different levels of assault it’s mesmerizing! From cyber/financial crimes to pathogens to physical / mental!
It's bizarre that the more technology advances, the more vulnerable we are. "Identity theft" wasn't even a phrase a few decades ago. The "convenience" of using your credit card online or over the phone has made it commonplace. Nowadays you even have to worry that somebody has hijacked the title to your house. And there are scanners that can read the magnetic strip on your credit card while it's in your pocket. How are ordinary people supposed to be "vigilant" enough to keep up with all the latest electronic scams? Closing such security holes should be completely the banks' responsibility. If that means getting rid of some convenient options, so be it. I don't want to have to worry every day about the latest innovation in stealing my money electronically, and hope that the news show will tell me about it before it happens. That's the main reason for having your money in a bank instead of under your mattress, to have a safe secure place to keep it.
Experts do not recommend two-factor authentication using a sim card. Every single one of them will tell you to not use a SIM card to use some other form of 2FA.
And yet not a single bank will allow anything other than SMS based 2FA, and as the end user you don't get to choose the 2FA method, the bank does. So what can you actually do in the REAL world?
The court needs to find the cell phone companies liable for this, then they will ensure that their security is better and stop sending phones to random people who call.
SIM swap has nothing to do with hacking your phone though. It's about stealing your phone number and using it for nefarious purposes. What was said at 1:55 is absolute nonsense.
Last year someone used my card information to order an item on the Walmart website the same time I was browsing the same site! The product was delivered to Katy, North Carolina. And, guess what? I never even left Walmart an address and I live in Texas!🤯My card company did an investigation because I requested it. And, I did not get my money back! So, I contacted the North Carolina Bureau of Investigation via email. Now, it looks like I am going to have to spend extra money and hire a private investigator to get whomever responsible prosecuted.💔🤦🏾
And why would you call a bureau of investigation instead of the "Katy" police to file a local police report... It sounds like you have the address of where the item was shipped, should be pretty easy for them to follow up.... right?
@@SteveinSanFrancisco Poor investigating. I never left an address, because what I bought was supposed to be picked up by my kid. I thought that the whole situation was totally weird, because what I bought was delivered to an address in Katy, North Carolina.
About two years ago, I told several companies over the phone that their security was lax, namely based on information that is easy to find, but all it resulted in was confused and annoyed responses.
We got identity theft after visiting a verizon store to get a replacement phone. Store employee passed our info on to accomplices who ran up a $20,000 bill at best buy. We didnt had to pay it but it was a pain in the ass to clear up.
They can't do it in ay country that has any security on online banking. You never should get access to a bank account with just a phone number. Here you need three other pieces of information.
They actually can. If they have enough information to convince the cell company that they are you, they probably also have enough to convince the bank of the same.
My VM pin was changed and I was confused. But over a few hours I panicked and contacted my bank and early next am calked my retirement account. When I went to the phone store the next day( the hack happened on a Disnday) the phone store acted like they didn't know what I was talking about but did change my VM pin. I'm looking for a new phone company now to replace the one I have now. The response was completely unsatisfying to me
Someone just tried it with me but my phone carrier sent out notifications and thankfully It was early morning.. change all your phone pin, password, & security question asap. Be safe
I worked in IT for 40 yrs in almost every aspect i.e. IT Service Delivery mgr, Infrastructure Project manager, Incident Manager, Major Incident Manager, IT Work Group Manager, Cyber Security Incident Manager, Infrastructure Release Manager, Etc, Etc, Etc. What I find truly crazy is that we see hack stories everyday of Federal/State/Local government, private industry, and individuals and yet people want to go to a digital currency system. I'm here to tell you there is ZERO possibility to keep that system secure end to end and I don't care what any talking head tells you. People are in for a rude awakening under the coming system if they let it happen.
How do the scammers know what bank accounts you have? When the SIM is swapped the only info they have is your phone number. They don't get any account numbers except your phone account number. The only way they would be able to access your bank accounts would be to have access to your phone (in your hand) or they would have to know you and know things about you.
Considering how targeted this scam is, my assumption is it starts with a data breach. The criminals already have the data for identity theft, but can’t get past the 2FA. So, they either have to trick you or trick the cell service provider into giving them access.
@@randomstuff-qu7sh It could be previous data breach but not necessary at all. They can get your social security number from say previously stolen credit agency databases. Then they may know your email and user names (or figure them out later) as it's generally not a secret information. Then they can use your number to "restore" your email/google account password. Use that for "restoring" other passwords, changing associated emails. Use social engineering to get more access through human support. And so on.
@@firstlast-gn5bo Carrier does not have access to any data on your phone. SIM card just grants your phone access to their cellular network. Once new SIM card is activated, old SIM just stops being accepted by their network.
@@JoeBLOWFHB..@shawnarguinsr.6545 ... It's done in store in person.. the sim card is physically placed in the newly replaced phone... not over the net... time is critical and the thief can't wait for a mailed sim card..
I love how clueless these people are reporting this story. Banks are the worst at providing security measures. Most of them do not allow two-factor authentication using a hardware token or token app, and even the ones that do often have the ability to bypass these security mechanisms, thereby defeating their security.
I know of a bank that only allows pure numeric passwords of exactly 4 digits. only allows SMS 2FA, and allows you to bypass it by answering "security questions" like "what's your mother's maiden name?"... I'm pretty sure my fridge is far more secure than that bank.
In europe you have a bank app and verifications are sent to the app so it is independent from the phone number. The technology is in the dark ages from the banks so they should be liable for losses.
Cell phone companies are the problem here. Have a waiting time, tell the person to come back in two days, Call/text the damn phone number and see if someone answers. If they claim to be the owner then put a hold on everything. When the perps come back after two days to pick up the new phone, have them arrested and thrown in jail. Pretty simple stuff if they pass a law and make cell companies pull their head out of their ass.
Totally agree!! They will be more diligent if they are held accountable to reimburse the money. Otherwise they don’t really care to verify the identity.
Sounds less like a "SIM Swapping Scam" issue, and more like a "Provider failed to identify it's customer and illegally gave third parties access to your data" issue.
Ciminals don't need access to your phone. They don't even need to be on the same contenent as the legitimate phone owner. All they need is the phone number and the horse has left the barn. It's lax security associated with this new technology that has opened the door to massive theft of bank account funds.
That's is the truth about people asking for paid by phone at cashier checkouts instead of using normal credit card or debit card. Happens when people pulled their sim card out of old phone before sold old phone still have bank info on it. People used paid by phone makes them look didn't pay for the item at checkouts. Best way use card the old way.
Sorry. But, using the physical card isn’t any safer these days. The credit card skimmer is even more prevalent. That’s why people switched to digital wallets. The only “safer way” is to go back to using cash.
@@maylani3697 At least credit cards are protected against fraud. Debit cards and cash are not protected. The problem is so many people are sharing their information on social media and banking/shopping with their phones. You have no privacy when you put all your information on your phone and you are asking for a problem.
Just over a week ago, a dude from Tennessee stole my SIM card package! Here I am in Texas and dude stole it in Tennessee?!🤯 I found this out through tracking my package. So, I filed fraud through the UPS site.
Another big thing you should do is set a SIM PIN on your phone SIM Card. This allows the SIM card to be locked down unless you have the PIN to unlock it. It's a deterrence against SIM swappers.
