There's been a number of articles in the press lately about 'SIM Swap Attacks'. This is when someone finds out your phone number and the carrier, then contacts the carrier and convinces them to reassign your phone number to a new SIM, obviously without the permission of the actual account holder. This is a massive problem because using your phone as a 'second factor' by texting a code to your phone to prove your identity has become commonplace and if someone can redirect your phone number to their SIM (and thus, their phone), they essentially become you.
Fido actually has a pretty clever way to stop this online - you have to have the original SIM's IMEI number, which you can only get if you have the original SIM, so big points to Fido there.
My question though is: if someone went into a store, called a Fido rep by phone or went into chat, what system is in place to make sure someone can't just claim to be me and take over my phone number?
To show how devastating this can be:
Solved! Go to Solution.
I can totally see why you are concerned about this and I can assure you that we have security measures for Sim Swaps on our end.
For the first scenario, when someone goes to the store for a Sim card swap, we first need to ID you with pieces of ID. Without those, it's simply not possible.
If you call Fido, we first have to ID you. From there, we always suggest to our customer to do the change themselves on their online account. If that's not possible, there are still security questions that we ask you before doing the sim card swap.
I hope this reassures you.
Thanks for the reply. Earlier today I contacted Fido over the phone and added an account PIN as well as a security question to my account. These measures as well as my Fido voice ID should put my mind at ease, but here’s why they didn’t.
The Sim swapping scam is essentially an extension of identity theft which bypasses all these measures.
If I, or someone impersonating me goes to another provider and requests that my Fido number be ported out, the porting process bypasses all of Fido’s security measures mentioned here. This is why scammers are having such success with this SIM swapping scam, and why the RCMP is saying it’s on the rise.
What I think needs to happen is the service provider which is porting out its own customer should be the one authenticating their ID, not the service provider that is processing the port-in, if that makes sense.
Granted this adds some inconvenience to the porting process however I will gladly take a bit of inconvenience to avoid the potential devastation from SIM swapping scams.
I understand your concerns @Rob76.
Having a PIN and voice ID should definitely help with the security of your account and prevent someone from being able to access the information needed for a port out.
I'll send you another PM though, we'll look closer into this with you
Keep an eye on your inbox.
Just stating that "customers’ privacy and security very seriously..." is not enough to reassure me. With good social engineering, malicious SIM swaps still occure. Can I request that a SIM swap be allowed in my account only if I go to a Fido store in person with IDs; no SIM swap over the phone or the Internet?
It's not possible to make such request at this time, however rest assured that we have strict security measures in place to avoid fraudulent SIM swaps.
Right now it's only possible to activate a new SIM card online through My Account, or at a store.
If you do it online, you'll need account access and both SIM card numbers will required (old and new).
If you do it a store, an ID with picture will be required.
While it's possible to swap a SIM card on our end through customer service, we can only do it if the SIM card you wish to activate is already registered to your account.
Hope this clarifies a bit!
I think the corn isn't just that Fido has strict security policies it is that if the SIM card and phone number aren't locked down, then someone can go to ANOTHER service provider and take over someone elses phone number. They would just need to find one service provider that will accept stolen ID, fake ID or a credible number and port over the number. It is an issue that all service providers should look into and take seriously.
We definitely understand your concerns regarding this!
It's always a priority for us to keep your information safe and we recommend to everyone to do the same. You can always add a PIN to your Fido account. It's also important to not give out your details to anyone and be wary of phishing and smishing attempts (link to phishing thread).
I haven't seen an answer from a Fido rep that indicates that they understand the issue here. Fido has security procedures in place to protect a scammer from initiating a port-out through Fido, whether in person at a store, or online or on the phone. But that isn't how these scams are done. The port-out is initiated at another carrier.
So Fido's security procedures are basically useless in protecting against the way these scams are almost always done. A scammer can go to Bell and request a port-out, and none of Fido's procedures (as I currently understand them) will make a bit of difference.
I contacted a Fido agent to ask if I could somehow lock my account down so that a port-out requested through another carrier would have to wait until I was contacted and gave the correct passcode. The agent said he would have someone contact me but I haven't heard anything.
Hey @chrismbc! Welcome to the community.
The wireless industry established the requirements and parameters surrounding porting phone numbers. We have different measures in place to prevent unauthorized port-out. We also send an SMS to notify our customers any port-out has been requested.
If we didn't call you back yet don't hesitate to reach out to us for a follow-up! You can contact us here.
What about two-factor authorization for my online Fido account? I looked to see if there was a way I could turn it on, but there was nothing in place for that. So if someone gets a hold of my password, that's it, they're into my account. I'd much rather that I have to use an authenticator app on my iPhone to provide the code when I try to login to my Fido account. Right now, it's not very safe, especially for something as critical as access to my phone account.