SIM Swap Attack Question

Reply
I'm a Participant Level 2 TheWerewolf
I'm a Participant Level 2

SIM Swap Attack Question

Hi there.

There's been a number of articles in the press lately about 'SIM Swap Attacks'. This is when someone finds out your phone number and the carrier, then contacts the carrier and convinces them to reassign your phone number to a new SIM, obviously without the permission of the actual account holder. This is a massive problem because using your phone as a 'second factor' by texting a code to your phone to prove your identity has become commonplace and if someone can redirect your phone number to their SIM (and thus, their phone), they essentially become you.

Fido actually has a pretty clever way to stop this online - you have to have the original SIM's IMEI number, which you can only get if you have the original SIM, so big points to Fido there.

My question though is: if someone went into a store, called a Fido rep by phone or went into chat, what system is in place to make sure someone can't just claim to be me and take over my phone number?

To show how devastating this can be: 

https://www.zdnet.com/article/how-i-survived-a-sim-swap-attack-and-how-my-carrier-failed-me/

Accepted Solution

Re: SIM Swap Attack Question

Hello @TheWerewolf.

 

I can totally see why you are concerned about this and I can assure you that we have security measures for Sim Swaps on our end.

 

For the first scenario, when someone goes to the store for a Sim card swap, we first need to ID you with pieces of ID. Without those, it's simply not possible.


If you call Fido, we first have to ID you. From there, we always suggest to our customer to do the change themselves on their online account. If that's not possible, there are still security questions that we ask you before doing the sim card swap.

 

I hope this reassures you.

View solution in context
Flag this to a Moderator
Message 1 of 5
198 Views
Moderator
Moderator
Solution

Re: SIM Swap Attack Question

Hello @TheWerewolf.

 

I can totally see why you are concerned about this and I can assure you that we have security measures for Sim Swaps on our end.

 

For the first scenario, when someone goes to the store for a Sim card swap, we first need to ID you with pieces of ID. Without those, it's simply not possible.


If you call Fido, we first have to ID you. From there, we always suggest to our customer to do the change themselves on their online account. If that's not possible, there are still security questions that we ask you before doing the sim card swap.

 

I hope this reassures you.



Flag this to a Moderator
Message 2 of 5
176 Views
I'm a Participant Level 2 TheWerewolf
I'm a Participant Level 2

Re: SIM Swap Attack Question

Perfect!

 

I appreciate your response. As I said, I was already impressed by Fido's requiring the original SIM IMEI - that's pretty foolproof. It also means that I can't use 'someone stole my phone' as a way to get around it since I'd have to go into a store to get a new SIM and identify myself at that time, or have the account locked and order a new SIM, which the phone owner would notice immediately since the phone would stop working. Smiley

 

That takes a load off my mind. Wink

Thanks!

Flag this to a Moderator
Message 3 of 5
170 Views
Highlighted
Moderator
Moderator

Re: SIM Swap Attack Question

@TheWerewolf

 

Glad that this took a load off your mind.


I double checked on my end and I simply want to do a quick correction on what I explained earlier on this thread.

 

If you call the customer service, we can only activate a sim card which was sent to you following a hardware upgrade on your account. From there, you still need to be fully ID'D for the process.

 

If this new sim card you are trying to activate is not already registered on your Fido account, the only option available is to change it from your online account which only you can have access. The only other option is to activate it directly at a Fido store by presenting 2 pieces of ID.

 

We understand how important the security of your information and we added those measures so only you can make this type of change for your account.

 

I hope this helps Smiley



Flag this to a Moderator
Message 4 of 5
164 Views
I'm a Participant Level 2 TheWerewolf
I'm a Participant Level 2

Re: SIM Swap Attack Question

I suspected that might be the case. Most cellcos can only use a SIM they distribute, so it would have to be a Fido SIM, and you can't get one of those without it being registered to an account, so they'd have to somehow register it to my account and then do the swap over, which would require my original phone number, my password for online, my PIN or physical ID... so yeah, not going to be easy. 

 

Which is the answer I was hoping for. Smiley

 

Thanks again, Kenny.

I appreciate your taking the extra effort there!

TW

Flag this to a Moderator
Message 5 of 5
147 Views