SIM Swap Attack Question

Reply
Highlighted
I'm a Participant Level 2 TheWerewolf
I'm a Participant Level 2

SIM Swap Attack Question

Hi there.

There's been a number of articles in the press lately about 'SIM Swap Attacks'. This is when someone finds out your phone number and the carrier, then contacts the carrier and convinces them to reassign your phone number to a new SIM, obviously without the permission of the actual account holder. This is a massive problem because using your phone as a 'second factor' by texting a code to your phone to prove your identity has become commonplace and if someone can redirect your phone number to their SIM (and thus, their phone), they essentially become you.

Fido actually has a pretty clever way to stop this online - you have to have the original SIM's IMEI number, which you can only get if you have the original SIM, so big points to Fido there.

My question though is: if someone went into a store, called a Fido rep by phone or went into chat, what system is in place to make sure someone can't just claim to be me and take over my phone number?

To show how devastating this can be: 

https://www.zdnet.com/article/how-i-survived-a-sim-swap-attack-and-how-my-carrier-failed-me/

Accepted Solution

Re: SIM Swap Attack Question

Hello @TheWerewolf.

 

I can totally see why you are concerned about this and I can assure you that we have security measures for Sim Swaps on our end.

 

For the first scenario, when someone goes to the store for a Sim card swap, we first need to ID you with pieces of ID. Without those, it's simply not possible.


If you call Fido, we first have to ID you. From there, we always suggest to our customer to do the change themselves on their online account. If that's not possible, there are still security questions that we ask you before doing the sim card swap.

 

I hope this reassures you.

View solution in context
Flag this to a Moderator
Message 1 of 14
1,747 Views
Highlighted
I'm a Contributor Level 1 Rob76
I'm a Contributor Level 1

Re: SIM Swap Attack Question

Hi Charles,

 

Thanks for the reply. Earlier today I contacted Fido over the phone and added an account PIN as well as a security question to my account. These measures as well as my Fido voice ID should put my mind at ease, but here’s why they didn’t.

 

The Sim swapping scam is essentially an extension of identity theft which bypasses all these measures.

 

If I, or someone impersonating me goes to another provider and requests that my Fido number be ported out, the porting process bypasses all of Fido’s security measures mentioned here. This is why scammers are having such success with this SIM swapping scam, and why the RCMP is saying it’s on the rise.

 

What I think needs to happen is the service provider which is porting out its own customer should be the one authenticating their ID, not the service provider that is processing the port-in, if that makes sense.

 

Granted this adds some inconvenience to the porting process however I will gladly take a bit of inconvenience to avoid the potential devastation from SIM swapping scams.

Flag this to a Moderator
Message 11 of 14
190 Views
Highlighted
Moderator
Moderator

Re: SIM Swap Attack Question

I understand your concerns @Rob76.

 

Having a PIN and voice ID should definitely help with the security of your account and prevent someone from being able to access the information needed for a port out. 

 

I'll send you another PM though, we'll look closer into this with you Smiley

 

Keep an eye on your inbox. 



Flag this to a Moderator
Message 12 of 14
179 Views
Highlighted
I'm a Participant Level 1 velum
I'm a Participant Level 1

Re: SIM Swap Attack Question

@FidoNick,

Just stating that "customers’ privacy and security very seriously..." is not enough to reassure me. With good social engineering, malicious SIM swaps still occure. Can I request that a SIM swap be allowed in my account only if I go to a Fido store in person with IDs; no SIM swap over the phone or the Internet?

Flag this to a Moderator
Message 13 of 14
59 Views
Highlighted
Moderator
Moderator

Re: SIM Swap Attack Question

Hey @velum! Smiley 

 

It's not possible to make such request at this time, however rest assured that we have strict security measures in place to avoid fraudulent SIM swaps. 

Right now it's only possible to activate a new SIM card online through My Account, or at a store. 


If you do it online, you'll need account access and both SIM card numbers will required (old and new). 
If you do it a store, an ID with picture will be required.


While it's possible to swap a SIM card on our end through customer service, we can only do it if the SIM card you wish to activate is already registered to your account. 


Hope this clarifies a bit! 


 



Flag this to a Moderator
Message 14 of 14
38 Views