Someone stole my wife's phone number (ie. ported to another carrier)

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
User avatar
Topic Author
sunny_socal
Posts: 2289
Joined: Tue Mar 24, 2015 4:22 pm

Someone stole my wife's phone number (ie. ported to another carrier)

Post by sunny_socal »

Last week my wife's phone stopped working and showed a SIM error. Tried rebooting, inserting the SIM again - no help.

Then she went to the carrier (Cricket) and they looked at the account - we no longer even owned the number! I had been ported to T Mobile by someone else. Supposedly this "shouldn't" have happened since we have a PIN in the account.

Timeline:
- Monday: phone didn't work, informed the company. They said it will take 72 hours to fix.
- Thursday: Called again, still no progress
- Friday: Called for an update, no help, will take another 48 hours
- Sunday: No update

Anything we can do? This seems like a huge new security hole. It's bad enough that our personal information is leaked by weak websites/companies, but once someone has your phone number they can accomplish a lot more.
User avatar
RickBoglehead
Posts: 5608
Joined: Wed Feb 14, 2018 9:10 am
Location: In a house

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by RickBoglehead »

Cricket is responsible for reversing this.

File a complaint with the FCC. https://consumercomplaints.fcc.gov/hc/e ... m_id=39744
Avid user of forums on variety of interests-financial, home brewing, F-150, PHEV, home repair, etc. Enjoy learning & passing on knowledge. It's PRINCIPAL, not PRINCIPLE. I ADVISE you to seek ADVICE.
Jags4186
Posts: 5129
Joined: Wed Jun 18, 2014 7:12 pm

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by Jags4186 »

You can do all of the following:

Go to Cricket and make a huge stink that they need to reverse it (don’t listen to them tell you it’s impossible).
File complaint with the FCC
File complaint with state AG
File police report for identity theft
Begin changing all phone numbers on your accounts
User avatar
sunnywindy
Posts: 452
Joined: Sat Jan 18, 2014 4:42 pm
Location: Wilmington, NC

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by sunnywindy »

Jags4186 wrote: Sun Sep 22, 2019 7:09 am You can do all of the following:

Go to Cricket and make a huge stink that they need to reverse it (don’t listen to them tell you it’s impossible).
File complaint with the FCC
File complaint with state AG
File police report for identity theft
Begin changing all phone numbers on your accounts
These are all good strategies, but first, if you signed some kind of contract with Cricket, read over that.
Powered by chocolate!
User avatar
samsoes
Posts: 1488
Joined: Tue Mar 05, 2013 9:12 am

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by samsoes »

While Cricket has to fix the problem,it was T-Mobile that hijacked the phone number. They need to be brought into this as well.
"Happiness Is Not My Companion" - Gen. Gouverneur K. Warren. | (Avatar is the statue of Gen. Warren atop Little Round Top @ Gettysburg National Military Park.)
gtd98765
Posts: 657
Joined: Sun Jan 08, 2017 4:15 am

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by gtd98765 »

This is called a "SIM-swap" attack. It enables the thieves to take over someone else's cell phone number so they can use it to access that person's financial accounts. If your wife's cell phone is tied to a Vanguard or bank account as a "second factor" logon method, you need to be in touch with those institutions immediately to remove the number from your accounts before the thieves steal your money. If you get the number back, you can always add it back later.

Krebsonsecurity.com has a lot of info about this attack method: https://krebsonsecurity.com/2018/11/bus ... wap-myths/

Good luck.
theplayer11
Posts: 1311
Joined: Tue Jul 22, 2014 8:55 pm

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by theplayer11 »

so much for 2FA on accounts..this is not good
katnok
Posts: 171
Joined: Fri Nov 11, 2011 8:36 pm

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by katnok »

Exact same thing happened to me a couple of months ago. Same story and same network (Cricket).

First time I called their customer service, I was told there were also other customers that experienced this issue and that it would take 48 hrs to resolve. I didn't believe the story, so I called an hour later and spoke with a different rep, who informed me that my number had been ported to a different phone. He couldn't tell me how that happened without my knowledge and consent and who now owned my number, but provided me with that phone's IMEI number on request. He suggested that we should lock the number and go to a nearest cricket store, get a new SIM card and wait for the number to be ported back. So, I went to a store, got a new SIM (had to pay $10) and then called Cricket's customer service again. This time, I was told that my number had not been ported to any other phone and that very likely my SIM card didn't work. He activated my new SIM and my number was back.