No, it will not. That PIN protects the SIM you have. When he gets the new SIM he is of course given the PIN it has. Often it is 1234. It seems people do not have any clue on what SIM swapping means. Nothing you do to your phone can protect you in anyway as it does not involve using your phone.
Is this a US thing? In UK the phone company doesn't just give you a new phone just because you say you have lost the current one. You should contact the insurance company, if the phone is insured. And then, the phone and sim would not be any good for scamming if you do not know the log in details and passwords. And even if you manage somehow to activate a phone to the stolen ID, the banks in UK make is so unbelievably strict to access their apps from a new phone that you would need a various complex security checks to get through, and if you enter only one of them wrong just once, they freak out and lock you out for further security checks. And I have failed many times with my own information when I moved to a new device.
Who is stupid enough to pay every month for insurance on a $350 phone??? they tried that with me on the new one I bought yesterday, like I'm going to pay $14.99 or whatever it was a month to insure a $350 phone LOL! If it was a $20,000 phone then yes, it's worth it, NOT for a $350 phone. Ive never lost or broken a phone in my life, I keep them in a hard CASE and make sure I never drop it, my 3 year old Android doesnt even have a scratch on the screen.
Americans generally associate the phone and the SIM tightly. The idea is to get a new SIM. You can then use it in any phone. Mayne they also give a phone but they will bill the victim for it unless paid with cash.
@@HobbyOrganist In some countries you can include your phone in your home contents insurance as a 'portable' device, and most mid- to high-end phones like iPhones & Samsung flip phones cost much more than $350 so it can be worthwhile to get them covered in some cases.
There's two sides to this. First, there needs to be better identification on the part of the phone companies in order to give out a new SIM card. Also they need to root out malicious individuals, people with connections to hackers, inside men, and people likely to accept bribes, from the company. Second, banks are the last major industry on Earth that do not allow other 2FA methods like TOTP apps or hardware security keys, which are WAY more secure than SMS text messages.
I know some companies are putting Sim blocks on accounts now(requested by owner). You have to physically come to a store and prove you are the owner of the account.
In Greece you must go to a store in person to have a SIM reissued, and the shop asks for National ID card or passport. Still SIM swapping happens, so I am convinced that the scammer rings have agents in the mobile phone providers.
In the USA the states are way larger than Greece, there are a myriad of small and very small towns that don't have physical stores in there, so the people would have to travel huge distances to get there.
"They cannot scam you if you don’t put your password in". Actually they do for many things. Often hijacking your phone number is completely enough to restore your "lost" password and/or change an email associated with an account. A bit of social engineering while having your phone number can also help doing so through the human support if it cannot be done automatically. To be defrauded by a SIM swap does not require perpetrator getting prior access to your phone/computer or any accounts. Often publicly available information about you is enough. Personal information in databases that were previously stolen from credit agencies help them a lot too.
They forgot one important part. Lock your phone changed with your cell phone company. A number or word is needed before any changes, new phone or replacement is done. I got scammed 10 years ago when somebody bought 3 (three) new iPhones on my account.. and all our phones went dead. They just wanted the iPhones… no cost to me but the bad people got 3 phones in another state on a contract.
I'm laughing at those phone graphics.They show command line interfaces like DOS on a 6 inch screen. The font size for three of those on one screen would be microscopic. Red screen with "CYBER ATTACK" LOL
This happened a few years ago and my carrier was not successful in getting the control of the phone back to me. Luckily I never lost anything however what I ended up doing was resetting my network settings etc. This restored control of my phone to my physical sim card. So something to try if you notice something is up (I had lost cell service and couldn't get it back) is to immediately reset the network settings.
That makes no sense at all, your sim in a way is your id, if they issue a new sim card then the previous one is invalid, well if it worked it worked Most of this video is bs so yeah
I still don't understand how this happens. Ok, so you get a new phone with a new SIM. That has nothing to do with my social media accounts or bank accounts or any other account set up in my phone. Your SIM card doesn't keep a copy of your device back up or data information. The theif would still need to know your account information and get through the authentication process. So how do they know which bank you bank with? How do they know your user ID and password? Something is off with this story.
Thanks for the video. Esp. during holidays times now, the scammers are active, we have to keep highest alert and viligance to avoid online scams and phone scams... I NEVER use my phone to login to BOA acct to maintain bal or transfer money. I only do it on my ipad , which 100% stays at home....
Sim jacking has been around longer. It was even used in several tv dramas like CSI Cyber, which also covered rogue charging stations in 2014 that also steal your data.
It's been going on for decades. In fact it pre-dates SIM cards, and even cell phones. The real name for the class of attack is "social engineering". In short, it's convincing someone that you're allowed to do whatever you're trying to do when you shouldn't be. Before cell phones it was used to take control of phone numbers and move them to other locations, usually targeting places that would accept payments so that people would phone the scammers and give them their credit card details. It is also still used to call banks and convince them that they are the legitimate account holder and just forgot the password. The reason SIM cards are now targetted more than individual financial institutions is that one SIM card swap can net you access to multiple bank accounts, whereas if you target the bank itself you only get individual accounts. Also banks usually have (albeit only slightly) higher security than phone companies.
The remedies you discuss are virtually worthless. You cannot "request" a bank or a wireless carrier to supply a form of security that they don't use. There are two fixes to this problem: 1) require all financial institutions to use 2FA that's based either on physical keys or an authenticator app; 2) require wireless carriers to implement SIM card locking via password that CANNOT be "overridden" by a customer support agent who is "convinced" by a scammer that they're you. If the scammers claim they "lost" their paswords, dongles, etc., they should be required to provide several forms of ID including government-issued forms.
I literally don't understand how they can drain any bank account. Thru a banking app? I don't keep any banking app on my phone. I don't save any passwords either.
@@chuckh4077 Oh, thank you! It's funny how this article wasn't that clear about that factor. So do I have this right, someone can get your phone #, and then call any cell phone company and do a port request? Then they have access to your android or apple and subsequently then have access to your contacts and apps, once the phone company ports your number in, and all your stuff populates on their device? Then your phone goes black? Is that about right? If that's correct, this is insane. Cell phone companies need to do MUCH more authentication instead of just a simple port request.
I dont understand why anyone would keep more than $5 in a checking acct beyond what they need to cover, serious money like that $200,000 the woman claimed she lost- should be securely tied up in investments, even a stock brokerage like Schwab requires 3 business days to transfer money etc out.
@@HobbyOrganist Maybe she just got her inheritance money or sold a house, who knows? But I do agree with you that having 200k sitting losing value at a bank and in risk of theft is not a good idea, she should be investing that money, and growing it to keep up with inflation and to increase wealth.
I don't see how this can happen unless the phone company employee is in on it. Surely if I request a new sim, it would be sent to my address, so how does the fraudster get it. They would then need to know my screen lock, and my Google account password, to download all my backup apps which would include my banking app. Then my banking app password and pins. The only way they could access the banking app is if it's backed up. Delete your backups, on Google one, and stop backups altogether. That way there is nothing to download. If you intend changing your phone, do a backup beforehand, just make sure that you never lose it.
They fail to mention how the criminals actually get all that info. And it starts from your emails. SECURE YOUR EMAILS, DONT SEND PICTURES OF YOUR SOCIAL OR ID’s through an email and if you do delete them immediately. If you have a yahoo email then you’re in greater risk.
