cancel
Showing results for 
Search instead for 
Did you mean: 

Sim Hijacking

Jules63
Level 1: Joiner
  • 9 Posts
  • 2 Topics
  • 0 Solutions
Registered:

Hi,

 

I wanted people's thoughts on the problem of phone-identity hijacking..

 

I know someone who had his account hijacked recently. Someone walked into a Vodafone store with fake ID, we think a driving licence (easily obtainable on the net for about £25) and somehow the staff arranged to issue a new sim for him.

 

My friend did notice his phone went dead but did nothing for a couple of days (hey, it's Vodafone...).

Meanwhile, by intercepting OTP codes sent to the new sim, the thief took over £25,000.

 

Now my bank wants me to accept similar account-access OTP codes sent to my O2 mobile for the first time......

 

I called O2 and they confirmed there was nothing they could do to stop someone with fake ID from obtaining a sim as photo-ID would override any other security put on the account like passwords or memorable data etc which the customer might forget. There is therefore a risk that a sim could be fraudulently obtained.

 

AT&T in the USA have now put in place measures against this sim-swap hijacking by, I believe, an optional PIN the customer can place on the account without which a new sim will never be issued, ID or no ID.

 

Am I right to be worried about this? It seems a huge banking vulnerability as these OTP codes are the final guarantee to your bank that it is really you. My bank is only offering OTP codes, no apps etc.

Message 1 of 20
3,204 Views
19 REPLIES 19

MI5
Level 94: Supreme
  • 143438 Posts
  • 632 Topics
  • 27490 Solutions
Registered:

@Jules63 

O2 always send a text to your SIM with a verification code whenever a new SIM is requested and I'm not sure that a driver's license would over ride account security but I guess it depends on the person dealing with the enquiry.

I have no affiliation whatsoever with O2 or any subsidiary companies. Comments posted are entirely of my own opinion. This is not Customer Service so we are unable to help with account specific issues.

Currently using:
Pixel 7a (O2 & Lyca), One Plus 6 (Sfr), iPhone 12 Pro Max (Vodafone)
Message 2 of 20
2,100 Views

Bambino
Level 84: Resplendent
  • 22943 Posts
  • 1022 Topics
  • 3662 Solutions
Registered:
@Jules63 Are you saying that your friend's bank authorised £25,000 of payments and didn't flag it as unusual activity? Also, if my phone went dead I'd be on to customer service in a flash to find out why. Not just shrug it off and ignore it. Who is your friend's bank saying is responsible for these extra charges?

I DO NOT WORK FOR O2



Funniest-Thread-2
Message 3 of 20
2,077 Views

PhoneChanger
Level 30: Meditator
  • 1343 Posts
  • 65 Topics
  • 101 Solutions
Registered:
I suppose if you'd 'lost' your SIM you wouldn't have to go through the process of getting a text, but I would hope they would expect me to be able to validate my security settings on the account....

Its an interesting point... and one in a way we can only see how it pans out
Message 4 of 20
2,074 Views

Jules63
  • 9 Posts
  • 2 Topics
  • 0 Solutions
Registered:

Thanks all,

 

I wish I knew more about the theft but my friend is elderly, doesn't use the phone much and is actually damn embarrassed about it all. I don't know what is happening between him and the bank but conversations are obviously ongoing. 

 

I'm more concerned that this thing can happen to anyone of us, although I read what MI5 said about O2 sending an sms first to the old sim, and would be reassured if O2 had told me that was their standard practice when I called them, but they didn't mention that as one of the steps they would take.

 

If you said the sim was stolen would O2 not just kill it immediately rather than text it?

 

 

Message 5 of 20
2,066 Views

MI5
Level 94: Supreme
  • 143438 Posts
  • 632 Topics
  • 27490 Solutions
Registered:

@PhoneChanger wrote:
I suppose if you'd 'lost' your SIM you wouldn't have to go through the process of getting a text, but I would hope they would expect me to be able to validate my security settings on the account....

Its an interesting point... and one in a way we can only see how it pans out

If the SIM is reported as lost or stolen it is immediately cancelled and a new SIM is sent to the registered address on the account, not handed over in store.

I have no affiliation whatsoever with O2 or any subsidiary companies. Comments posted are entirely of my own opinion. This is not Customer Service so we are unable to help with account specific issues.

Currently using:
Pixel 7a (O2 & Lyca), One Plus 6 (Sfr), iPhone 12 Pro Max (Vodafone)
Message 6 of 20
2,062 Views

Bambino
Level 84: Resplendent
  • 22943 Posts
  • 1022 Topics
  • 3662 Solutions
Registered:

Hopefully, the bank and Vodafone should be bearing the brunt of this, and not your friend, @Jules63. If their driver's license was hacked without their knowledge and used to commit a crime, the responsibility shouldn't be falling on your friend. Hope they're able to get this resolved.

I DO NOT WORK FOR O2



Funniest-Thread-2
Message 7 of 20
2,056 Views

Jules63
Level 1: Joiner
  • 9 Posts
  • 2 Topics
  • 0 Solutions
Registered:

MI5,.... and what if you walk into the O2 store with photo ID and say "I moved from the address you have on file ages ago - don't send the new sim to my old address" - the fake photo ID with the "new" address on will trump everything won't it?

 

The person I spoke to at O2 said that it would be ok because the fake photo ID wouldn't match the thief walking in to the O2 store and they always check the photo - I had to explain to her that the thief would put his own photo on the fake ID.  That bit did quite worry me. 

 

Googling this a bit just now I see it is in the press:

 

https://www.telegraph.co.uk/technology/2019/01/06/police-warn-63pc-rise-sim-swapping-scams-allow-hac...

 

So it is very possible; what are O2 doing to stop it? 

 

I feel the banks are partly responsible as mobile phones were not intended to be used as security devices and this has been forced on us and it now seems to be the networks' problem. 

 

 

 

 

 

 

 

Message 8 of 20
2,043 Views

MI5
Level 94: Supreme
  • 143438 Posts
  • 632 Topics
  • 27490 Solutions
Registered:

I've no idea if that is true or not @Jules63 

Maybe @EmilieT can get a response from O2 regarding this?

I have no affiliation whatsoever with O2 or any subsidiary companies. Comments posted are entirely of my own opinion. This is not Customer Service so we are unable to help with account specific issues.

Currently using:
Pixel 7a (O2 & Lyca), One Plus 6 (Sfr), iPhone 12 Pro Max (Vodafone)
Message 9 of 20
2,024 Views

Bambino
Level 84: Resplendent
  • 22943 Posts
  • 1022 Topics
  • 3662 Solutions
Registered:

@Jules63  I think that for the most part, two-step verification via a moble phone is a good thing. I don't know what O2 are doing to prevent these types of fraud, but I would think that educating shop staff to be more vigilant is good place to start. Yes the banks and the stores need to share some of the responsibility, but so does the customer. Some of these scams are very sophisticated, but they didn't just start yesterday, and with all that's written about them, people need to become more alert to the possibilty that it can happen to anyone. We shouldn't just be relying on the banks and the stores to protect us. We need to be more pro-active and protect ourselves, rather than hoping someone will do it for us.

I DO NOT WORK FOR O2



Funniest-Thread-2
Message 10 of 20
2,024 Views