Even now have no idea which one of the customer service reps was correct. I hope the second rep who said the number had been ported to a different phone is wrong. Following this incident, I wondered about changing my number but realized it would be a hassle, so ended up keeping it.
User avatar
Cheez-It Guy
Posts: 1102
Joined: Sun Mar 03, 2019 4:20 pm

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by Cheez-It Guy »

While concerning, the password is still needed for 2FA. So how is this worse than 1FA? Unless the password reset process involves a text to the cell phone number to verify identity. :oops:
User avatar
Cheez-It Guy
Posts: 1102
Joined: Sun Mar 03, 2019 4:20 pm

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by Cheez-It Guy »

^^Well, did you check the provided IMEI against your own phone? Did it match or not?
katnok
Posts: 171
Joined: Fri Nov 11, 2011 8:36 pm

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by katnok »

Cheez-It Guy wrote: Sun Sep 22, 2019 7:34 am ^^Well, did you check the provided IMEI against your own phone? Did it match or not?
No, it didn't match.
gtd98765
Posts: 657
Joined: Sun Jan 08, 2017 4:15 am

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by gtd98765 »

Cheez-It Guy wrote: Sun Sep 22, 2019 7:32 am While concerning, the password is still needed for 2FA. So how is this worse than 1FA? Unless the password reset process involves a text to the cell phone number to verify identity. :oops:
Unfortunately some sites will allow you to reset your password with just the cell phone number. The other thing thieves do is call the bank's customer service, and claim to have forgotten their password, but say they still have their cell phone; they get the password reset message sent to their phone that way. This is a combination of a SIM-swap and a social-engineering attack. krebsonsecurity.com has many interesting articles about this.

edit: clarification
student
Posts: 5161
Joined: Fri Apr 03, 2015 6:58 am

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by student »

gtd98765 wrote: Sun Sep 22, 2019 7:44 am
Cheez-It Guy wrote: Sun Sep 22, 2019 7:32 am While concerning, the password is still needed for 2FA. So how is this worse than 1FA? Unless the password reset process involves a text to the cell phone number to verify identity. :oops:
Unfortunately some sites will allow you to reset your password with just the cell phone number. The other thing thieves do is call the bank's customer service, and claim to have forgotten their password, but say they still have their cell phone; they get the password reset message sent to their phone that way. This is a combination of a SIM-swap and a social-engineering attack. krebsonsecurity.com has many interesting articles about this.

edit: clarification
Yes. And too bad not many sites use hardware 2FA or even software 2FA that ties to the phone (not number) like Norton.
arf30
Posts: 738
Joined: Sat Dec 28, 2013 11:55 am

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by arf30 »

This is pretty scary and it doesn't appear any carrier has good defenses in place against it - the attackers just keep trying until they get a customer service rep who ignores the security/verification questions lets them port the number out - or the customer service rep is in on it.
Last edited by arf30 on Sun Sep 22, 2019 8:03 am, edited 1 time in total.
mrmass
Posts: 345
Joined: Thu Jul 26, 2018 6:35 pm

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by mrmass »

My DW and I are on Corporate plans. I happen to be the admin for it on my company. I need to "authorize any movement of numbers to/from our plan.

Hence nobody can just "take" my or anyone else's sim/number from our plan.

I wonder if this could work for a small family. Buy a biz plan make one or two of you admins-the "company" owns the number...
stan1
Posts: 8932
Joined: Mon Oct 08, 2007 4:35 pm

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by stan1 »

mrmass wrote: Sun Sep 22, 2019 7:54 am My DW and I are on Corporate plans. I happen to be the admin for it on my company. I need to "authorize any movement of numbers to/from our plan.

Hence nobody can just "take" my or anyone else's sim/number from our plan.
Unless someone calls and convinces a low paid call center worker to do it anyways with out following process, or convinces the worker that "yes indeed I am mrmass".
arf30
Posts: 738
Joined: Sat Dec 28, 2013 11:55 am

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by arf30 »

mrmass wrote: Sun Sep 22, 2019 7:54 am My DW and I are on Corporate plans. I happen to be the admin for it on my company. I need to "authorize any movement of numbers to/from our plan.
The link posted earlier in this thread it describes how thieves bypass security like this - either through employees who have administrative level access or via direct access to the carrier's database.
User avatar
Topic Author
sunny_socal
Posts: 2289
Joined: Tue Mar 24, 2015 4:22 pm

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by sunny_socal »

RickBoglehead wrote: Sun Sep 22, 2019 7:08 am Cricket is responsible for reversing this.