Yes my yahoo account and millions of others has been hacked numerous times in ten years I have had it probably more then they even tell us. That's part of the problem providers do not let the customers know these things until too late.
Lets be honest half the problem is how people have been convinced to give more and more power to their Cell phone. A phone which as the news article mentioned is always on them. A prime target for thieves and muggers. Or just you lose it leaving it on a table. Any one working in the food industry knows dozens of phones a week are often left in restaurants. That people have vital things like their bank accounts, contact numbers etc all on said phone is kind of a security joke. It's like walking around with the Pin tapped to your debit card. Many times all you have to do is unlock the phone, which is often easily cracked. This Sim swapping just makes it even easier.
It may be a cyber crime, but the biggest crime is that the companies are letting it happen. To be able to call them and give a big sad story and then the associate does the swap is rediculous . They need to be mad accountable and add more protection. Like need to go into store and show your ID and your phone.
They choose targets by those who easily fall prey to answering their calls/text. Caller information can be easily spoofed, making it look like they're calling from a company.
I recently had my phone " brick" enroute to Christmas holidays. I inadvertently put it in an unusual pocket in my rollaboard. Next day, i went to my wireless provider to get a new sim card, and put it in an old phone we had with us. The process took almost all day, wirh layers of authentication! Now I know why...ironically, the next day, I found the dead phone and was able to get a battety replacement. I will be extremely careful with the " extra" sim card!
Not sure I understand. So they transfer your phone number to their phone and therefore they have access to the codes sent for 2FA. However, your apps and passwords are not in the SIM card, they are in your Apple ID. So, how would they get access to your bank accounts if they don’t have your usernames and passwords?
The scammers already got your banking info, this is the last step to get your phone number onto their phone. so, they can change your bank login passwords through 2FA...
That was exactly what happened to me about 4 months ago and it's a nightmare. This is so unfair how the banks and credit cards have no idea how to protect us. I'm telling you if contact your bank and credit from the same phone you are risking them to get further information. Going directly to the bank is safer
Most of this video is wrong sooo They can't take anything, they'll only have access to any 2FA tied to your phone number, so unless they already know a lot of other things nobody will care about doing a sim swap on you Maybe they'll get access to your contacts if they are saved
That's the best thing with Australia we have strict telecommunication standards that require you to go into the store and show your physical ID card we don't even have burner phones you have to have a physical form of id for post pay it can happen with pre-paid
Which phone companies are doing more to protect us? Does AT&T, Verizon, or T-Mobile require you to physically go in to do a SIM swap? We should all be leaving any company that just allows this over the phone or with minimal safeguards. This is outrageous and phone companies need to be held accountable for each occurrence they allow to happen.
Using BOTH parts of the 2-factor identifications on the same device (your phone), being a safety issue... What a shock! (sarcasm intended). Seriously though, the reason why this can even happen in the first place, is lazy safety-procedures and "FALSE" two-factor authentication giving false sense of security. For a two-factor authentication to be ACTUALLY working reliably, the two parts needs to be on two SEPERATE physical units.
In Germany you have to go to a store physically to demand your sim to be swapped and they will only do it if you bring your ID card to identify yourself
👍
In India, too.
Thats always been the case here in the USA but as been said , someone on the inside of the phone company is in on the scam.
bruh u cant compare a civilized nation like germany with a shithole third world country like Merica.
Theory all countries but there's a human factor here also.... in Poland I get eSim for my email just calling them and asking... Not even security questions ever asked xD Imagine... Just spoof my phone number, call from my iPhone from a Macbook nearby (bluetooth vulnerabilities), all different methods (they even don't know existing... or they probably even didn't care detecting that it's fake... (even spoofing from VOIP gate will do - that's trivial to detect - but often will pass)
Edit: if an attacker would try to swap your SIM via the hotline (not the physical store), they’d have to know first your Providers Account number and second the last digits of your bank card number. Then they can prompt for a SIM swap which needs to be authorized by a 6 digit code sent to your current phone number, which they don’t have access to unless you’d give them that code
NOTHING WILL CHANGE TILL ALL WIRLESS CARRIERS ARE HELD ACCOUNTABLE!!! THESE ARE BILLION DOLLAR COMPANIES AND THEY ARE NEVER HELD ACCOUNTABLE!!
The problem is these journalist arent covering the entire scam. The victims typically has their email accounts compromised before the sim swap. This isn't just in the cell companies. Think about it. They said about 2000+ Sim swapping victims in the more recent numbers. There are roughly 300 million cell users in the United States alone. Clearly it's something that rarely happens and the victims were compromised far before the sim swapping
Probably because many of the criminals are the contacts in the wireless companies
I don't doubt the banks are involved.
Amen😎🙏🏾💯
I got some IDEAS on that 🤔🤨
You failed to mention that the cell phone providers allow the SIM card swap by NOT insisting on ID before issuing a new SIM card or phone.
Collecting someone's ID? How quaint! Believe it or not fake IDs have been used in every bar, strip joint, etc for the last 50 years. $15/hour clerks are not trained by the FBI or NSA in to spot fake IDs. A high school kid can print you up a new ID in ten minutes. Sheesh!
I agree. And shouldn't there be a big red flag if someone is trying to get a new phone in Utah but lives in Georgia? Hmmm.
My company requires an account password for the phone to get a SIM card. Probably because I called in and added it. Just add an account password that cannot be bypassed. If you forget it sucks😊 but otherwise your account is protected.
@@edwizard62 I moved and had a reason to deal with my provider.
But I went into one of their storefronts.
Can you make eSim by just opting in with sms somewhere? 😂😂😂 Companies doesn’t know security. They care about other stuff..
Right straight to a lawyer to sue the phone company for not verfying identification.
Tell us how that goes, honey.
these lawsuits last years and years
Secure your SIM with a PIN. There's a tutorial on RUclips. Then, use a pin to secure your phone account. Finally... Always request a pin for your accounts at the bank. Oh, and make certain your family has a code word in emergencies. That way, AI scam calls won't work.
With most of these companies you agreed to arbitration before their selected judge, when you first got the account. It is in the pages and pages of tiny print you agreed to.
@@chipmunktubetop, he's your honey?
My favorite part was where they say, “if you suspect you’re a victim and your phone stops working, call this number…”.
😂.
lol.
Use a different phone. I have two phones with three sims.
@@okaro6595 Thanks, Tuvok!
Obviously use a different phone. DUH! smh
The fraud is definitely an inside job. I have worked for AT&t before and I've seen scandalous employees doing Sim swaps without a customer's ID.
No 4 digit code required or do they already know your code? At&t requires a 4 digit code where I am.
I dont think 4 digit code is needed because they produce a new simcard@@firebir11
I hope u reported it.
Can I ask you , can they still do it without the 4 digit PIN code?
A dude at Spectrum took my phone to the back room and I freaked out and told him I wanted him in front of me with it.
The phone companies should require people to come into the store with 3 pieces of ID to transfer a phone number to a new SIM card.
Dude.....that's racist. You know blacks can't get an i.d.
I have a special pin that is required to activate a new phone
@@FP194 I think the hackers just need your phone number.
Yes, phone carriers should require people to come into store to verify their identity. This could easily be an inside job.
have you seen what kind of people work in the stores? barely high school graduates, I'm sure they can easily be bribed if a criminal organization wants.
Seems like the people who are giving them a new phone are in on the scam
Ya think?
that can happen... Who monitors that the person who want the job doesn't have criminal history? who verify them?
