*Quick Rico Tech* on the web I would like to sincerely thank you from the bottom of my heart! So many from tough harsh living conditions that suffer and you helping and giving them something that they desperately need just to survive. I thank God for wonderful people like you that are making the differences that truly matter most! God Bless you Love from Greenville NC.
@@tombucannon because, like every other company in this country, they don't care. All they want is that bill paid each month and screw your and you security conserns.
as someone who works in phone retail, this could never work because we so often have people who lost our broke their device and don’t have a secondary security number/family member to call to verify
No. I don't care what they do, you will NEVER be safe from a SIM swap. As long as your security key is controlled by a 3rd party you are vulnerable. The fault is ANY company that forces use of SMS a a factor for MFA. It's insane that SMS is used for this. The only secure way of dealing with things is hardware keys, auth apps or passkeys. SMS should be thrown in the rubbish bin for any form of security. It was meant to send quick personal messages between people who know each other, that's what it should remain doin.
How can u avoid getting scammed by sim swap? DO NOT MAKE BANK BUSINESS THROUGH PHONE APP!!!! I do my bank business on my lap top at home through bank internet page and bank codes. There is nothing that can not wait to get paid until u get home and nobody can access my bank account without my pin number and bank codes, even thou i receive an sms to confirm transactions.
@@bambinaforever1402 Sure. Now, how about most banks in my country that only offer SMS as a 2FA? There are no 'bank codes', it's SMS or nothing. And no, this has nothing to do with using a phone app, logging in on the web is exactly the same process. Yes, our banks are stupid bad for security.
What they need to do is force you to visit one of the stores with some sort of government issued photo ID (this would mean no credit cards can be used as ID). The whole idea is to do it in person rather than taking your word that the account is yours. Too many things are done over the phone or internet rather than in person. It is only for convenience. It is time to give up some of that convenience in exchange for security. Too many people want convenience but they don't realize what they get in exchange.
In my case, my exboyfriend did just that. He physically went into the store in another state claiming he wanted to port his number to his new phone, but it was my phone number. Fortunately, for me, we had the same carrier who pulled up the number he gave them, saw a female name on the account and called me and left a message on my voicemail. I, of course, called them back immediately and told them I had ended our relationship because I caught him steaming open all my mail while I was out of the country for 6 weeks going to school abroad in Paris. He offered to take care of my dog while I was out of the country (so he could go through all my mail and computers while I was away). Seriously. This was a man who treated me so well, was kind to my dog, and who never showed any signs of jealousy, rage, or violence toward me (or anyone). It just goes to show you that some people are extremely accomplished at being two-faced to the point of it being nearly undetectable. This was a highly intelligent man, who was moving to Cambridge, MA to attend MIT b-school, and it was there that he tried to port my number to his new phone AFTER I had caught him steaming open my mail and cut all contact with him and told him to never contact me via any form of communication again ever. He was such a seemingly nice, kind, generous man you would never suspect of anything like this, but that was just who he pretended to be when he was with me. He was living a kind of double persona around his friend group. His last words to me as I was escorting him out of my apartment building were, "I've never know anyone who is as honest as you are." I told him to remember that when someone else betrays him, how he treated the most honest person he had ever known in his lifetime." He hung his head and left quietly. Two months later, he tried to port my phone number and sim card to his phone on the other side of the US. Only the carrier calling my voicemail and leaving me a message saved him from being successful at it.
@@fdllicksYep and it is groups and clubs. Need to go a little deeper with police work and really see who these people are working for. It’s not hard and I will not say it here. Groups and Clubs have changed. Not so much the burly dude anymore. Now it’s sending out people in the Suburbs to steal. Should be charged with Domestic Terrorism. I wouldn’t trust anyone especially in or near your home or phone . Turn Numbers Lock on and get off WIFI. Be careful at the Bits By store and the Tweak Squad . It is Rampant. (Not all but more than you think and can imagine).
In Italy, where I live and work, you have to present the phone company operator a police statement (theft, lost SIM, etc.) and an identity document (Passport, Identity Card, etc.) in order to get a new SIM. It has always been so. The European Union has recently released a series of rules to phone companies in order to fight SIM swapping and others types of scam. Transfering the phone number to a new operator is equally protected. For example, a phone call or a SMS is sent to the existing SIM in order to notify the user before moving the number to the new SIM.
@@bambinaforever1402no problem...ur id is stored at the company ..its easy to check if you are you ( passport, loss report from.police,puk code ) and all in person...
You can still increase protection by removing sms 2fa from sensitive accounts, instead relying on 2fa authentication apps on a biometrically secured phone.
@@martinlutherkingjr.5582 True. For these select few (gov/financial) sites, I use a relatively private # that only these sites have, but also my personal contacts have/use. Reasoning behind it being, that it's extremely unlikely for that # to be leaked out, unlike my other # (now in Google Voice) that's on the B2B Business data leak of 2017, Facebook leak of 2019, Leadhunter leak of 2020, AT&T leak of 2021, and Twilio leak of 2024... Needless to say, that's the number I still use today to communicate with businesses. In the remote chance that my gov/financial # finds its way on the dark web (I have Google Dark Web Report), I'll move that # also to gv and get a new # asap lol
I was called by a tmobile store in brooklyn ny bcz a 19 yr old walked in with a completely legit looking drivers license with my name on it. They were suspicious bcz he was 19 and i am 51. also, their buddy works at the store and is orchestrating everything. Their buddy at the store is in on it.
Video is useless with the level fairly cheap AI can produce. It might work for a few month but soon AI will be able to produce on demand responses in real time. In person or bust imo.
Phone companies are not providing secure services to those paying the monthly talk and text bill and should be held accountable as they know from the get-go the consumer is NOT secure!!!!! The end users are not technically savvy and expected to figure this stuff out is ridiculous!!
Awesome work, Team *Skillful Recovery Tech* ! It's so satisfying to see you putting in the effort to stop those shady characters. Protecting the public, especially the elderly, from those despicable con artists is crucial. You truly deserve recognition and appreciation for keeping us secure and for the recovering my lost 0.2 btc. I'm thrilled for you because you're my sibling. Your accomplishments definitely make you a strong contender for the Nobel Peace Prize. Keep up the outstanding performance
Yes, because lots of information about you is available on public records. One common question is, in what city were you married. They can find the answer but if you give the wrong city as your answer, even if they know the right answer it will be wrong.
I started doing this after yahoo email was hacked, and I couldn't remember which security questions I'd answered (yahoo required them), and stupid yahoo gave no record of that.. At least there seems to be little use of security questions anymore.
I called AT&T and said DO NOT allow SIM swapping on my account about 2y ago. They said they have no way of doing this! I said okay put your manger on the phone, told them this phone call is recorded and that I want you to personally note my account that SIM SWAPS are not allowed unless done in person. I doubt they gave me a real name OR that my account was noted so I tested it and NO NOTE was added. The fact that a multi billion dollar company can't add a policy saying anything SIM related must be done in person, including changing options from this point on, is beyond me. Reminds me of trying to buy a series X from Microsoft a few years back, THE tech giant of the world, does not have a simple captcha in place to prevent bots from exploiting on their website. We must be real naive not to be able to read between the lines...
Doesn't help. Inside jobs that are hard to trace. One employee steals another's credentials etc. Can also easily infect some store location with malware.
@@dodgek5270 Happens all the time already, and a guy lost millions in crypto and *lost* a lawsuit against att for this exact scenario. Carriers aren't responsible for sophisticated criminal employees that strike without warning...
100% Our phones aren't toys. It should be harder to swap sims than to get a passport ffs! Hell you should have to bring a witness, who has ID as well, that is pre listed on your phone account.