File a complaint with the FCC. https://consumercomplaints.fcc.gov/hc/e ... m_id=39744
That didn't work. The form wouldn't process because we don't' have a phone bill showing the change of carrier.

Will call cricket again on Monday for an update. Pretty sure they'll just say "please wait another 48 hours."

It's interesting how these companies can switch you out in a matter of minutes but they have no idea how to get you back!
User avatar
Topic Author
sunny_socal
Posts: 2289
Joined: Tue Mar 24, 2015 4:22 pm

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by sunny_socal »

arf30 wrote: Sun Sep 22, 2019 8:10 am
mrmass wrote: Sun Sep 22, 2019 7:54 am My DW and I are on Corporate plans. I happen to be the admin for it on my company. I need to "authorize any movement of numbers to/from our plan.
The link posted earlier in this thread it describes how thieves bypass security like this - either through employees who have administrative level access or via direct access to the carrier's database.
Yeah, I doubt they had the PIN for our account.
billy269
Posts: 119
Joined: Mon Nov 18, 2013 2:50 pm

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by billy269 »

What do people think of using a Google Voice number as for 2FA? Potentially safer to avoid a SIM Swap attack?
User avatar
RickBoglehead
Posts: 5608
Joined: Wed Feb 14, 2018 9:10 am
Location: In a house

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by RickBoglehead »

billy269 wrote: Sun Sep 22, 2019 5:51 pm What do people think of using a Google Voice number as for 2FA? Potentially safer to avoid a SIM Swap attack?
I have multiple Google numbers, in fact our old "home" number and my business number are Google numbers. I use them for 2FA all the time.
Avid user of forums on variety of interests-financial, home brewing, F-150, PHEV, home repair, etc. Enjoy learning & passing on knowledge. It's PRINCIPAL, not PRINCIPLE. I ADVISE you to seek ADVICE.
squirm
Posts: 2943
Joined: Sat Mar 19, 2011 11:53 am

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by squirm »

student wrote: Sun Sep 22, 2019 7:49 am
gtd98765 wrote: Sun Sep 22, 2019 7:44 am
Cheez-It Guy wrote: Sun Sep 22, 2019 7:32 am While concerning, the password is still needed for 2FA. So how is this worse than 1FA? Unless the password reset process involves a text to the cell phone number to verify identity. :oops:
Unfortunately some sites will allow you to reset your password with just the cell phone number. The other thing thieves do is call the bank's customer service, and claim to have forgotten their password, but say they still have their cell phone; they get the password reset message sent to their phone that way. This is a combination of a SIM-swap and a social-engineering attack. krebsonsecurity.com has many interesting articles about this.

edit: clarification
Yes. And too bad not many sites use hardware 2FA or even software 2FA that ties to the phone (not number) like Norton.
how does this work when it's tied to the phone and not the number?
gtd98765
Posts: 657
Joined: Sun Jan 08, 2017 4:15 am

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by gtd98765 »

how does this work when it's tied to the phone and not the number?
Some sites, such as Google, allow you to use a time-based one-time password app like Google Authenticator (https://en.wikipedia.org/wiki/Google_Authenticator) -- there are several others as well -- that generate a code that you type into a web site to prove you are you. Since the code is based on the time you don't even need a cell phone connection for it to work. You have to scan a special QR code with the app to set up your account. Unfortunately, not all sites allow the use of such apps.

This code is used as a second factor, together with your login code and password. I wish more financial institutions allowed this system rather than sending text messages as a second factor.
squirm
Posts: 2943
Joined: Sat Mar 19, 2011 11:53 am

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by squirm »

gtd98765 wrote: Sun Sep 22, 2019 6:49 pm
how does this work when it's tied to the phone and not the number?
Some sites, such as Google, allow you to use a time-based one-time password app like Google Authenticator (https://en.wikipedia.org/wiki/Google_Authenticator) -- there are several others as well -- that generate a code that you type into a web site to prove you are you. Since the code is based on the time you don't even need a cell phone connection for it to work. You have to scan a special QR code with the app to set up your account. Unfortunately, not all sites allow the use of such apps.