I was worried by my dealings with a member of Telstra when I called for support. I put the call on speaker and my husband told me to hang up on her
correct 👍🏽
There should be recordings, no? They should be able to know exactly who did it. Unless the recordings were already erased but doubt it the scammers gonna take their sweet time and i bet recording last a while before being deleted.
He asked to not be identified, then he shows his face clear as day to millions of people
Yep
Doesn't mean anybody has his name.
@@clarkmacgowan5114 All you need is a face to get someones identity. Especially a public servant who will have a public profile.
Please note that this also applies to eSIM. This video is exaggerating the swim swap issue by showing a physical sim card. Hackers are not physically stealing your sim card they are cloning yours remotely.
Good point
There is no cloning, they just get a new one with the same number.
The carriers are the problem. They dont have safties requirements for a SIM swap like voice ID, which credit card companies have. A requirement for physical ID isnt there either.
Also the phone emlpoyees themselves are the criminals. They get these jobs at phone companies and do the swap for criminal organizations. This is the number one way the swap happens.
The employees are in on the scam.
Voice ID in the era of AI? Takes a few minutes of work involving a voice sample sentence from the target person to make an AI say whatever
Don't use your phone to pay or to bank
@@stefan0ro not presently. Their are inflections given through emotions and physical characteristics that AI can't mimmick.
@@ricardodiez4311 that would be best policy, imo. only problem is, that in these days everything basically forcing you to use online banking via phone everywhere, cash soon won't be even option any more etc. they making more problems than solutions, world is loosing critical thinking and commons sense, from phones, cars, jobs, whatever
Paypal saved the day. Not the banks that held her money and allowed the assets to be transferred. Not the phone company that reassigned her phone number to the scammer. . Paypal identified the suspicious transaction and aborted it.. Never gonna complain about paypal fees again...
If the phone company became legally liable for the financial losses caused by the sim swap, they would soon start asking for ID.
Plenty of other things to complain about though !
They aren't usually on the side of the buyer, just the seller !
I only pay via PayPal or credit card on phone which is protect never put banking info on phone or computer . I know to much to do that .
Business bank accounts also have more layers of protection so that's another possibility.
I love PayPal. I won’t shop online on websites that don’t have PayPal.
2:19 They protected this investigator's identity by showing us his face. There are criminals who specialize in identifying people by their faces. By showing his face, they have blatantly revealed his identity; the opposite of what they said.
He asked that his name not be given. He chose to sit in front of the camera.
@@TheNYgolfer Irrelevant.
They also failed to tell us exactly HOW TO AVOID this scam, which is click bait!! They only mentioned what to do once you're already scammed.
write to your congressman to make it a law to show ID before a sim swap is conducted
@@VMR8648 4:08 The first step, don't overshare on social media.
This convinces me that a land line is still an important asset. If the company issuing the SIM has to call you on another line, they won't deal with the person who has attempted the scam.
Or you could and should have a second cell phone. Where I live landlines are history. You could not have gotten a new one for ten years, in most of the country it the service is completely canceled.
We got rid of our landline because we were receiving so many calls from scammers. At that time, almost none of them used mobile phones (where I live). We are now starting to get occasional calls to our mobiles.
Still can be attacked by splicing the landline cable
Landlines can equally be affected by this. Instead of calling the company and saying your phone was "lost or stolen" they call the company and say you're moving, or you're switching from landline to cell phone.
This attack actually pre-dates cell phones by several decades. It's just more prevalent now that all our banking is done with codes sent to our phones.
@2:10 "Investigator asked us not to name him, to protect his identity", so we decided to show him talking with us, to help scammers identify him.
Lol I was seriously like WTF
Oh I missed that yikes lol
Phone carriers are at obviously at fault ! It's ridiculous they don't check that phone is active or not, you can call it and verify if there is a person or not !
They got folks on inside,
So personal responsibility to make sure you have the proper security set up is not a priority
@@timothydempsey3763the same way they keep finding card skimmers in gas stations, the employees are in on it
You completely fail to understand how this scam works lol. The people who get in touch with your phone company already have your crucial information, so your phone company cannot tell if it's really you or not. And how does checking to see if the phone is active or not make any difference? Stolen phones are used and active just like regular phones. Like the video says, don't go posting your personal information because identity theft comes in many forms, and this is one of them
@@jsncrso ofcourse they do otherwise it wouldn't work. However my point was that to prevent this from happening operator always knows that phone is online since it's connect to the network. So if someone says "i lost my phone" you can see that it's not true.
Something to add, most Major Cell Phone Carriers have an added security measure specifically designed to help prevent "SIM Swapping". It requires extra measures to perform the actions atop any existing measures and can even include your physical presence along with proper identification at one of their store locations. It may take slightly longer, and require a few additional steps when you decide to upgrade your phone, but it's well worth the minor inconvenience for the added protection.
To be even more clean it's mostly not a thing anymore
@@realspinelle1, you mean that SIM-swapping is “not a thing anymore”?
@@realspinelle1WHAT is not a thing anymore?
@JohnnytNatural WHY won't the "scammer" have access to your Gvoice or text app number. Doesn't he have access to what's in your phone? Or not?
@@realspinelle1 You don't have a functioning brain.
One of the great things about having no money is no one can drain your bank account.
Unless they deposit phony cheques and then withdraw based on those
Banking clearing times will prevent this. @@genericreference6969
Banking clearing times will prevent this. @@genericreference6969
They could open credit cards and put you in further debt... maybe
Not really. In many countries (not sure about US) it's fairly common for identity thieves to apply for a large loan once they've gotten access to your banking app. Failing that, they simply drain your credit card (which is not their first choice, as in most countries the maximum overdraft is usually quite limited). Also there may be other limitations, such as capped transaction sum or max daily withdrawal.
But even this is not the worst part. In some countries, identity thieves can even sell your property (apartment or home) right under your butt using your stolen identity and the system of electronic public services. The total cost of the whole fraudulent operation is just a few thousand dollars at most, there's essentially zero risk of getting caught, and the victim has no possible way to recover their property (assuming the thieves quickly resold it multiple times through front men)
I don’t understand how mobile phone companies just agree to swap SIM cards to strangers without identification, they should be held accountable
Just typing without actually knowing what you’re talking about 😂
@@MarquesReacts no, the basic sense is the phone company should not swap phone numbers unless the person is present physically with id.
@@MarquesReacts Just typing without actually contributing anything of value 😂
@@jennifermarie3158 They use FAKE ID's you clown. You have any idea how this works in the real world...?
Obviously not.
@@rlkinnard They DO required ID's genius. This is done with FAKE Id's being presented...
The problem is clearly in the hands of the phone company they are the ones giving the sim cards to the criminals
I think the criminal is at fault.
What if the employe is a scammer ?
Right it’s not your fault, it’s not your banks fault the people actually holding your money by the way, it’s your cell phone company’s fault 🤣🤣🤣 please take some responsibility
Cell companies should insist on an in-person appearance to swap sim cards to a new phone. Verify the ID of the person. If they can't make an in-person appearance, it's most likely they are not the person who's authorized to change phones.
Nope not true, the nearest place to me where a cell phone store is, is a 45 mile drive each way, I'm supposed to take 3 hours off work to drive there to show ID in person???
