SIM Swap Attack Question

SIM Swap Attack Question

SIM Swap Attack Question

SOLVED
I'm a Participant Level 2

SIM Swap Attack Question

Hi there.

There's been a number of articles in the press lately about 'SIM Swap Attacks'. This is when someone finds out your phone number and the carrier, then contacts the carrier and convinces them to reassign your phone number to a new SIM, obviously without the permission of the actual account holder. This is a massive problem because using your phone as a 'second factor' by texting a code to your phone to prove your identity has become commonplace and if someone can redirect your phone number to their SIM (and thus, their phone), they essentially become you.

Fido actually has a pretty clever way to stop this online - you have to have the original SIM's IMEI number, which you can only get if you have the original SIM, so big points to Fido there.

My question though is: if someone went into a store, called a Fido rep by phone or went into chat, what system is in place to make sure someone can't just claim to be me and take over my phone number?

To show how devastating this can be: 

https://www.zdnet.com/article/how-i-survived-a-sim-swap-attack-and-how-my-carrier-failed-me/

Accepted Solution

Re: SIM Swap Attack Question

Solved by Moderator

Hello @TheWerewolf.

 

I can totally see why you are concerned about this and I can assure you that we have security measures for Sim Swaps on our end.

 

For the first scenario, when someone goes to the store for a Sim card swap, we first need to ID you with pieces of ID. Without those, it's simply not possible.


If you call Fido, we first have to ID you. From there, we always suggest to our customer to do the change themselves on their online account. If that's not possible, there are still security questions that we ask you before doing the sim card swap.

 

I hope this reassures you.

View solution in context
25 REPLIES 25

Hey @Wishmaster666

 

We sent you a PM regarding your concerns.

 

Talk to you soon!



Hey @Rob76

 

I can definitely understand. As @FidoNick mentioned, we take your security seriously on our side. We have many measures in place to avoid these situations. It's also possible for us to add a 4 digits PIN to your account as another security option.

 

I'll send you a PM so we can review the details together



I'm a Contributor Level 1

Hi Charles,

 

Thanks for the reply. Earlier today I contacted Fido over the phone and added an account PIN as well as a security question to my account. These measures as well as my Fido voice ID should put my mind at ease, but here’s why they didn’t.

 

The Sim swapping scam is essentially an extension of identity theft which bypasses all these measures.

 

If I, or someone impersonating me goes to another provider and requests that my Fido number be ported out, the porting process bypasses all of Fido’s security measures mentioned here. This is why scammers are having such success with this SIM swapping scam, and why the RCMP is saying it’s on the rise.

 

What I think needs to happen is the service provider which is porting out its own customer should be the one authenticating their ID, not the service provider that is processing the port-in, if that makes sense.

 

Granted this adds some inconvenience to the porting process however I will gladly take a bit of inconvenience to avoid the potential devastation from SIM swapping scams.

I understand your concerns @Rob76.

 

Having a PIN and voice ID should definitely help with the security of your account and prevent someone from being able to access the information needed for a port out. 

 

I'll send you another PM though, we'll look closer into this with you Smiley

 

Keep an eye on your inbox. 



I'm a Participant Level 2

I suspected that might be the case. Most cellcos can only use a SIM they distribute, so it would have to be a Fido SIM, and you can't get one of those without it being registered to an account, so they'd have to somehow register it to my account and then do the swap over, which would require my original phone number, my password for online, my PIN or physical ID... so yeah, not going to be easy. 

 

Which is the answer I was hoping for. Smiley

 

Thanks again, Kenny.

I appreciate your taking the extra effort there!

TW