This code is used as a second factor, together with your login code and password. I wish more financial institutions allowed this system rather than sending text messages as a second factor.
Awesome, thanks for the explanation. I use Microsoft authenticater for Lastpass.
stan1
Posts: 8932
Joined: Mon Oct 08, 2007 4:35 pm

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by stan1 »

sunny_socal wrote: Sun Sep 22, 2019 7:00 am Last week my wife's phone stopped working and showed a SIM error. Tried rebooting, inserting the SIM again - no help.
Did you try a new SIM? Just in case SIM did fail (probably pretty rare but a simpler explanation than hijacking plus it is also something in your control as opposed to waiting for customer service people).
Last edited by stan1 on Sun Sep 22, 2019 7:08 pm, edited 1 time in total.
student
Posts: 5161
Joined: Fri Apr 03, 2015 6:58 am

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by student »

squirm wrote: Sun Sep 22, 2019 6:36 pm
student wrote: Sun Sep 22, 2019 7:49 am
gtd98765 wrote: Sun Sep 22, 2019 7:44 am
Cheez-It Guy wrote: Sun Sep 22, 2019 7:32 am While concerning, the password is still needed for 2FA. So how is this worse than 1FA? Unless the password reset process involves a text to the cell phone number to verify identity. :oops:
Unfortunately some sites will allow you to reset your password with just the cell phone number. The other thing thieves do is call the bank's customer service, and claim to have forgotten their password, but say they still have their cell phone; they get the password reset message sent to their phone that way. This is a combination of a SIM-swap and a social-engineering attack. krebsonsecurity.com has many interesting articles about this.

edit: clarification
Yes. And too bad not many sites use hardware 2FA or even software 2FA that ties to the phone (not number) like Norton.
how does this work when it's tied to the phone and not the number?
This may give you additional info that you seek. https://www.fidelity.com/security/soft-tokens/overview "Through our partnership with Symantec, Fidelity offers you free use of Symantec’s Validation and ID Protection (VIP) Access app, which generates a randomized 6-digit code on your Mac, PC, or mobile phone each time you attempt to log in. To complete your login, you’ll then be prompted to enter the code from your VIP app, which is valid for 30 seconds." Google authenticator that someone else mentioned is another app that generate codes."

This website gives you info of technology that each company had adopted. For example, Vanguard actually uses hardware 2 factor authentication. https://twofactorauth.org/ https://investor.vanguard.com/security/security-keys
User avatar
bluquark
Posts: 1150
Joined: Mon Oct 22, 2018 2:30 pm

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by bluquark »

Any online account that uses this phone for 2-factor, log on if possible (e.g. on a computer that she used before for it so that the phone is not required to log on) and turn on alternate means of logging in and change the password.

Any idea why she might have been targeted? Typically, there is some resellable online asset that attracts the hacker. Has she ever dabbled in cryptocurrency? Does she have an appealing Instagram handle someone might want to buy (e.g. one dictionary word)?
70/30 portfolio | Equity: global market weight | Bonds: 20% long-term munis - 10% LEMB
harrychan
Posts: 1739
Joined: Sun Nov 14, 2010 9:37 pm
Location: Pasadena

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by harrychan »

sunny_socal wrote: Sun Sep 22, 2019 7:00 am Supposedly this "shouldn't" have happened since we have a PIN in the account.

This is concerning. Do you have a pin on the account or do you have a pin to specifically block number porting. There is a difference. If you don't have a pin set up to block number porting, all they need is the last 4 of your SSN or other basic info to port your number.
This is not legal or certified financial advice but you know that already.
User avatar
Topic Author
sunny_socal
Posts: 2289
Joined: Tue Mar 24, 2015 4:22 pm

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by sunny_socal »

harrychan wrote: Sun Sep 22, 2019 7:36 pm
sunny_socal wrote: Sun Sep 22, 2019 7:00 am Supposedly this "shouldn't" have happened since we have a PIN in the account.

This is concerning. Do you have a pin on the account or do you have a pin to specifically block number porting. There is a difference. If you don't have a pin set up to block number porting, all they need is the last 4 of your SSN or other basic info to port your number.
The PIN was defaulted to the last 4 of my SSN :oops: It's been changed :?