I bought a new phone last night on UScellular, they called, and all I had to do was confirm my name and mailing address and that's where they are mailing the new phone.
Provided your phone isn't mis-delivered. In the past 2 years, I'd guess we've had a half dozen of our packages delivered to a neioghbor and we've receive an equal number of neighbor's packages. I'm even getting emails from companies that I've never had any business relationships. Sorry, but I just don't trust delivery on expensive or sensititive equipment.
Normally, when you do any changes to the account they require a secret code or word before they will be able to access your account or make any changes. If you fail to get that code (forgot), they will require only an in person at the store and with your ID.
So that would leave us with only ATT, Tmobile, and Verizon.
Good job, you have made it impossible to ever own a phone.
@@danburch9989Horrible idea!
If your sim provider gives your phone number to a scammer without your permission then surely they are liable for any loss if it's used to steal from you?
They are accessories to the crime.
What makes this worse is when you call your bank and no one is there to answer.
Hours of operation are 8am-8pm and at 11pm you realize you are being Sim Swapped Scammed.
There should be a law th
where Banks have to have someone answer you call 24-7 With A Security Specialist at hand 24/. Banks are the problem as well.
I agree, and I'll bet banks would say that doing that is too costly, meaning it'll cut into shareholder profits.
Join a credit union, fk the banks
@@novampires223 I think they are worse when it comes to getting you your money back. Drag their feet more? Also some Credit Unions you need to be a member of a work force to join them, at least most credit unions work that way.
That's crazy. I'm in Ireland and my bank's card services are open 24/7.
@@novampires223it’s not like a lot of credit unions are open 24/7 either
If you have Verizon you can put a lock on your phone number. You can set up Number Lock for free to protect your mobile number from an unauthorized move. That number can't be moved to another line or carrier unless you remove the lock.
Thank you.
Is that what the lock is for?? My new phone has that, but I thought it was about me having to log on every time I picked it up.
Would that help to prevent swapping on the same Carrier?
Do other carriers offer this?
Xfinity has this as well
That ridiculous. In Venezuela, for example, cell phone companies register all your data, even your fingerprints, when you buy a new line. If someone goes to a cell phone company and claims to be the owner of some phone number, they will check that just by entering the ID card number, and they will know if that person has that phone number assigned or not. You have to present your physical ID card with your picture and everything.
Here in the US: "Have national ID and voter cards?!! Horrendous! The government will have all our information!!" Idiots galore. I've lived and worked in Mexico, Chile, Thailand, Lesotho, Kenya, Morocco, Egypt, Saudi Arabia, and Emirates. Had government ID for all of those ... just like the nationals.
To aggravate all this, the country's largest bank, Bank of America, allows ONLY sim-based 2FA. This makes all their accounts vulnerable to sim swapping attacks. They can overcome this by simply allowing use of authorization apps, but they don't.
Boa is the worst bank they get hacked all the time
There are no federal, state or local laws that require you to do business with BofA. Let the suckers take the risk.
It isn't just BofA. It's pretty much all of the banks and all of the credit unions. The only 2fa that they support is SMS based to your cell phone. If they supported Authorization apps, this will cease to be a problem.
@@SK-hs4fp I know but boa has been caught numerous times doing shady stuff even laundering money. They get hacked all the time and have people info stolen.
I had them for a year within that year I go use my debit card to pay for groceries and it's canceled. I go to the bank and they tell me sorry. We had a security breach yesterday so we canceled a lot of debit cards. No text messages about the card after the 3rd time. I closed my accounts they are also the ones who foreclosure on people homes that are not behind on their mortgage.
The average person can't be trusted with authorization apps. They're not tech savvy enough to know how to responsibly manage a 2fa app. They can easily lose access to it or mess something up during set up. This is why banks don't do it.
Cell providers need to own up and pay up
Easy remedy is to require the owner of the phone to appear in person with multiple identifications for replacing sim cards. Require the card on file as well.
or better yet, stop using a phone for 2 factor auth.
The sad and aggravating part is that when the hackers are caught they get light sentence even though they cause mystery and lost of large amounts of money. Judges need to understand the vast chaos and also people losing their a large sum of money.
So how do hackers get into people's phone? That would have been helpful and also what banks are doing to protect their customers. Why would any person or business want to have a bank who doesn't values their customers and have more authentications and verifications for their customers and even notice unusual and suspicious activity going on accounts and cell phones, too.
What's more important, have some inconveniences in going to the bank and/or cell phone store or having your phone hacked and money drained from your accounts? Also have more than one verification that has to be verbal to access your accounts or in person.
"Misery and loss", not mystery and lost.
Just last year a 26 year old man who stole over 2 million via SIM card was only given 3 years in prison… 100% going to reoffend 🤦🤦🤦🤦🤦
That’s why many cell companies are doing away with physical sims. When they get caused they should suffer a severe punishment. Many people work hard for their money and they could end up on the streets.
@user-iy1vo2jf2q people need to do away with unnecessary apps. Apple allows you to uninstall almost every app. Android won’t let you uninstall things like Google.
Scam works the same regardless if it's a physical SIM card or eSIM. Scam with eSIM actually could be done easier as it does not require scammer's presence at the shop or physically shipping a new sim card. Transfer can be done remotely.
@@woopsserg How could that be easier than swapping sims?
@@ofcourseimfullofit Swap can be done either way between SIM/eSIM. With eSIM it can be done completely remotely, no need to collect/ship physical card. With eSIM it's possible to steal US phone number while being say in India with no accomplices in US whatsoever.
@@woopsserg How? It’s not as easy as switching a sim. We’re talking about this country. Of course over seas would be harder to do a sim swap
Every time we go out in the world we are vulnerable to so many different levels of assault it’s mesmerizing! From cyber/financial crimes to pathogens to physical / mental!
Today I took the Pink Line to downtown Chicago. I made it back home alive.
You're so right, Adam! It's scary, specially for older people.
It's bizarre that the more technology advances, the more vulnerable we are. "Identity theft" wasn't even a phrase a few decades ago. The "convenience" of using your credit card online or over the phone has made it commonplace. Nowadays you even have to worry that somebody has hijacked the title to your house. And there are scanners that can read the magnetic strip on your credit card while it's in your pocket. How are ordinary people supposed to be "vigilant" enough to keep up with all the latest electronic scams?
Closing such security holes should be completely the banks' responsibility. If that means getting rid of some convenient options, so be it. I don't want to have to worry every day about the latest innovation in stealing my money electronically, and hope that the news show will tell me about it before it happens. That's the main reason for having your money in a bank instead of under your mattress, to have a safe secure place to keep it.
Our bank will only make changes in our accounts in person. A little more trouble but we sleep well. Also, no banking or social media apps.
I'm pretty sure no changes are made. The access is via your current bank information
@@kafklatsch3198 She said "no banking or social media apps."
Smart!
The FBI should spend more time on this, and zero time going after parents at school board meetings.
Bravo!
Lol Donnie wants to abolish the fbi. You're on your own girl.
Why isn't the cellphone company responsible for the costs since they are the one responsible for handing over your account without verification?
Should be a capital crime.
literally
Stake through the anus and out of the mouth!! Thankfully I caught it fast enough and changed Al of my phone app security.
This “Story” has a lot of information. Precious little, however, on how to protect yourself. This piece is essentially click-bait.
4:09 listen again
@sadtiger2022 I did. Which is why I wrote, “Click-Bait.” I could very well have written “Bravo Sierra,” but you get the point.