Interesting. In most developed countries you need to provide physical ID at a physical location or authenticate with your online banking credentials to request a new SIM, which can only be sent to your registered address or picked up from a store with physical ID like a passport or ID card.
The bank bit pisses me off and like the phone companies, they should be held accountable for not taking steps to enable their customers to CYA. Your video was very informative as always. Thanks to you, my wife and I bought Yubikeys and love them! Thank you!
But they're also low paid (and relatively numerous) and thus, low in quality. And quality costs money. We all want vast numbers of top quality people on the job until we realize how much that'll cost us. Large numbers of highly trained, high quality employees are not cheap, and you have to recruit and retain them, too. Millions in advertising is actually quite cheap, by comparison, and unlike customer service, ads generate revenue- which in turn could be used to improve customer service.
@@BologneyT yep, when your paycheck doesnt cover the bills, and you start thinking. And your buddy comes to you and asks you to help him with a sim card swap for$100. You look at your tiny paycheck, and tmobile says "we arent paying you for lunch anymore", and "come in at 11 instead of 9", it is tempting.
I don't use my phone to pay for anything. I've got to use it for 2-step verification on many accounts I have, but I get e-mail alerts when that happens too. I have complex passwords for all of my accounts that aren't the same because I got an alert someone tried to get into one of them a year ago.
The wrong answer to security questions is something I have done for a long time. Say they wanted the make and model of your first car. ‘Rustypieceofshit’ does the trick. Grandmother’s maiden name? Smellsliketalcumpowder.
😢 technology (?). T mobile to Spectrum. 1 year T mobile credit collection. Paid. Keeping the same number was bad 👎. Went to T mobile wanted more. Had Spectrum (?). 😢 The human element. How can I be full proof? I'm sad that people are so messed up in customer service. County workers stealing ebt for food. Soooo messed up. Security, please.
Re: carrier account pin code or p/w....a good practice is to change it after calling carrier and giving it to them to verify your account. You never known if they've written down somewhere
One more easy and important tip which you should have mentioned is to never use your primary SIM number as the 2FA number. Buy a 2nd SIM and use that for important accounts and only use for those accounts and never contact anyone with that SIM nor share that number with anyone.
Any data sent over 2G and 3G is accessible via SS7. 4G and 5G use Diameter, which I'm told has it's own vulnerabilities. Just don't use SMS for 2FA. And don't send data unencrypted if you don't want it to potentially be intercepted. There's no trace or indication if SS7 is used to monitor a call or data to a handset, and you can search the database by some single identifiers, the IMEI of a handset, as an example. So if someone has access to SS7 via an employee or a hacked account then they don't need much information about you, and there will be no trace. Better to just choose a different kind of 2FA or MFA.
How do we know a product like "Efani" doesn't create a problem like this so they can sell their product. I'm always highly suspicious of such things. Remember a little movie way back in the 90's with Sandra Bullock called "The Net?"
Is this video sponsored content? I can't even tell, but I'm sketched out by the fact that not even a minute into the video, in rolls an inbuilt ad for a product you claim is "the only service" that protects against the scam that is the subject of the video. It just has that same creepy, inauthentic feel that sponsored content always has.
I use authenticator apps everywhere I can, but tell me, why don't banks give you the option to use authenticator apps? That's the most vulnerable account for anyone and banks don't let you use the more effective methods of authentication!
I enabled sim lock but when I'm logged in the sim card is unlocked. I need to use my selected pin before the login. I use my flip phone for bank texts. Instead
So there is no way to easily avoid it, other than your recommendation to buy this expensive third party cellphone plan. As far as Efani, one of my main concerns is if they all of a sudden go out of business. Since they're the one your phone number is with, and not the underlying carrier, you might be screwed and lose your number. They'll be no way to port it out. :/
So the weakest link here is the customerservice of your cellphone provider. I just decided to read into how my provider deals with it and it seems they have extra security layers build in which is good to know. They also seem to get training a lot to look out for the signs.
The weakest link is the 1970s protocols that underpin mobile signals data. SS7 was outed to the world nearly ten years ago, and security is no tighter than it was, other than the employees with access being less open to bribes, and perhaps their access more tightly monitored when using certain parts of the system.
Interesting. So for anything financial we have a dedicated chromebook with a bogus account. From that chromebook/account I only ever log onto my password vault. So in theory even if my phone was sim swapped, then the google account they got access to would be my personal account, not the bogus one that I accessed the financial stuff. I never log onto my password vault from my regular email, So in theory if I was sim swapped it would be irritating but they would have no way to know what the 2FA codes were for right??
You didn't explain: 1. Scammer needs userid BEFORE they can click on " forgot password" Having the sim card does not tell scammer what banking APPS are on your phone, what any saved userids are, or even what banks you use. 2. Service provider always is supposed to ask for passcode or answer to secret questions before believing anything. They should also attempt to call/text/email the phone first.
I had just subscribed...then I saw his rude snarky reply. Notice he didn't answer the question. This is a thinly veiled infomercial. During times of exponential inflation and the tail end of a pandemic that devastated the economy, $100 is DEFINITELY something to balk at. This guy's disgusting.
@@SpecsAppeal agreed. If they were t going to answer the question they could of left out the rude response. Let’s not forget everyone isn’t as fortunate as this guy. $100 might be nothing to you but to some that’s money that goes toward rent.
@@Ricoxsuav3hh he’s def getting like $10 per haha, but def agree man’s was just asking a question after being surprised at the cost of the service, no need to be rude Man’s acting like he was working at a restaurant, saw young people ask why the steak is over $50 and told them that’s why cheap people need to eat at cheaper places
Thank you so much Let me share one more thing with you, I was a victim of sim swap before, so I set a pin and did what you just said, but I went a step further by asking the company to put a note on my account that no changes or swapping the SIM card over the phone or the internet, the only way to do something on my account is to be in the store physically, and with a valid ID. Now when I try to call the customer service or do something online I get a message: (sorry you need to come to the store with a valid ID in order to make changes.), it's not very convenient but it's more secure somehow. One question, do you know any bank that allow using physical 2fA key to login? Thanks again for your awesome info
That's a great way to do it, Michael. Most major banks I know don't allow for a 2FA key, but there are smaller online banks (such as Mercury) that do offer the option to secure with a Yubikey.
I was SIM swapped last week by a person physically in the store with a fake ID. T Mobile didn't require a pin or anything since they had a fake ID. You're not safe with that plan.
@@AllThingsSecured Excuse me, what do you mean by 'DON'T ALLOW'? In Europe, 2FA is a minimum requirement meanwhile for log in as well as for transactions.
Note it is not just two factor authentication. They can reset your password. One should not use the listed phone number as your password reset/two factor authentication number (they are different setting on, say Google). I use a prepaid where SIM swap is not possible. They will not provide a new SIM under any condition (if I lose the phone I lose the number and the balance) as they do not know whose it is. I have that number as the second SIM.
Thanks Josh, for the clear and detailed explanation of SIM swapping and yes...great advice and reminder, even for those of us in the IT industry...cheers
One problem is you can often change the default 2-factor mechanism but the fallback is still likely SMS. There needs to be some sort of backup to prove your identity in case your primary method gets lost or broken.
My bank does allow for the use of a physical dongle required for login. They say it will even work out of the country. But use of the dongle has allowed me to quit using their SMS-2-factor verification.
Thanks! iPhone has a sim pin in Settings- Cellular. Mine was set by default to 'off', so I enabled it, then set my own unique 5 number pin. I feel it's much more secure now!
Some good information BUT!! it's basically an add for a security system without a price mentioned. To find out the price ? you would, no doubt, have to enter your information???