We think she may have been targeted after applying for various jobs. She's been out of the market for 15 years and updated her Linkedin, put her resume on various websites. The thing is when one searches for "Resume Template" you don't get a resume template, you get a host of websites that offer to build a resume for you. You fill out all your info first then they charge you a fee at the end. She encountered a few of these and I'm guessing fell into some phishing traps along the way (got several odd emails.)
User avatar
Vulcan
Posts: 1324
Joined: Sat Apr 05, 2014 11:43 pm

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by Vulcan »

theplayer11 wrote: Sun Sep 22, 2019 7:27 am so much for 2FA on accounts..this is not good
I always recommend using Google Voice (or Google Fi) numbers for 2FA.
A lot harder to hijack those.
If you torture the data long enough, it will confess to anything. ~Ronald Coase
ARoseByAnyOtherName
Posts: 1000
Joined: Wed Apr 26, 2017 12:03 am

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by ARoseByAnyOtherName »

student wrote: Sun Sep 22, 2019 7:07 pm This website gives you info of technology that each company had adopted. For example, Vanguard actually uses hardware 2 factor authentication. https://twofactorauth.org/ https://investor.vanguard.com/security/security-keys
I’m pretty sure vanguard has automatic fallback to SMS if you chose to use a security key, which defeats the point of having the hardware token.

They state as much on the link you provided above:
“ What if I don't have my key?
No problem. We'll just send you a security code.”
yohac
Posts: 387
Joined: Sat Sep 01, 2018 1:42 pm

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by yohac »

billy269 wrote: Sun Sep 22, 2019 5:51 pm What do people think of using a Google Voice number as for 2FA? Potentially safer to avoid a SIM Swap attack?
I believe so, or at least I haven't seen a credible account of a Google Voice number hijacking. The GV number I use for 2FA is only for that, not given to anyone else. Even if you wanted to port the number yourself, you have to login to your Google account and give permission, and pay three bucks to unlock it.
student
Posts: 5161
Joined: Fri Apr 03, 2015 6:58 am

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by student »

ARoseByAnyOtherName wrote: Mon Sep 23, 2019 8:33 am
student wrote: Sun Sep 22, 2019 7:07 pm This website gives you info of technology that each company had adopted. For example, Vanguard actually uses hardware 2 factor authentication. https://twofactorauth.org/ https://investor.vanguard.com/security/security-keys
I’m pretty sure vanguard has automatic fallback to SMS if you chose to use a security key, which defeats the point of having the hardware token.

They state as much on the link you provided above:
“ What if I don't have my key?
No problem. We'll just send you a security code.”
I wonder whether they give you an option or note that in your file to not do that. Now that you mentioned this, I remember seeing a discussion.
User avatar
oldcomputerguy
Moderator
Posts: 9220
Joined: Sun Nov 22, 2015 6:50 am
Location: In the middle of five acres of woods in East Tennessee

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by oldcomputerguy »

student wrote: Mon Sep 23, 2019 9:09 am I wonder whether they give you an option or note that in your file to not do that. Now that you mentioned this, I remember seeing a discussion.
Here's one.

viewtopic.php?t=213426
"I’ve come around to this: If you’re dumb, surround yourself with smart people; and if you’re smart, surround yourself with smart people who disagree with you." (Aaron Sorkin)
Blake7
Posts: 284
Joined: Fri Mar 30, 2018 2:52 pm
Location: USA

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by Blake7 »

Vulcan wrote: Mon Sep 23, 2019 7:13 am
theplayer11 wrote: Sun Sep 22, 2019 7:27 am so much for 2FA on accounts..this is not good
I always recommend using Google Voice (or Google Fi) numbers for 2FA.
A lot harder to hijack those.
Same here. The only issue I’ve found is some entities don’t work with SMSing VOIP numbers like GV. Wells Fargo Bank is an example.
student
Posts: 5161
Joined: Fri Apr 03, 2015 6:58 am

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by student »

oldcomputerguy wrote: Mon Sep 23, 2019 9:24 am
student wrote: Mon Sep 23, 2019 9:09 am I wonder whether they give you an option or note that in your file to not do that. Now that you mentioned this, I remember seeing a discussion.
Here's one.

viewtopic.php?t=213426
Thanks.
MathWizard
Posts: 4340
Joined: Tue Jul 26, 2011 1:35 pm

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by MathWizard »

Vulcan wrote: Mon Sep 23, 2019 7:13 am
theplayer11 wrote: Sun Sep 22, 2019 7:27 am so much for 2FA on accounts..this is not good
I always recommend using Google Voice (or Google Fi) numbers for 2FA.
A lot harder to hijack those.
I'm curious, why would a Google Fi number be harder to hijack?
Do those numbers not port to another carrier?
User avatar
Topic Author
sunny_socal
Posts: 2289
Joined: Tue Mar 24, 2015 4:22 pm

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by sunny_socal »

Still no resolution from Cricket. Ended up just getting a new phone number from them today, cost $80. Planning on suing them in small-claims court to get it back.