Don't use a "phone" for anything related to money!!!
Experts do not recommend two-factor authentication using a sim card. Every single one of them will tell you to not use a SIM card to use some other form of 2FA.
And yet not a single bank will allow anything other than SMS based 2FA, and as the end user you don't get to choose the 2FA method, the bank does. So what can you actually do in the REAL world?
The court needs to find the cell phone companies liable for this, then they will ensure that their security is better and stop sending phones to random people who call.
This is why I do NOTHING on my phone. Text and phone calls mostly.
No bank info
No email
No social media (at all - anywhere)
Well, you’re Amish then
Nope. Just smart.@@MysteryMan404
You're doing it right. Same. Won't do any banking on phone.
SIM swap has nothing to do with hacking your phone though. It's about stealing your phone number and using it for nefarious purposes. What was said at 1:55 is absolute nonsense.
This is social media dear😅
The onus is on the phone company for believing this crap then. Don’t they check the identity of the claimant before issuing another phone?
No, they figure someone paying $500 or whatever for a new phone is good
Last year someone used my card information to order an item on the Walmart website the same time I was browsing the same site! The product was delivered to Katy, North Carolina. And, guess what?
I never even left Walmart an address and I live in Texas!🤯My card company did an investigation because I requested it. And, I did not get my money back! So, I contacted the North Carolina Bureau of Investigation via email.
Now, it looks like I am going to have to spend extra money and hire a private investigator to get whomever responsible prosecuted.💔🤦🏾
Sorry about that but there’s not any Katy NC. I think you got the town name wrong.
Why wouldn't they give you your money back? That part doesn't make sense especially since you have a different address then the purchase
And why would you call a bureau of investigation instead of the "Katy" police to file a local police report... It sounds like you have the address of where the item was shipped, should be pretty easy for them to follow up.... right?
And how are we supposed to guess that you didn't leave walmart an address... What does that mean?
@@SteveinSanFrancisco Poor investigating. I never left an address, because what I bought was supposed to be picked up by my kid. I thought that the whole situation was totally weird, because what I bought was delivered to an address in Katy, North Carolina.
About two years ago, I told several companies over the phone that their security was lax, namely based on information that is easy to find, but all it resulted in was confused and annoyed responses.
We got identity theft after visiting a verizon store to get a replacement phone. Store employee passed our info on to accomplices who ran up a $20,000 bill at best buy. We didnt had to pay it but it was a pain in the ass to clear up.
They can't drain your bank account if you don't bank online. Convenience has security risks
They can't do it in ay country that has any security on online banking. You never should get access to a bank account with just a phone number. Here you need three other pieces of information.
They actually can. If they have enough information to convince the cell company that they are you, they probably also have enough to convince the bank of the same.
Take ALL YOUR BANK APPS OFF YOUR PHONE! Just do your transactions from home on your tablet or computer
That’s a great tip 👍🏼
No. Just stay logged off those accounts. Simple
Never heard of SIM swapping, until now.
My VM pin was changed and I was confused. But over a few hours I panicked and contacted my bank and early next am calked my retirement account. When I went to the phone store the next day( the hack happened on a Disnday) the phone store acted like they didn't know what I was talking about but did change my VM pin. I'm looking for a new phone company now to replace the one I have now. The response was completely unsatisfying to me
Sunday, I meant
Someone just tried it with me but my phone carrier sent out notifications and thankfully It was early morning.. change all your phone pin, password, & security question asap. Be safe
I worked in IT for 40 yrs in almost every aspect i.e. IT Service Delivery mgr, Infrastructure Project manager, Incident Manager, Major Incident Manager, IT Work Group Manager, Cyber Security Incident Manager, Infrastructure Release Manager, Etc, Etc, Etc. What I find truly crazy is that we see hack stories everyday of Federal/State/Local government, private industry, and individuals and yet people want to go to a digital currency system. I'm here to tell you there is ZERO possibility to keep that system secure end to end and I don't care what any talking head tells you. People are in for a rude awakening under the coming system if they let it happen.
We need to go back to physical cash! Only use a credit card if buying a huge purchase that you don’t have a choice of buying (house, car, etc.)
Antichrist: dont worry, just wait until my mark of the beast system go live near future:)
The Phone companies and banks should be held liable for not doing proper identity checks.
How do the scammers know what bank accounts you have? When the SIM is swapped the only info they have is your phone number. They don't get any account numbers except your phone account number. The only way they would be able to access your bank accounts would be to have access to your phone (in your hand) or they would have to know you and know things about you.
Considering how targeted this scam is, my assumption is it starts with a data breach. The criminals already have the data for identity theft, but can’t get past the 2FA. So, they either have to trick you or trick the cell service provider into giving them access.
@@randomstuff-qu7sh It could be previous data breach but not necessary at all. They can get your social security number from say previously stolen credit agency databases. Then they may know your email and user names (or figure them out later) as it's generally not a secret information. Then they can use your number to "restore" your email/google account password. Use that for "restoring" other passwords, changing associated emails. Use social engineering to get more access through human support. And so on.
Aren’t the carriers copying all the old SIM info onto the new fake SIM. All your apps and passwords go to the scammer.
@@firstlast-gn5bo Carrier does not have access to any data on your phone. SIM card just grants your phone access to their cellular network. Once new SIM card is activated, old SIM just stops being accepted by their network.
@@firstlast-gn5bono because it's a fresh new Sim. YOU need your original Sim to transfer to the new one.
The carriers aren't checking who is buying a replacement phone. Those carriers should share security camera footage.
@@shawnarguinsr.6545 I think the problem will get worse!
Criminals don't buy their burner phones at stores. They buy them online with a prepaid credit card.
@shawnarguinsr.6545 ... It's done in store in person.. the sim card is physically placed in the newly replaced phone...
@@JoeBLOWFHB..@shawnarguinsr.6545 ... It's done in store in person.. the sim card is physically placed in the newly replaced phone... not over the net... time is critical and the thief can't wait for a mailed sim card..
This is about SIM cards, nothing to do with getting a phone.
Cell phone provider personnel are complicit, they’re the one giving info to thieves.
Naaah. Just the sim card. 😅
This is not a hack. It’s a failure of the phone company to verify the authenticity of the person requesting a new phone.
I love how clueless these people are reporting this story. Banks are the worst at providing security measures. Most of them do not allow two-factor authentication using a hardware token or token app, and even the ones that do often have the ability to bypass these security mechanisms, thereby defeating their security.
I know of a bank that only allows pure numeric passwords of exactly 4 digits. only allows SMS 2FA, and allows you to bypass it by answering "security questions" like "what's your mother's maiden name?"... I'm pretty sure my fridge is far more secure than that bank.
When complained to police or FBI they said they have more important crimes. Scamming is low priority!
Facts but it is probably the most abundant crime happening constantly… 😢 all digital currency is going to be a disaster
Hey lets outsource customer service to corrupt countries 😂 what can go wrong 😅
Yup, they are doing the needful all over our faces.
@@joshmonus🤣
In europe you have a bank app and verifications are sent to the app so it is independent from the phone number.
The technology is in the dark ages from the banks so they should be liable for losses.
