cancel
Showing results for 
Search instead for 
Did you mean: 

Unauthorized porting security is weak

haaronl
I'm a participant level 1
I'm a participant level 1

I read that a Rogers/Fido customer had her number ported while she was on hold to cancel the port-out SMS confirmation. That is absurd.

 

An SMS that defaults to "go" is not security; it's a time game that scammers can use to rob people.

 

One of the threads on this topic was convenience, mentioned by an admin. I suggest that if someone needs their number ported instantly they should go in person to a Fido store. It is foolish to reduce security for everyone for the convenience of a few.

 

I would like to see a setting in my Fido account that locks the SIM.

 

10 REPLIES 10

FidoJulien
Former Moderator
Former Moderator

Hey @haaronl

 

We take protecting our customers’ personal information very seriously, and as fraudsters evolve their tactics, we work with other carriers to strengthen our processes to prevent unauthorized porting.  Thanks for your suggestion though!



dnd047
I'm a participant level 2
I'm a participant level 2

This answer is not helpful, and simply avoids dealing with a known problem. Please provide an option for "no porting" that remains in place until changed by the customer with a PIN or by a personal visit, with ID, to a FIDO store. 

You know that the current system is not working. 

Hello @dnd047,

 

Fido has implemented measures to avoid the unauthorized porting of our numbers, see here.



nikor
I'm a participant level 1
I'm a participant level 1

This is SIM swapping and its a completely different thing to porting.

Carpediem1
I'm a participant level 1
I'm a participant level 1

My Fido number was ported on July 8/9th, 2020. I got a text from Fido only July 8 around 5:50 PM telling me that there's an unauthorized request to port my number to a different provider. Call 1866-405-8694. I was a little suspicious so I called Fido main customer service number. An agent confirmed that there was indeed a porting request but don't worry, we stopped it. All is good.

 

ALL WAS NOT GOOD. Next morning, I discovered that my number was no longer in service. Both gmail and hotmail which I use often got hacked. Hacker updated alternative emails and phone number to theirs (it ends in 3953).

The text I received is different from Fido's standard text alert of this type which reads:

Fido has received a request to transfer your telephone number to another Service Provider. If you did not authorize, contact Fido urgently at 1-866-405-8694.

 

Mine was along the line of "Hi, it's Fido! There's an unauthorized request to port your number to a different provider. Call 1-866-405-8694."

 

My complaint: If the word UNAUTHORIZED was in the text, shouldn't you stop the porting until you can further confirm my identity??? the porting was still a GO???

 

This hacking attempt has perpetually put me and my family member at risk of identity theft/fraud because of what I saved (regretfully) in those accounts. I can't even describe the stress it is causing me and my family. 

To everyone, get port protection (Fido, don't fk this one up) and use 2FA on all important accounts. 

user2021
I'm a participant level 1
I'm a participant level 1

Sorry you were hacked, that is actually terrifying. What exactly is port protection, and why isn't it standard? From what I understand, the hacker doesn't even need to contact Fido, they just need to make a request with a new company, so Fido's voice authentication is useless. 

Hey @user2021

 

The best way to protect your account is to actually avoid sharing any sensitive information. Any port request will require details about your account, other than your phone number. In other words, when the port request is being processed, it's usually because they already got a hold of your information.

 

As mentioned previously, we do have many options available to ensure your account's security and you can always reach out to us to go over your options, and review what's currently in place for your account.

 

In regard to the SMS notification for port out requests, that is also another security measure we've implemented to keep you notified of what's happening to your account. It's important to reach out to us if the port request was not initiated by you, and we'll take the necessary measures to block it.



syhkwan
I'm a participant level 1
I'm a participant level 1

The same happened to me on Friday Jul 17. The hacker used the same scheme to get my # and then took control of my hotmail account. I have so much important personally info including my tax returns scans from my accountant in the email account. It is bad. Although I can finally get my # back. I can't get my hotmail back. and the hacker must have downloaded all my emails to their computer.

 

Security is only as strong as the weakest link which is the process of approving porting of our cell # and Fido has not been doing enough to prevent these unauthorized activities from happening. They knew these are happening months ago and still chose not to implement the authorization by phone in person until after the fact. They told me now a lock has been put in place to have my in person authorization before doing transfer. Is it too little too late?

Hey @Carpediem1.

 

We apologize for the lack of service you received from the customer service rep as we take our role in protecting our customers’ personal information very seriously. As fraudsters use evolving techniques to try to take advantage of wireless consumers, we continually strengthen processes to prevent unauthorized porting.

 

Whenever a port out is requested, you'll be advised by SMS right away for security purposes as you were in your situation. If the port out wasn't authorized, you'll be directed by the SMS to call the Validation Team.

 



dnd047
I'm a participant level 2
I'm a participant level 2

Thanks, this is helpful.