I don't believe this could happen to me because whenever call my mobile carrier they always ask me for a four digit PIN number that only I know and have known since I set it up and without which I can't change anything
hi, I am one of the SIM SWAP victims. if the card is inserted into someone else's cellphone, it will take 5 minutes. Will the cellphone be hit too? please answer my question
Go personally to a physical outlet when purchasing a phone and renewing your plan. Here in Canada, where I live, I go to an outlet in the mall and they will give me $50 credit card as a token for doing business at their outlet.
So pretty much the hackers still your phone number. But are they able to give the phone number back so you never know? Or is the phone number shared on both devices???
How about all sun swaps be done in person for security reasons . Just like banks will not make any changes to your account via phone . In person only .
What a lot of people do not understand is that the phone number they use is not theirs, you do not own your phone number, your provider owns it. Not you. Second, use an authenticator app for mfa. There are plenty out there you can use. Here (the Netherlands) you have to go to a store physically if you want you sim to be swapped and they will only do it if you bring your ID (Passport, Driver license) card to identify yourself. Thanks for your attention, Rik
Can’t SIM swap a Google Voice number. Set it up on a dedicated Google account. Sometimes it doesn’t work for me because I assume they check and see if it’s a “real” number with a “real” carrier, but most of the times it works and that’s what I use.
My final thought is this is noting more than a video to sell a product. Two step verification is the SECOND step in the process. ON all my accounts where it is setup, the code is NOT sent out UNTIL I have signed into my account using up to a 32 character password that is known only to me. A person cannot just enter a six digit code and gain access to my accounts. Yes, if they somehow get a hold of my computer or are able to implant a trojan to log keystrokes than that might work. However, since most people use their phone on a daily basis, they just need to understand if the phone no longer works call the provider and find out why. Go next door and call from your neighbors phone. What gets me is this video is so full of holes it is obvious someone is just trying to sell something.
Is theft from a SIM Swap not possible if one is using 1Password? The thief wouldn't be able to change passwords to my finanical accounts without knowing the original passowords, right? Am I missing something here?
If the SIM swap attacker pretends to be you and says they forgot their password, they can potentially reset your password if they know whatever basic personal info the bank also demands (username, account number, SSN, etc.). SMS 2FA can actually be worse than no 2FA, because they would never be able to do this with an account protected only by your password. The easiest solution is to keep a VoIP number on file at your bank instead of your real phone number. However, not all banks accept VoIP numbers, so this can narrow your options. It would be great if they allowed TOTP 2FA with an authenticator app (while also allowing SMS to be disabled as an option), but I don't know of a bank in the US that does.
100% of SIM swap attacks are the result of someone other than the owner of the account modifying the account without the owner's approval. A company called Cloaked Wireless has solved this by only letting the subscriber modify the account (their staff can't modify accounts). Basically, it solved the whole SIM swap problem.
So pretty much the hackers still your phone number. But are they able to give the phone number back so you never know? Or is the phone number shared on both devices???
the solution to this SIM swap thing is simple- you need to drive down to your carrier and do the swap THERE- IN PERSON. You need to bring documents such as phone bills, utility bills and of course picture ID. No more over the phone sessions to some minimum wage employee clock watching for her next break.
@@fdllicks yes- the guy in the store that you RANDOMLY picked is 'in on it'. ??? Also- I'm saying to make it a REQUIREMENT that all sim swaps need to be done at the brick & mortar to begin with- not after the fact.
@@lynskyrd This happened 4x to me. Each time the store the fake sim card was sold in was in another state. Twice, it was in Brooklyn NY, where i have never been. Did this happen to you? If not, shut up. Talk about things you have experience with.
@@fdllicks okay- first off, the fact that you got scammed 4x doesn’t make you an authority on the subject- if anything, it just proves you’re either stupid or careless- take your pick. So with that said- let me try this ONE more time: in order to fall victim to this SIM swap- a few things have to ‘line-up’-- the victim would have to have somehow divulged specific information about one’s self- this is usually done through social engineering scams such as “you received a UPS package- please click this link to verify address” - that type of thing. The other piece that has to be in place is - sure- there might be an ‘inside man’ at the Verizon or AT&T store; but that’s traceable provided due diligence is followed. What I’m suggesting is that unilaterally, Verizon, AT&T, T-Mobile, etc enact an across the board policy that only permits SIM swaps at the brick & mortar in which, positive proof of ID must be demonstrated. This includes picture ID, utility bills and past cell phone bills. There is NO WAY a SIM can be stolen this way. OK - I’ll ‘shut-up’ now because I’m done with this- listen-don’t listen- I don't care.
So what about people who dont have there actual phone number widely known like if you use a service like Hushed or Cloaked would that be a good way to avoid this ???
1:55 How is this hard to detect? If my SIM gets disconnected from my carrier, then the notification in the top left of my phone changes. I look at my phone multiple times a day. I’m confident I’d notice this immediately.
Haha I get that! It's one less thing to remember. But if you really want one, go SMH less. Buy just the device, do not install the pesky card 💳 (sometimes they come without. Hooray!) Then just use the phone like a mobile computer with wifi Source: that's what I do+
This is great info, thanks. I wouldn't dare do that last thing, though, because I wouldn't be able to remember the fake info I gave for the security questions. It's still a great idea, though.
@@SurfCityBill Another variation of this that could work is, your answer to those questions is a random phrase or word that you use, which has nothing to do with the question. "Name of favorite pet?" = whatchamcallitphrase. "Name of favorite teacher?" = whatchamacallitphrase, etc...
Or just answer with the 2nd of whatever instead of the first. First street you lived on? Give the 2nd or 3rd or something you will remember. If your memory sucks so bad you can't do that. Work on your memory. If you are unwilling or too lazy to yo do that; get a digital password vault that you keep at home. But really, just spend less time scrolling and more time working on your memory. You will be way better off developing your brain, rather than rotting it away on social media.
@@borrago answering the second question is a good idea, but I don't know where you get the idea that I spend all my time on social media. Some people have short term memory problems that are not self-inflicted.
Let’s say someone steals my phone #…how would they a) know which bank I deal with? And b) even if they knew that, how would they logon to my online banking to trigger an sms to be sent?
Good information 👍 In Pakistan, even if I give my sim to some scammers myself they can't do anything bad to me. In case they spoof me somehow, for cell carriers to issue them a replacement sim card, they will ask a number of personal info plus a biometric verification (one thumb and and a fingerprint of other hand at least). As for my bank account, it is also set on a fingerprint sign-in method 😊
This sim swap thing already happened to T Mobile customers over 3 years ago. There was also an app which allowed sharing of the number. One had to get T Mobile to put a ban on both so that no one could take the number away from your sim nor share your number using another device. Apparently, according to a cyber police officer, neither they or the FBI are interested in stopping this sort of crime. The local police is also not interested. No wonder the crime continues.
I have SIM card cloning issues, Authy is SIM based and was exploited in my iphone. Corrupt police can do anything on a cell phone, my ex's friends in police department have been ruthless, corrupt and downright criminal.
Authy is only sim based when you set it up the first time. Set up Authy on multiple devices, and then turn off multi device. No one can use Authy on a new device unless you enable multi device for setting up a new device.
Doesn't the scammer need your account password to get into your account? There's a reason why they call it two factor authentication. They should need more than your phone number.
There’s many expats from the US and other countries that are living in other countries. How are they able to login to their bank and credit card accounts? Most banks won’t accept a VoIP phone number or VPN. I’ve heard that Tello or US mobile would work but you have to be in the US to get them. I currently live on Guam and I would have to fly to the US just to get an account with Tello or US mobile. I need a solution that works reliably and consistently before I move to another country. Can you help? Thanks.