Went to T-mobile to see if the grass was any greener:
- They have a 4-line family plan for $140 with fees, somewhat more than Cricket but at least it includes mobile hotspot. (Cricket is $100/m plus another $10 for the hotspot) Netflix for mobile is included (don't need or want.)
- Opening the account would have required a credit check. Called their customer service, they said "You must open ALL the credit bureaus and provide us with the PIN numbers." (Uh, no)
- If I didn't want the credit check I could pay a $200 deposit and request a refund after one year. And with this option only the most basic pre-paid plan is available, it's $125 with fees and there is no hotspot option.

Told them I'd think about it, but really I'm not particularly excited. I can live without netflix.

ATT was $200 for a 4-line plan :shock:

The mobile industry stinks. Customer service is nonexistent and their accounts are vulnerable. It's very easy to port a number for the account owner so it's easy for thieves as well.
michaeljc70
Posts: 7104
Joined: Thu Oct 15, 2015 3:53 pm

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by michaeljc70 »

billy269 wrote: Sun Sep 22, 2019 5:51 pm What do people think of using a Google Voice number as for 2FA? Potentially safer to avoid a SIM Swap attack?
I use my GV for everything. If someone stole my phone number, I don't even know what it is. I'd just get a new one and make that forward to GV. Now if they ported that number somewhere...same problem I imagine.
User avatar
Vulcan
Posts: 1324
Joined: Sat Apr 05, 2014 11:43 pm

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by Vulcan »

MathWizard wrote: Mon Sep 23, 2019 2:38 pm
Vulcan wrote: Mon Sep 23, 2019 7:13 am
theplayer11 wrote: Sun Sep 22, 2019 7:27 am so much for 2FA on accounts..this is not good
I always recommend using Google Voice (or Google Fi) numbers for 2FA.
A lot harder to hijack those.
I'm curious, why would a Google Fi number be harder to hijack?
Do those numbers not port to another carrier?
The owner has to authorize the port by logging into their Google account.
If you torture the data long enough, it will confess to anything. ~Ronald Coase
User avatar
msi
Posts: 591
Joined: Sun Feb 17, 2008 11:15 pm

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by msi »

Shame on Cricket for their customer service and their slow non-responses.

But you're going to run into the credit check issue at any postpaid carrier (the common plans on T-Mobile, AT&T, Verizon, and Sprint) because you pay each month *after* you use the service. With prepaid carriers like Cricket, or MVNOs, or the prepaid divisions of major carriers, you pay in advance *before* you use the service.

There are a few exceptions like Ting (which is PAYG, so technically postpaid), but that's the general rule.
Copper John
Posts: 220
Joined: Tue Jan 11, 2011 12:31 pm

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by Copper John »

Blake7 wrote: Mon Sep 23, 2019 9:43 am
Vulcan wrote: Mon Sep 23, 2019 7:13 am
theplayer11 wrote: Sun Sep 22, 2019 7:27 am so much for 2FA on accounts..this is not good
I always recommend using Google Voice (or Google Fi) numbers for 2FA.
A lot harder to hijack those.
Same here. The only issue I’ve found is some entities don’t work with SMSing VOIP numbers like GV. Wells Fargo Bank is an example.
I use my Google Voice number for 2FA and it works fine, but as you point out it does not work for all entities. I have a Chase Bank credit card and it does not work for that account. I wondered why and I now realize after your post it must be the VOIP aspect of this service that is causing this to not work at Chase.
AlohaJoe
Posts: 5534
Joined: Mon Nov 26, 2007 2:00 pm
Location: Saigon, Vietnam

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by AlohaJoe »

billy269 wrote: Sun Sep 22, 2019 5:51 pm What do people think of using a Google Voice number as for 2FA? Potentially safer to avoid a SIM Swap attack?
An increasing number of financial institutions block Google Voice (and other services like it) for their 2FA; it go through the Google Voice user forums you'll see many complaints of this happening to people. I was locked out of my WellsFargo account earlier this year when they began disallowing Google Voice numbers. I called a service rep and they deactivated 2FA on my account. (I don't recall how, or if, they verified it was me that was calling & requesting that and not some random hacker.) I no longer require 2FA to login but certain actions (like viewing a statement) still require it but they won't send a code to my Google Voice. So my only options are to never use that functionality on the website or buy a cell phone & mobile plan that I don't need simply to get Wells Fargo statements.
investor4life
Posts: 241
Joined: Fri Oct 08, 2010 9:45 am