Cell phone companies are the problem here. Have a waiting time, tell the person to come back in two days, Call/text the damn phone number and see if someone answers. If they claim to be the owner then put a hold on everything. When the perps come back after two days to pick up the new phone, have them arrested and thrown in jail. Pretty simple stuff if they pass a law and make cell companies pull their head out of their ass.
Totally agree!! They will be more diligent if they are held accountable to reimburse the money. Otherwise they don’t really care to verify the identity.
Sounds less like a "SIM Swapping Scam" issue, and more like a "Provider failed to identify it's customer and illegally gave third parties access to your data" issue.
Don't put your credit card number or banking information on your cell phone Or your debit card and they won't be able to get that information.
Ciminals don't need access to your phone. They don't even need to be on the same contenent as the legitimate phone owner. All they need is the phone number and the horse has left the barn. It's lax security associated with this new technology that has opened the door to massive theft of bank account funds.
That's is the truth about people asking for paid by phone at cashier checkouts instead of using normal credit card or debit card. Happens when people pulled their sim card out of old phone before sold old phone still have bank info on it. People used paid by phone makes them look didn't pay for the item at checkouts. Best way use card the old way.
Sorry. But, using the physical card isn’t any safer these days. The credit card skimmer is even more prevalent. That’s why people switched to digital wallets. The only “safer way” is to go back to using cash.
Or use shielded wallets as I do. My banking information resides in my head. They would have to cut off my head. 😁
@@maylani3697 At least credit cards are protected against fraud. Debit cards and cash are not protected. The problem is so many people are sharing their information on social media and banking/shopping with their phones. You have no privacy when you put all your information on your phone and you are asking for a problem.
Just over a week ago, a dude from Tennessee stole my SIM card package! Here I am in Texas and dude stole it in Tennessee?!🤯 I found this out through tracking my package.
So, I filed fraud through the UPS site.
Another big thing you should do is set a SIM PIN on your phone SIM Card. This allows the SIM card to be locked down unless you have the PIN to unlock it. It's a deterrence against SIM swappers.
Thank you! Went through all the comments above, until yours. I just did mine. Hopefully more readers read your valuable comments.
No, it will not. That PIN protects the SIM you have. When he gets the new SIM he is of course given the PIN it has. Often it is 1234. It seems people do not have any clue on what SIM swapping means. Nothing you do to your phone can protect you in anyway as it does not involve using your phone.
@@okaro6595 you are right about this.
@4:05 - 4:40 steps to thwart scam…. don’t over share info; contact phone company &create code word to authenticate sim swap (NOT your password).
All phone companies should be held responsible for this..
Is this a US thing? In UK the phone company doesn't just give you a new phone just because you say you have lost the current one. You should contact the insurance company, if the phone is insured. And then, the phone and sim would not be any good for scamming if you do not know the log in details and passwords. And even if you manage somehow to activate a phone to the stolen ID, the banks in UK make is so unbelievably strict to access their apps from a new phone that you would need a various complex security checks to get through, and if you enter only one of them wrong just once, they freak out and lock you out for further security checks. And I have failed many times with my own information when I moved to a new device.
Who is stupid enough to pay every month for insurance on a $350 phone??? they tried that with me on the new one I bought yesterday, like I'm going to pay $14.99 or whatever it was a month to insure a $350 phone LOL! If it was a $20,000 phone then yes, it's worth it, NOT for a $350 phone. Ive never lost or broken a phone in my life, I keep them in a hard CASE and make sure I never drop it, my 3 year old Android doesnt even have a scratch on the screen.
Americans generally associate the phone and the SIM tightly. The idea is to get a new SIM. You can then use it in any phone. Mayne they also give a phone but they will bill the victim for it unless paid with cash.
@@HobbyOrganist In some countries you can include your phone in your home contents insurance as a 'portable' device, and most mid- to high-end phones like iPhones & Samsung flip phones cost much more than $350 so it can be worthwhile to get them covered in some cases.
There's two sides to this. First, there needs to be better identification on the part of the phone companies in order to give out a new SIM card. Also they need to root out malicious individuals, people with connections to hackers, inside men, and people likely to accept bribes, from the company.
Second, banks are the last major industry on Earth that do not allow other 2FA methods like TOTP apps or hardware security keys, which are WAY more secure than SMS text messages.
I know some companies are putting Sim blocks on accounts now(requested by owner). You have to physically come to a store and prove you are the owner of the account.
In Greece you must go to a store in person to have a SIM reissued, and the shop asks for National ID card or passport. Still SIM swapping happens, so I am convinced that the scammer rings have agents in the mobile phone providers.
In the USA the states are way larger than Greece, there are a myriad of small and very small towns that don't have physical stores in there, so the people would have to travel huge distances to get there.
In India you have to show a police report that you have lost your old phone to get the same number reassigned to you. 😂😂
What's wrong with disabling online transactions until it's needed.
Without the app and authority there's no changeing that block.
I've never had my bank app on my phone. It's so dadangerous. As a matter of fact the older I get the less apps I have on my phone
They cannot scam you if you don’t put your password in. Stop auto saving your passwords.
Bloody right. Samsung always asked to save my password. I decline.
"They cannot scam you if you don’t put your password in". Actually they do for many things. Often hijacking your phone number is completely enough to restore your "lost" password and/or change an email associated with an account. A bit of social engineering while having your phone number can also help doing so through the human support if it cannot be done automatically. To be defrauded by a SIM swap does not require perpetrator getting prior access to your phone/computer or any accounts. Often publicly available information about you is enough. Personal information in databases that were previously stolen from credit agencies help them a lot too.
That makes no sense. They can just reset the password...
Wait until digital currency kicks off. Watch as the numbers in your bank account go to zero and the banks don't know why.
They forgot one important part. Lock your phone changed with your cell phone company. A number or word is needed before any changes, new phone or replacement is done. I got scammed 10 years ago when somebody bought 3 (three) new iPhones on my account.. and all our phones went dead. They just wanted the iPhones… no cost to me but the bad people got 3 phones in another state on a contract.
So a pot head employee at your cell phone company is now the ultimate layer of security that protects your finances. Yikes!
I'm laughing at those phone graphics.They show command line interfaces like DOS on a 6 inch screen. The font size for three of those on one screen would be microscopic. Red screen with "CYBER ATTACK" LOL
Yeah... overly dramatic.
This happened a few years ago and my carrier was not successful in getting the control of the phone back to me. Luckily I never lost anything however what I ended up doing was resetting my network settings etc. This restored control of my phone to my physical sim card. So something to try if you notice something is up (I had lost cell service and couldn't get it back) is to immediately reset the network settings.
Thanks, good to know.
That makes no sense at all, your sim in a way is your id, if they issue a new sim card then the previous one is invalid, well if it worked it worked
Most of this video is bs so yeah
I still don't understand how this happens. Ok, so you get a new phone with a new SIM. That has nothing to do with my social media accounts or bank accounts or any other account set up in my phone. Your SIM card doesn't keep a copy of your device back up or data information. The theif would still need to know your account information and get through the authentication process. So how do they know which bank you bank with? How do they know your user ID and password? Something is off with this story.
The sim the have is your phone number. Which is connected to your accounts!!
Once they have your sim they can reset all your banking passwords.
In USA this is NOT TRUE! The Phone holds the information NOT the SIM card.
Thanks for the video. Esp. during holidays times now, the scammers are active, we have to keep highest alert and viligance to avoid online scams and phone scams...
I NEVER use my phone to login to BOA acct to maintain bal or transfer money. I only do it on my ipad , which 100% stays at home....