This is a long standing and unacceptable situation. Commenters here have complained about phone carriers but you're the 1st commenter to bring to attention the disgraceful archaic methods used by the financial institutions. I have the same problem as you and I too will have to go to the US to obtain a US Mobile acct for a long term solution. In the short term, I recommend you get hold of a relative/close friend to create a Google Voice acct for you. Despite using a VPN, I have failed to generate a GV and had to finally get someone in the US to do it for me. Altho GV is technically a virtual #, it appears to work with most banks. I would then get a 2nd virtaul number to link to the GV#. I've tried Hushed and it's decent - however, it will not work as a verification number for GV. It appears to work directly with some banks too but is not guaranteed. Torn my hair out trying to find a solution, again I stress that the current situation is unacceptable and all we can do is pray that all FINs adopt an alternative method.
I'm curious, how concerned are you about your mobile phone provider? If it's a serious concern, check out the added privacy and protection of Efani: efani.com/allthingssecured
@@savylany5754Broadcast interruptions and channel hijacks are old hat. Both analogue and digital systems have been used in the wild, from the late eighties until 2020 being the most recent I'm aware of. In the cases I know of, it wasn't for the purposes of fake news, but with AI video deepfakes becoming ever more widespread, in conjunction with a seamless signal hijack, you could fool just about anyone watching. As IoT devices smart TVs can also put a network at risk. And you wouldn't need anywhere near as much know-how and expensive equipment.
Hi, Can you make a video about SIM LOCK, this feature available in Android and iPhone. How is the sim lock work? Would it prevent SIM SWAP? AND further more about Esim. Would Esim prevent sim swap since it's not a physical sim card? Thanks
You can put a 4 digit lock code on your SIM which prevents it being used in another phone or indeed your own phone until you've entered it on turning on the phone but it wouldn't prevent the SIM swap fraud being discussed because the fraudster gets hold of another SIM which replaces yours
The FEDS can use devices in your neighbors house that can make your cell phone think it's connecting to a legit tower when it's actually connecting to their device. This enables them to access your operating system and perform a Sim SWAP and perform Debugging operations on your phone.
With the newer/higher end phones it's optional use a SIM - they have an "eSIM" which is builtin to the phones. I know iPhone 13 as one example I have personally helped someone switch to. Just call tech support with your cell provider and tell them you want to use only the eSIM. Then break the SIM with plyers, throw it away, and you're safe from this scam no matter what. Or Google on how to add the SIM pin if you don't have one. (The default pin is 0000 with Androids apparently, which is needed to set your pin.)
I have Google Fi cell service and they say that I have to be logged into my Google account in order to make any changes to my account. Is this good enough protection from this scam? I suppose not if my Google account itself has become compromised.
someone is going to take over your account by asking very nicely for the phone company to give them your phone number. Once they have you phone number, they may have access to whatever is on your phone.
@@TonyRule Microsoft is also a fine one. They support authenticator apps, but still require you to have at least one e-mail or phone number for authentication on personal accounts.
.. but this is no different from all the other possible ways that someone can impersonate me by knowing sufficient of my personal details. Why can't the carrier ask for a password, like any normal person, or do voice recognition like my bank manages to do ?
Here in the state of Colorado some police departments won't even bother to help you with any identy theft or cyber crime. You can't get a report to help you .
Let’s assume that I have sufficient precautions with my mobile carrier to ensure that nobody can impersonate me (yeah, I know: easier said than done, but just assume). Question: Can a hacker’s carrier take my phone number without first authorizing that with my current carrier?
Sim Swap may transfer the phone but it does not transfer the Keychain where the user id and passwords are housed , without out the user id a sim swap is useless even if a 2FA account reset is done imo.
*Quick Rico Tech* on the web I would like to sincerely thank you from the bottom of my heart! So many from tough harsh living conditions that suffer and you helping and giving them something that they desperately need just to survive. I thank God for wonderful people like you that are making the differences that truly matter most! God Bless you Love from Greenville NC.
Here’s a stupid question…why don’t Carriers call the actual number before allowing a sim swap?
Idea to simple for complex unchecked levels at corporate
@@tombucannon because, like every other company in this country, they don't care. All they want is that bill paid each month and screw your and you security conserns.
as someone who works in phone retail, this could never work because we so often have people who lost our broke their device and don’t have a secondary security number/family member to call to verify
So that the one who stole your phone can cancel the swap?
It is not a stupid question
This is totally the fault of the phone companies and they should be held liable for the loses due to their lack of security in these instances.
No. I don't care what they do, you will NEVER be safe from a SIM swap. As long as your security key is controlled by a 3rd party you are vulnerable. The fault is ANY company that forces use of SMS a a factor for MFA. It's insane that SMS is used for this.
The only secure way of dealing with things is hardware keys, auth apps or passkeys. SMS should be thrown in the rubbish bin for any form of security. It was meant to send quick personal messages between people who know each other, that's what it should remain doin.
Or call your banker. Nevermind, most of my employees love no banking personalization.
How can u avoid getting scammed by sim swap? DO NOT MAKE BANK BUSINESS THROUGH PHONE APP!!!! I do my bank business on my lap top at home through bank internet page and bank codes. There is nothing that can not wait to get paid until u get home and nobody can access my bank account without my pin number and bank codes, even thou i receive an sms to confirm transactions.
@@bambinaforever1402 Sure. Now, how about most banks in my country that only offer SMS as a 2FA? There are no 'bank codes', it's SMS or nothing.
And no, this has nothing to do with using a phone app, logging in on the web is exactly the same process.
Yes, our banks are stupid bad for security.
@@repatch43 Bank of America uses SMS text as 2FA, which is the ONLY 2FA that they support. A major bank... and that's their ONLY option....
What they need to do is force you to visit one of the stores with some sort of government issued photo ID (this would mean no credit cards can be used as ID). The whole idea is to do it in person rather than taking your word that the account is yours. Too many things are done over the phone or internet rather than in person. It is only for convenience. It is time to give up some of that convenience in exchange for security. Too many people want convenience but they don't realize what they get in exchange.
In my case, my exboyfriend did just that. He physically went into the store in another state claiming he wanted to port his number to his new phone, but it was my phone number. Fortunately, for me, we had the same carrier who pulled up the number he gave them, saw a female name on the account and called me and left a message on my voicemail. I, of course, called them back immediately and told them I had ended our relationship because I caught him steaming open all my mail while I was out of the country for 6 weeks going to school abroad in Paris. He offered to take care of my dog while I was out of the country (so he could go through all my mail and computers while I was away).
Seriously.
This was a man who treated me so well, was kind to my dog, and who never showed any signs of jealousy, rage, or violence toward me (or anyone). It just goes to show you that some people are extremely accomplished at being two-faced to the point of it being nearly undetectable.
This was a highly intelligent man, who was moving to Cambridge, MA to attend MIT b-school, and it was there that he tried to port my number to his new phone AFTER I had caught him steaming open my mail and cut all contact with him and told him to never contact me via any form of communication again ever.
He was such a seemingly nice, kind, generous man you would never suspect of anything like this, but that was just who he pretended to be when he was with me. He was living a kind of double persona around his friend group.
His last words to me as I was escorting him out of my apartment building were, "I've never know anyone who is as honest as you are." I told him to remember that when someone else betrays him, how he treated the most honest person he had ever known in his lifetime." He hung his head and left quietly.
Two months later, he tried to port my phone number and sim card to his phone on the other side of the US. Only the carrier calling my voicemail and leaving me a message saved him from being successful at it.
The don't require it to vote. Also they won't require it to transfer because people are lazy.
The guy at the store is in on it. He is buddies with the thief and orchestrating everything.
That is how it is done here. Finland. The country with the first operational GSM network.
@@fdllicks Yes, and next the person, who issued the change, faces some interesting questions. Simple.