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by investor4life »

Cheez-It Guy wrote: Sun Sep 22, 2019 7:32 am While concerning, the password is still needed for 2FA. So how is this worse than 1FA? Unless the password reset process involves a text to the cell phone number to verify identity. :oops:
It’d help to have a login-id that’s not obvious (like an email address). This likely adds an extra measure of safety (1.5FA?)
User avatar
bluquark
Posts: 1150
Joined: Mon Oct 22, 2018 2:30 pm

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by bluquark »

investor4life wrote: Mon Sep 23, 2019 6:23 pm
Cheez-It Guy wrote: Sun Sep 22, 2019 7:32 am While concerning, the password is still needed for 2FA. So how is this worse than 1FA? Unless the password reset process involves a text to the cell phone number to verify identity. :oops:
It’d help to have a login-id that’s not obvious (like an email address). This likely adds an extra measure of safety (1.5FA?)
Unfortunately, email addresses are an extremely obvious login-id. If you've been using the same address for 10+ years, try entering it on http://haveibeenpwned.com/ to learn how many databases have leaked with your email address in them.
70/30 portfolio | Equity: global market weight | Bonds: 20% long-term munis - 10% LEMB
Katietsu
Posts: 3994
Joined: Sun Sep 22, 2013 1:48 am

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by Katietsu »

It could be that they were after the phone number as others have suggested. But when this happened to a relative, we found that the technique was being used mainly to get the discounted new phone that required moving a number.
Last edited by Katietsu on Mon Sep 23, 2019 7:14 pm, edited 2 times in total.
gtd98765
Posts: 657
Joined: Sun Jan 08, 2017 4:15 am

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by gtd98765 »

I'm curious, why would a Google Fi number be harder to hijack?
Since your Fi phone is tied to your google/gmail account, a thief would have to hack your google account to port out the phone. Google account security includes options for strong 2-factor authentication; you can limit it to a security key, or a security key and authenticator app, etc. Google even has a high-security account option that requires using a security key every time you log on. These measures would make it very hard to get into your account and steal your fi phone number.
iasw
Posts: 250
Joined: Mon Dec 05, 2016 2:02 pm

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by iasw »

Depending on your usage, Ting might be a good deal.

Outrageous what happened.
investor4life
Posts: 241
Joined: Fri Oct 08, 2010 9:45 am

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by investor4life »

bluquark wrote: Mon Sep 23, 2019 6:41 pm
investor4life wrote: Mon Sep 23, 2019 6:23 pm
Cheez-It Guy wrote: Sun Sep 22, 2019 7:32 am While concerning, the password is still needed for 2FA. So how is this worse than 1FA? Unless the password reset process involves a text to the cell phone number to verify identity. :oops:
It’d help to have a login-id that’s not obvious (like an email address). This likely adds an extra measure of safety (1.5FA?)
Unfortunately, email addresses are an extremely obvious login-id. If you've been using the same address for 10+ years, try entering it on http://haveibeenpwned.com/ to learn how many databases have leaked with your email address in them.
I guess my framing was ambiguous. What I meant was email address is an obvious login-id. Using something random as username serves as essentially a second password.
student
Posts: 5161
Joined: Fri Apr 03, 2015 6:58 am

Re: Someone stole my wife's phone number (ie. ported to another carrier)

Post by student »

investor4life wrote: Mon Sep 23, 2019 9:08 pm
bluquark wrote: Mon Sep 23, 2019 6:41 pm
investor4life wrote: Mon Sep 23, 2019 6:23 pm
Cheez-It Guy wrote: Sun Sep 22, 2019 7:32 am While concerning, the password is still needed for 2FA. So how is this worse than 1FA? Unless the password reset process involves a text to the cell phone number to verify identity. :oops:
It’d help to have a login-id that’s not obvious (like an email address). This likely adds an extra measure of safety (1.5FA?)
Unfortunately, email addresses are an extremely obvious login-id. If you've been using the same address for 10+ years, try entering it on http://haveibeenpwned.com/ to learn how many databases have leaked with your email address in them.
I guess my framing was ambiguous. What I meant was email address is an obvious login-id. Using something random as username serves as essentially a second password.
Good point.
Post Reply