Sim jacking has been around longer. It was even used in several tv dramas like CSI Cyber, which also covered rogue charging stations in 2014 that also steal your data.
It's been going on for decades. In fact it pre-dates SIM cards, and even cell phones. The real name for the class of attack is "social engineering". In short, it's convincing someone that you're allowed to do whatever you're trying to do when you shouldn't be.
Before cell phones it was used to take control of phone numbers and move them to other locations, usually targeting places that would accept payments so that people would phone the scammers and give them their credit card details. It is also still used to call banks and convince them that they are the legitimate account holder and just forgot the password. The reason SIM cards are now targetted more than individual financial institutions is that one SIM card swap can net you access to multiple bank accounts, whereas if you target the bank itself you only get individual accounts. Also banks usually have (albeit only slightly) higher security than phone companies.
The remedies you discuss are virtually worthless. You cannot "request" a bank or a wireless carrier to supply a form of security that they don't use. There are two fixes to this problem: 1) require all financial institutions to use 2FA that's based either on physical keys or an authenticator app; 2) require wireless carriers to implement SIM card locking via password that CANNOT be "overridden" by a customer support agent who is "convinced" by a scammer that they're you. If the scammers claim they "lost" their paswords, dongles, etc., they should be required to provide several forms of ID including government-issued forms.
I literally don't understand how they can drain any bank account. Thru a banking app? I don't keep any banking app on my phone. I don't save any passwords either.
It's the people who stay logged into their bank account for convenience.
@@chuckh4077 Oh, thank you! It's funny how this article wasn't that clear about that factor. So do I have this right, someone can get your phone #, and then call any cell phone company and do a port request? Then they have access to your android or apple and subsequently then have access to your contacts and apps, once the phone company ports your number in, and all your stuff populates on their device? Then your phone goes black? Is that about right? If that's correct, this is insane. Cell phone companies need to do MUCH more authentication instead of just a simple port request.
I dont understand why anyone would keep more than $5 in a checking acct beyond what they need to cover, serious money like that $200,000 the woman claimed she lost- should be securely tied up in investments, even a stock brokerage like Schwab requires 3 business days to transfer money etc out.
@@HobbyOrganist ikr???? So much about this doesn't make sense at all ... are people just not thinking??
@@HobbyOrganist
Maybe she just got her inheritance money or sold a house, who knows? But I do agree with you that having 200k sitting losing value at a bank and in risk of theft is not a good idea, she should be investing that money, and growing it to keep up with inflation and to increase wealth.
I don't see how this can happen unless the phone company employee is in on it. Surely if I request a new sim, it would be sent to my address, so how does the fraudster get it. They would then need to know my screen lock, and my Google account password, to download all my backup apps which would include my banking app. Then my banking app password and pins. The only way they could access the banking app is if it's backed up. Delete your backups, on Google one, and stop backups altogether. That way there is nothing to download. If you intend changing your phone, do a backup beforehand, just make sure that you never lose it.
The first part of this story is unsettling , but the second part 5:39 is antiquated... I can't believe anybody would fall for that second scam anymore
They fail to mention how the criminals actually get all that info. And it starts from your emails. SECURE YOUR EMAILS, DONT SEND PICTURES OF YOUR SOCIAL OR ID’s through an email and if you do delete them immediately. If you have a yahoo email then you’re in greater risk.
Yes my yahoo account and millions of others has been hacked numerous times in ten years I have had it probably more then they even tell us. That's part of the problem providers do not let the customers know these things until too late.
Lets be honest half the problem is how people have been convinced to give more and more power to their Cell phone. A phone which as the news article mentioned is always on them. A prime target for thieves and muggers. Or just you lose it leaving it on a table. Any one working in the food industry knows dozens of phones a week are often left in restaurants.
That people have vital things like their bank accounts, contact numbers etc all on said phone is kind of a security joke. It's like walking around with the Pin tapped to your debit card. Many times all you have to do is unlock the phone, which is often easily cracked. This Sim swapping just makes it even easier.
Set up email alerts on all your accounts so if people go to make changes you are alerted.
The banks send an email after the fact...not before, in my experience.
Cell phone companies should be held accountable!!!
It may be a cyber crime, but the biggest crime is that the companies are letting it happen. To be able to call them and give a big sad story and then the associate does the swap is rediculous . They need to be mad accountable and add more protection. Like need to go into store and show your ID and your phone.
That is nuts! I want to know how they choose their targets or if they just pick any random number?
😮
They choose targets by those who easily fall prey to answering their calls/text. Caller information can be easily spoofed, making it look like they're calling from a company.
I recently had my phone " brick" enroute to Christmas holidays. I inadvertently put it in an unusual pocket in my rollaboard. Next day, i went to my wireless provider to get a new sim card, and put it in an old phone we had with us. The process took almost all day, wirh layers of authentication! Now I know why...ironically, the next day, I found the dead phone and was able to get a battety replacement. I will be extremely careful with the " extra" sim card!
Not sure I understand. So they transfer your phone number to their phone and therefore they have access to the codes sent for 2FA. However, your apps and passwords are not in the SIM card, they are in your Apple ID. So, how would they get access to your bank accounts if they don’t have your usernames and passwords?
@@Albdean Thanks so much for clarifying!
The scammers already got your banking info, this is the last step to get your phone number onto their phone. so, they can change your bank login passwords through 2FA...
They reset your passwords.
That was exactly what happened to me about 4 months ago and it's a nightmare. This is so unfair how the banks and credit cards have no idea how to protect us. I'm telling you if contact your bank and credit from the same phone you are risking them to get further information. Going directly to the bank is safer
This can only be done by Information Technology professionals. Programmers, Bank employees and call center workers.
Does this primarily effect people who have their banking APPs / information on their cell phones?!?
Most of this video is wrong sooo
They can't take anything, they'll only have access to any 2FA tied to your phone number, so unless they already know a lot of other things nobody will care about doing a sim swap on you
Maybe they'll get access to your contacts if they are saved
It has nothing to do with that. All they get is your phone number, but with that, they can change passwords.
That's the best thing with Australia we have strict telecommunication standards that require you to go into the store and show your physical ID card we don't even have burner phones you have to have a physical form of id for post pay it can happen with pre-paid
It's almost always an inside job at cell phone companies. It also happens with eSIMs. It is not just physical SIM cards.
eSIM won't change this. All it does is screw over consumers.
Which phone companies are doing more to protect us? Does AT&T, Verizon, or T-Mobile require you to physically go in to do a SIM swap? We should all be leaving any company that just allows this over the phone or with minimal safeguards. This is outrageous and phone companies need to be held accountable for each occurrence they allow to happen.
Using BOTH parts of the 2-factor identifications on the same device (your phone), being a safety issue... What a shock! (sarcasm intended).
Seriously though, the reason why this can even happen in the first place, is lazy safety-procedures and "FALSE" two-factor authentication giving false sense of security.
For a two-factor authentication to be ACTUALLY working reliably, the two parts needs to be on two SEPERATE physical units.
Don't banks in America require log in passwords? If you have acces to a phone you do not automatically hace acces to bank accounts. I'm confused.
They seem to have very poor security. In Finland you need a customer number, a PIN, a single use code and a code sent to your phone.
You call them up and tell them I forgot my password then they send you a link to reset your password. Then you do it for username.