Your phone service carrier should be held liable for poor employee training if sim swap happens to you.
Usually, the guy at the store is in on it.
Bottom line I have a cheap prepaid phone. I was already scammed.
@@Maria-fz1muu do not need to have a cheap phone to have a prepaid sim card. I have an expensive iphone with prepaid UNREGISTERED card
How would it have the same number if your phone still work?
@@fdllicksYep and it is groups and clubs. Need to go a little deeper with police work and really see who these people are working for. It’s not hard and I will not say it here. Groups and Clubs have changed. Not so much the burly dude anymore. Now it’s sending out people in the Suburbs to steal. Should be charged with Domestic Terrorism. I wouldn’t trust anyone especially in or near your home or phone . Turn Numbers Lock on and get off WIFI. Be careful at the Bits By store and the Tweak Squad . It is Rampant. (Not all but more than you think and can imagine).
In Italy, where I live and work, you have to present the phone company operator a police statement (theft, lost SIM, etc.) and an identity document (Passport, Identity Card, etc.) in order to get a new SIM. It has always been so. The European Union has recently released a series of rules to phone companies in order to fight SIM swapping and others types of scam. Transfering the phone number to a new operator is equally protected. For example, a phone call or a SMS is sent to the existing SIM in order to notify the user before moving the number to the new SIM.
This!!!
As it should be!!!
EU is always lightyears ahead of US/Can in these things.
That is a bummer. If your phone is stolen or got destroyed together with sim card how is that possible
@@bambinaforever1402no problem...ur id is stored at the company ..its easy to check if you are you ( passport, loss report from.police,puk code ) and all in person...
More proof that regardless of how vigilant you are with cyber security, the large corporations we commerce with are the weakest link.
You can still increase protection by removing sms 2fa from sensitive accounts, instead relying on 2fa authentication apps on a biometrically secured phone.
Until security is tightened on the SS7 protocols your data is open to interception anyway. Just don't use SMS for 2FA.
@@Fatman305It depends on the site, many don’t allow that
@@martinlutherkingjr.5582 True. For these select few (gov/financial) sites, I use a relatively private # that only these sites have, but also my personal contacts have/use. Reasoning behind it being, that it's extremely unlikely for that # to be leaked out, unlike my other # (now in Google Voice) that's on the B2B Business data leak of 2017, Facebook leak of 2019, Leadhunter leak of 2020, AT&T leak of 2021, and Twilio leak of 2024...
Needless to say, that's the number I still use today to communicate with businesses. In the remote chance that my gov/financial # finds its way on the dark web (I have Google Dark Web Report), I'll move that # also to gv and get a new # asap lol
how about requiring customers come to a phone store and show their physical ID? if they can’t there is always video conference.
I was called by a tmobile store in brooklyn ny bcz a 19 yr old walked in with a completely legit looking drivers license with my name on it. They were suspicious bcz he was 19 and i am 51. also, their buddy works at the store and is orchestrating everything.
Their buddy at the store is in on it.
My carrier tracfone doesn't require a security word . Confusing
Video is useless with the level fairly cheap AI can produce. It might work for a few month but soon AI will be able to produce on demand responses in real time. In person or bust imo.
2FA via SMS can be intercepted anyway. Don't use SMS for 2FA.
@@fdllicks I thought this was the case. Inside job.
The phone companies should be held accountable
I wish they were.
Phone companies are not providing secure services to those paying the monthly talk and text bill and should be held accountable as they know from the get-go the consumer is NOT secure!!!!! The end users are not technically savvy and expected to figure this stuff out is ridiculous!!
Awesome work, Team *Skillful Recovery Tech* ! It's so satisfying to see you putting in the effort to stop those shady characters. Protecting the public, especially the elderly, from those despicable con artists is crucial. You truly deserve recognition and appreciation for keeping us secure and for the recovering my lost 0.2 btc. I'm thrilled for you because you're my sibling. Your accomplishments definitely make you a strong contender for the Nobel Peace Prize. Keep up the outstanding performance
That suggestion about not giving truthful answers to security questions is a good one. I've been doing that for a while.
I have a hard enough time remembering the real answers let alone made up ones.
That’s a good idea
Yes, because lots of information about you is available on public records. One common question is, in what city were you married. They can find the answer but if you give the wrong city as your answer, even if they know the right answer it will be wrong.
Been doing that since the first time lol. I treat them as passwords and whatever the question is I just enter a 20 digit hard af password.
I started doing this after yahoo email was hacked, and I couldn't remember which security questions I'd answered (yahoo required them), and stupid yahoo gave no record of that.. At least there seems to be little use of security questions anymore.
I called AT&T and said DO NOT allow SIM swapping on my account about 2y ago. They said they have no way of doing this! I said okay put your manger on the phone, told them this phone call is recorded and that I want you to personally note my account that SIM SWAPS are not allowed unless done in person. I doubt they gave me a real name OR that my account was noted so I tested it and NO NOTE was added. The fact that a multi billion dollar company can't add a policy saying anything SIM related must be done in person, including changing options from this point on, is beyond me. Reminds me of trying to buy a series X from Microsoft a few years back, THE tech giant of the world, does not have a simple captcha in place to prevent bots from exploiting on their website. We must be real naive not to be able to read between the lines...
You are not bright. Maybe rewatch video 10x to understand how it works
Human
The phone companies should require people to come into the store with 3 pieces of ID to transfer a phone number to a new SIM card.
Doesn't help. Inside jobs that are hard to trace. One employee steals another's credentials etc. Can also easily infect some store location with malware.
@@Fatman305 It would help because SIM scams are not always an inside job. Scammers want to avoid security cameras and avoid leaving evidence (DNA).
Then that's easy. You can sue the carrier directly if that happens.
@@dodgek5270 Happens all the time already, and a guy lost millions in crypto and *lost* a lawsuit against att for this exact scenario. Carriers aren't responsible for sophisticated criminal employees that strike without warning...
100% Our phones aren't toys. It should be harder to swap sims than to get a passport ffs! Hell you should have to bring a witness, who has ID as well, that is pre listed on your phone account.
Interesting. In most developed countries you need to provide physical ID at a physical location or authenticate with your online banking credentials to request a new SIM, which can only be sent to your registered address or picked up from a store with physical ID like a passport or ID card.
That’s y scammers use an rdp server and link it to ur ip so it looks like the mobile call is coming from the residence u stay in
@@EMERBRUHare you brain dead? He said PHYSICAL. What's that got to do with an RDP server?
In America, our representatives do not work for us. This is why were the only 1st world power without national health and so much more.
The bank bit pisses me off and like the phone companies, they should be held accountable for not taking steps to enable their customers to CYA. Your video was very informative as always. Thanks to you, my wife and I bought Yubikeys and love them! Thank you!
As usually with corporations, spend millions advertising how wonderful they are but pennies on training.
It is not "training". The guy working at the store is in on it.
@@fdllicks
Not talking about the store, talking about customer service. The vid talked about them being the weakest link and insufficient training.
But they're also low paid (and relatively numerous) and thus, low in quality. And quality costs money. We all want vast numbers of top quality people on the job until we realize how much that'll cost us. Large numbers of highly trained, high quality employees are not cheap, and you have to recruit and retain them, too. Millions in advertising is actually quite cheap, by comparison, and unlike customer service, ads generate revenue- which in turn could be used to improve customer service.
@@BologneyT yep, when your paycheck doesnt cover the bills, and you start thinking. And your buddy comes to you and asks you to help him with a sim card swap for$100. You look at your tiny paycheck, and tmobile says "we arent paying you for lunch anymore", and "come in at 11 instead of 9", it is tempting.
I don't use my phone to pay for anything. I've got to use it for 2-step verification on many accounts I have, but I get e-mail alerts when that happens too. I have complex passwords for all of my accounts that aren't the same because I got an alert someone tried to get into one of them a year ago.
RE: Security questions - giving the wrong/incorrect answers.
This is the best nugget of info in this video, cant believe i didnt think of this before
The wrong answer to security questions is something I have done for a long time. Say they wanted the make and model of your first car. ‘Rustypieceofshit’ does the trick. Grandmother’s maiden name? Smellsliketalcumpowder.
😢 technology (?). T mobile to Spectrum. 1 year T mobile credit collection. Paid. Keeping the same number was bad 👎. Went to T mobile wanted more. Had Spectrum (?). 😢 The human element. How can I be full proof? I'm sad that people are so messed up in customer service. County workers stealing ebt for food. Soooo messed up. Security, please.
Re: carrier account pin code or p/w....a good practice is to change it after calling carrier and giving it to them to verify your account. You never known if they've written down somewhere
Good thinking !
One more easy and important tip which you should have mentioned is to never use your primary SIM number as the 2FA number.
Buy a 2nd SIM and use that for important accounts and only use for those accounts and never contact anyone with that SIM nor share that number with anyone.
Ok so I presume that for Sim swapping you at least need to give them your number?
That is good advice. My wife's phone has space for two SIM cards. So, she could do that with just one physical phone.
yup
Any data sent over 2G and 3G is accessible via SS7.
4G and 5G use Diameter, which I'm told has it's own vulnerabilities.
Just don't use SMS for 2FA. And don't send data unencrypted if you don't want it to potentially be intercepted.
There's no trace or indication if SS7 is used to monitor a call or data to a handset, and you can search the database by some single identifiers, the IMEI of a handset, as an example. So if someone has access to SS7 via an employee or a hacked account then they don't need much information about you, and there will be no trace.
Better to just choose a different kind of 2FA or MFA.
It doesn't matter because all of those accounts share your information and/or get hacked all the time.
How do we know a product like "Efani" doesn't create a problem like this so they can sell their product. I'm always highly suspicious of such things. Remember a little movie way back in the 90's with Sandra Bullock called "The Net?"
Exactly. I feel the same about antivirus software.
Oooh, The Net is one of my favorite movies! Not one of my security question answers. lol
Yeah, ok . They invented sim swapping. Right, smart guy
Is this video sponsored content? I can't even tell, but I'm sketched out by the fact that not even a minute into the video, in rolls an inbuilt ad for a product you claim is "the only service" that protects against the scam that is the subject of the video. It just has that same creepy, inauthentic feel that sponsored content always has.
What about newer phones without physical SIM cards. Or are they digital SIM cards?
They use "e-sims". Most phones the last few years have both types.
Without sim card is also a thing. The slot stays empty and phone runs on wifi.
America runs on Dunkin and my smartphone runs on wifi
Don't save/remember User Name or Login ID on an app. Another thing that a scammer would have to guess.
I use authenticator apps everywhere I can, but tell me, why don't banks give you the option to use authenticator apps? That's the most vulnerable account for anyone and banks don't let you use the more effective methods of authentication!
I enabled sim lock but when I'm logged in the sim card is unlocked. I need to use my selected pin before the login. I use my flip phone for bank texts. Instead
So there is no way to easily avoid it, other than your recommendation to buy this expensive third party cellphone plan. As far as Efani, one of my main concerns is if they all of a sudden go out of business. Since they're the one your phone number is with, and not the underlying carrier, you might be screwed and lose your number. They'll be no way to port it out. :/
have a second SIM for just the 2FA ... easy
So the weakest link here is the customerservice of your cellphone provider. I just decided to read into how my provider deals with it and it seems they have extra security layers build in which is good to know. They also seem to get training a lot to look out for the signs.
The weakest link is the 1970s protocols that underpin mobile signals data. SS7 was outed to the world nearly ten years ago, and security is no tighter than it was, other than the employees with access being less open to bribes, and perhaps their access more tightly monitored when using certain parts of the system.
I don't get it, what does PIN-lock for the SIM help if they get a new SIM card....or did not understand it
you have to give them PIN number before they can give you new SiM card - and only the owner would know PIN to his own SIM
Interesting. So for anything financial we have a dedicated chromebook with a bogus account. From that chromebook/account I only ever log onto my password vault. So in theory even if my phone was sim swapped, then the google account they got access to would be my personal account, not the bogus one that I accessed the financial stuff. I never log onto my password vault from my regular email, So in theory if I was sim swapped it would be irritating but they would have no way to know what the 2FA codes were for right??
You didn't explain:
1. Scammer needs userid BEFORE they can click on " forgot password" Having the sim card does not tell scammer what banking APPS are on your phone, what any saved userids are, or even what banks you use.
2. Service provider always is supposed to ask for passcode or answer to secret questions before believing anything. They should also attempt to call/text/email the phone first.
$99/mo!!! How much of that do you get?
Oh goodness. If you’re balking at $99/mo, then the service definitely isn’t designed for you.
I had just subscribed...then I saw his rude snarky reply. Notice he didn't answer the question. This is a thinly veiled infomercial. During times of exponential inflation and the tail end of a pandemic that devastated the economy, $100 is DEFINITELY something to balk at. This guy's disgusting.
@@SpecsAppeal agreed. If they were t going to answer the question they could of left out the rude response. Let’s not forget everyone isn’t as fortunate as this guy. $100 might be nothing to you but to some that’s money that goes toward rent.
@@Ricoxsuav3hh he’s def getting like $10 per haha, but def agree man’s was just asking a question after being surprised at the cost of the service, no need to be rude
Man’s acting like he was working at a restaurant, saw young people ask why the steak is over $50 and told them that’s why cheap people need to eat at cheaper places
@@AllThingsSecuredso you don't want more subscribers. Nice.
Thank you so much
Let me share one more thing with you, I was a victim of sim swap before, so I set a pin and did what you just said, but I went a step further by asking the company to put a note on my account that no changes or swapping the SIM card over the phone or the internet, the only way to do something on my account is to be in the store physically, and with a valid ID.
Now when I try to call the customer service or do something online I get a message: (sorry you need to come to the store with a valid ID in order to make changes.), it's not very convenient but it's more secure somehow.
One question, do you know any bank that allow using physical 2fA key to login?
Thanks again for your awesome info
That's a great way to do it, Michael. Most major banks I know don't allow for a 2FA key, but there are smaller online banks (such as Mercury) that do offer the option to secure with a Yubikey.
@@AllThingsSecured
Thank you so much ❤
I was SIM swapped last week by a person physically in the store with a fake ID. T Mobile didn't require a pin or anything since they had a fake ID. You're not safe with that plan.
@@mattshaul5670 that is what just happened to me today, it was super scary!
@@AllThingsSecured Excuse me, what do you mean by 'DON'T ALLOW'? In Europe, 2FA is a minimum requirement meanwhile for log in as well as for transactions.
Note it is not just two factor authentication. They can reset your password. One should not use the listed phone number as your password reset/two factor authentication number (they are different setting on, say Google). I use a prepaid where SIM swap is not possible. They will not provide a new SIM under any condition (if I lose the phone I lose the number and the balance) as they do not know whose it is. I have that number as the second SIM.
Interesting idea. Thanks for sharing.
I like this idea
Who do you buy your pre-paid SIM from?
Thanks Josh, for the clear and detailed explanation of SIM swapping and yes...great advice and reminder, even for those of us in the IT industry...cheers
One problem is you can often change the default 2-factor mechanism but the fallback is still likely SMS. There needs to be some sort of backup to prove your identity in case your primary method gets lost or broken.
He never showed visually how this scam operates!!!!!!!!!
My bank does allow for the use of a physical dongle required for login. They say it will even work out of the country. But use of the dongle has allowed me to quit using their SMS-2-factor verification.
The presenter failed to tell us how the Effany staff are screened before they are hired. Their jobs give them too much access to people accounts.
Thanks! iPhone has a sim pin in Settings- Cellular. Mine was set by default to 'off', so I enabled it, then set my own unique 5 number pin. I feel it's much more secure now!
Some good information BUT!! it's basically an add for a security system without a price mentioned. To find out the price ? you would, no doubt, have to enter your information???
Are there any cheaper ways? 99 dollars per month is expensive
I don't believe this could happen to me because whenever call my mobile carrier they always ask me for a four digit PIN number that only I know and have known since I set it up and without which I can't change anything
hi, I am one of the SIM SWAP victims. if the card is inserted into someone else's cellphone, it will take 5 minutes. Will the cellphone be hit too? please answer my question
Go personally to a physical outlet when purchasing a phone and renewing your plan. Here in Canada, where I live, I go to an outlet in the mall and they will give me $50 credit card as a token for doing business at their outlet.
So pretty much the hackers still your phone number. But are they able to give the phone number back so you never know? Or is the phone number shared on both devices???
How about all sun swaps be done in person for security reasons . Just like banks will not make any changes to your account via phone . In person only .
With EFANI, what’s the protection against an insider attack? If a TMobile employee can be bought off…
What a lot of people do not understand is that the phone number they use is not theirs, you do not own your phone number, your provider owns it. Not you. Second, use an authenticator app for mfa.
There are plenty out there you can use.
Here (the Netherlands) you have to go to a store physically if you want you sim to be swapped and they will only do it if you bring your ID (Passport, Driver license) card to identify yourself.
Thanks for your attention,
Rik
The iPhone 14 Pro does not use an external SIM card. Does that prevent this theft?
Can’t SIM swap a Google Voice number. Set it up on a dedicated Google account. Sometimes it doesn’t work for me because I assume they check and see if it’s a “real” number with a “real” carrier, but most of the times it works and that’s what I use.
one thing the author doesn't say- is it possible only on I phones with no physical SIM card, but e-Sim card?
My final thought is this is noting more than a video to sell a product. Two step verification is the SECOND step in the process. ON all my accounts where it is setup, the code is NOT sent out UNTIL I have signed into my account using up to a 32 character password that is known only to me. A person cannot just enter a six digit code and gain access to my accounts.
Yes, if they somehow get a hold of my computer or are able to implant a trojan to log keystrokes than that might work. However, since most people use their phone on a daily basis, they just need to understand if the phone no longer works call the provider and find out why. Go next door and call from your neighbors phone.
What gets me is this video is so full of holes it is obvious someone is just trying to sell something.
Thank you for that. I feel a little better about this, after reading what you said. It makes sense to me.
To access the phone account u need the pin and account number. How they get pass that
Is theft from a SIM Swap not possible if one is using 1Password? The thief wouldn't be able to change passwords to my finanical accounts without knowing the original passowords, right? Am I missing something here?
If the SIM swap attacker pretends to be you and says they forgot their password, they can potentially reset your password if they know whatever basic personal info the bank also demands (username, account number, SSN, etc.). SMS 2FA can actually be worse than no 2FA, because they would never be able to do this with an account protected only by your password.
The easiest solution is to keep a VoIP number on file at your bank instead of your real phone number. However, not all banks accept VoIP numbers, so this can narrow your options. It would be great if they allowed TOTP 2FA with an authenticator app (while also allowing SMS to be disabled as an option), but I don't know of a bank in the US that does.
100% of SIM swap attacks are the result of someone other than the owner of the account modifying the account without the owner's approval. A company called Cloaked Wireless has solved this by only letting the subscriber modify the account (their staff can't modify accounts). Basically, it solved the whole SIM swap problem.
My mobile service provider leaked my phone number and the serial number of my sim card. Does this expose me to the increased risk of SIM swapping?
Yes change it
So if someone sim swaps you does your phone/messaging/phone calls still work. Or only the person who got the new sim?
I heard you say that the phone will stop working but are the hackers able to make your phone work again?
So pretty much the hackers still your phone number. But are they able to give the phone number back so you never know? Or is the phone number shared on both devices???
How does setting a pin on the sim card help? Wish this had been explained more fully.
the solution to this SIM swap thing is simple- you need to drive down to your carrier and do the swap THERE- IN PERSON. You need to bring documents such as phone bills, utility bills and of course picture ID. No more over the phone sessions to some minimum wage employee clock watching for her next break.
Too late. They already drained your accounts by the time you figure it out. Also, the guy at the store is in on it.
@@fdllicks yes- the guy in the store that you RANDOMLY picked is 'in on it'. ??? Also- I'm saying to make it a REQUIREMENT that all sim swaps need to be done at the brick & mortar to begin with- not after the fact.
@@lynskyrd This happened 4x to me. Each time the store the fake sim card was sold in was in another state. Twice, it was in Brooklyn NY, where i have never been. Did this happen to you? If not, shut up. Talk about things you have experience with.
@@fdllicks okay- first off, the fact that you got scammed 4x doesn’t make you an authority on the subject- if anything, it just proves you’re either stupid or careless- take your pick. So with that said- let me try this ONE more time: in order to fall victim to this SIM swap- a few things have to ‘line-up’-- the victim would have to have somehow divulged specific information about one’s self- this is usually done through social engineering scams such as “you received a UPS package- please click this link to verify address” - that type of thing. The other piece that has to be in place is - sure- there might be an ‘inside man’ at the Verizon or AT&T store; but that’s traceable provided due diligence is followed. What I’m suggesting is that unilaterally, Verizon, AT&T, T-Mobile, etc enact an across the board policy that only permits SIM swaps at the brick & mortar in which, positive proof of ID must be demonstrated. This includes picture ID, utility bills and past cell phone bills. There is NO WAY a SIM can be stolen this way. OK - I’ll ‘shut-up’ now because I’m done with this- listen-don’t listen- I don't care.
and the old sim... if possible
So what about people who dont have there actual phone number widely known like if you use a service like Hushed or Cloaked would that be a good way to avoid this ???
how if u have a sim card on another persons name that u only use for banking when It's not to be avoided...and for nothing else ...?
1:55 How is this hard to detect? If my SIM gets disconnected from my carrier, then the notification in the top left of my phone changes. I look at my phone multiple times a day. I’m confident I’d notice this immediately.
I never save bank account passwords. How do criminals access to the bank account in this case?
All that effort and things you need to know . What about throwing away your cell phone ? Isn't that an option ? I did it two years ago , works great !
Haha I get that! It's one less thing to remember.
But if you really want one, go SMH less. Buy just the device, do not install the pesky card 💳 (sometimes they come without. Hooray!) Then just use the phone like a mobile computer with wifi
Source: that's what I do+
Me i swapped my sim in france when its a uk sim and since i have done it i have error 50
This happened to me just today. How do I solve this?
is google Fi at risk of this? its a e-sim card or simless phone
Why do they call it a sim swap if they just highjacked your phone number?
Many (most or all?) banks won't allow you to remove your phone number from 2FA or password reset options. This is a problem.
This is great info, thanks. I wouldn't dare do that last thing, though, because I wouldn't be able to remember the fake info I gave for the security questions. It's still a great idea, though.
I agree. I have a hard time remembering the real answer let alone the fake one I came up with two years ago.
@@SurfCityBill Same here. I have a hard time even remembering if I capitalized the first word or not.
@@SurfCityBill Another variation of this that could work is, your answer to those questions is a random phrase or word that you use, which has nothing to do with the question. "Name of favorite pet?" = whatchamcallitphrase. "Name of favorite teacher?" = whatchamacallitphrase, etc...
Or just answer with the 2nd of whatever instead of the first.
First street you lived on? Give the 2nd or 3rd or something you will remember.
If your memory sucks so bad you can't do that. Work on your memory.
If you are unwilling or too lazy to yo do that; get a digital password vault that you keep at home.
But really, just spend less time scrolling and more time working on your memory. You will be way better off developing your brain, rather than rotting it away on social media.
@@borrago answering the second question is a good idea, but I don't know where you get the idea that I spend all my time on social media. Some people have short term memory problems that are not self-inflicted.
Let’s say someone steals my phone #…how would they a) know which bank I deal with? And b) even if they knew that, how would they logon to my online banking to trigger an sms to be sent?
Good information 👍
In Pakistan, even if I give my sim to some scammers myself they can't do anything bad to me. In case they spoof me somehow, for cell carriers to issue them a replacement sim card, they will ask a number of personal info plus a biometric verification (one thumb and and a fingerprint of other hand at least). As for my bank account, it is also set on a fingerprint sign-in method 😊
Sounds like y'all are really ahead of the game there
Are the phone compnay employees in on the scam?
This sim swap thing already happened to T Mobile customers over 3 years ago. There was also an app which allowed sharing of the number. One had to get T Mobile to put a ban on both so that no one could take the number away from your sim nor share your number using another device. Apparently, according to a cyber police officer, neither they or the FBI are interested in stopping this sort of crime. The local police is also not interested. No wonder the crime continues.
Do you know of anything like efani available in Canada?
I have SIM card cloning issues, Authy is SIM based and was exploited in my iphone. Corrupt police can do anything on a cell phone, my ex's friends in police department have been ruthless, corrupt and downright criminal.
That sounds terrible. I'm sorry.
Authy is only sim based when you set it up the first time. Set up Authy on multiple devices, and then turn off multi device. No one can use Authy on a new device unless you enable multi device for setting up a new device.
@@mementomori29231interesting…need more info on multi-auth
Why not carriers call the persons phone number before the carrier does the SIM swap .
M y phone requires a physical sim card that has to be mailed to me.
I need this answer please answer even if it’s one year old this video can it interfere with sms like PayPal sms or what
Doesn't the scammer need your account password to get into your account? There's a reason why they call it two factor authentication. They should need more than your phone number.
There’s many expats from the US and other countries that are living in other countries. How are they able to login to their bank and credit card accounts? Most banks won’t accept a VoIP phone number or VPN. I’ve heard that Tello or US mobile would work but you have to be in the US to get them. I currently live on Guam and I would have to fly to the US just to get an account with Tello or US mobile. I need a solution that works reliably and consistently before I move to another country. Can you help? Thanks.
This is a long standing and unacceptable situation. Commenters here have complained about phone carriers but you're the 1st commenter to bring to attention the disgraceful archaic methods used by the financial institutions. I have the same problem as you and I too will have to go to the US to obtain a US Mobile acct for a long term solution. In the short term, I recommend you get hold of a relative/close friend to create a Google Voice acct for you. Despite using a VPN, I have failed to generate a GV and had to finally get someone in the US to do it for me. Altho GV is technically a virtual #, it appears to work with most banks. I would then get a 2nd virtaul number to link to the GV#. I've tried Hushed and it's decent - however, it will not work as a verification number for GV. It appears to work directly with some banks too but is not guaranteed. Torn my hair out trying to find a solution, again I stress that the current situation is unacceptable and all we can do is pray that all FINs adopt an alternative method.
Amen, you should pray about that
@@SN-ed7wiyeah, praying over changing the financial system always works
I'm curious, how concerned are you about your mobile phone provider? If it's a serious concern, check out the added privacy and protection of Efani: efani.com/allthingssecured
What else they can attack in future ?
Third party ( tv media or radio ) seems pissed n try to attack when they cant
@Savy Lany nope. Most guys just want your money 💰 or atleast the people ik 🤷 so I wouldn't worry about that just secure your device and account
@@savylany5754Broadcast interruptions and channel hijacks are old hat. Both analogue and digital systems have been used in the wild, from the late eighties until 2020 being the most recent I'm aware of.
In the cases I know of, it wasn't for the purposes of fake news, but with AI video deepfakes becoming ever more widespread, in conjunction with a seamless signal hijack, you could fool just about anyone watching.
As IoT devices smart TVs can also put a network at risk. And you wouldn't need anywhere near as much know-how and expensive equipment.
if u dont use sms verifaction your vulnerable to key loggers i think key loggers are more common
Hi, Can you make a video about SIM LOCK, this feature available in Android and iPhone. How is the sim lock work? Would it prevent SIM SWAP? AND further more about Esim. Would Esim prevent sim swap since it's not a physical sim card? Thanks
You can put a 4 digit lock code on your SIM which prevents it being used in another phone or indeed your own phone until you've entered it on turning on the phone but it wouldn't prevent the SIM swap fraud being discussed because the fraudster gets hold of another SIM which replaces yours
The FEDS can use devices in your neighbors house that can make your cell phone think it's connecting to a legit tower when it's actually connecting to their device. This enables them to access your operating system and perform a Sim SWAP and perform Debugging operations on your phone.
I have Efani.. So far so good.
Helpful info that isn’t widely discussed
With the newer/higher end phones it's optional use a SIM - they have an "eSIM" which is builtin to the phones. I know iPhone 13 as one example I have personally helped someone switch to. Just call tech support with your cell provider and tell them you want to use only the eSIM. Then break the SIM with plyers, throw it away, and you're safe from this scam no matter what. Or Google on how to add the SIM pin if you don't have one. (The default pin is 0000 with Androids apparently, which is needed to set your pin.)
I have Google Fi cell service and they say that I have to be logged into my Google account in order to make any changes to my account. Is this good enough protection from this scam? I suppose not if my Google account itself has become compromised.
someone is going to take over your account by asking very nicely for the phone company to give them your phone number. Once they have you phone number, they may have access to whatever is on your phone.
I refuse to use SMS for 2FA. OTP or Yubi.
I get that, but sometimes you don't have that choice, you know what I mean?
@@AllThingsSecured Yes. Like Gmail. So I stopped using Gmail.
Actually, it's possible to use Gmail without SMS 2FA. In fact, I only have my Yubikeys as my 2FA for Google.
@@TonyRule Microsoft is also a fine one. They support authenticator apps, but still require you to have at least one e-mail or phone number for authentication on personal accounts.
.. but this is no different from all the other possible ways that someone can impersonate me by knowing sufficient of my personal details.
Why can't the carrier ask for a password, like any normal person, or do voice recognition like my bank manages to do ?
Here in the state of Colorado some police departments won't even bother to help you with any identy theft or cyber crime. You can't get a report to help you .
Let’s assume that I have sufficient precautions with my mobile carrier to ensure that nobody can impersonate me (yeah, I know: easier said than done, but just assume). Question: Can a hacker’s carrier take my phone number without first authorizing that with my current carrier?
Is this only an issue with 2FA? I don’t text so my 2FA is though my email.
What about voip phone like Google Voice?
This was an infomercial 😂
1000 bucks a year ! Who can afford that in today's world with prices of basics like food etc getting more and more unaffordable ?!
What should I do if my mom was sim swap. What are all the steps I should take to make sure they cannot take more.
Sim Swap may transfer the phone but it does not transfer the Keychain where the user id and passwords are housed , without out the user id a sim swap is useless even if a 2FA account reset is done imo.
Boost guy STOLE MY SIM CARD IT WAS REMOVED FROM THE CARD BUT PHONE NOTICES SAY GJE SIM VARD IS MISSING NOT EVEN REG IN MY NEW GALAXY PHONE.