No. I don't care what they do, you will NEVER be safe from a SIM swap. As long as your security key is controlled by a 3rd party you are vulnerable. The fault is ANY company that forces use of SMS a a factor for MFA. It's insane that SMS is used for this. The only secure way of dealing with things is hardware keys, auth apps or passkeys. SMS should be thrown in the rubbish bin for any form of security. It was meant to send quick personal messages between people who know each other, that's what it should remain doin.
How can u avoid getting scammed by sim swap? DO NOT MAKE BANK BUSINESS THROUGH PHONE APP!!!! I do my bank business on my lap top at home through bank internet page and bank codes. There is nothing that can not wait to get paid until u get home and nobody can access my bank account without my pin number and bank codes, even thou i receive an sms to confirm transactions.
@@bambinaforever1402 Sure. Now, how about most banks in my country that only offer SMS as a 2FA? There are no 'bank codes', it's SMS or nothing. And no, this has nothing to do with using a phone app, logging in on the web is exactly the same process. Yes, our banks are stupid bad for security.
@@tombucannon because, like every other company in this country, they don't care. All they want is that bill paid each month and screw your and you security conserns.
as someone who works in phone retail, this could never work because we so often have people who lost our broke their device and don’t have a secondary security number/family member to call to verify
What they need to do is force you to visit one of the stores with some sort of government issued photo ID (this would mean no credit cards can be used as ID). The whole idea is to do it in person rather than taking your word that the account is yours. Too many things are done over the phone or internet rather than in person. It is only for convenience. It is time to give up some of that convenience in exchange for security. Too many people want convenience but they don't realize what they get in exchange.
In my case, my exboyfriend did just that. He physically went into the store in another state claiming he wanted to port his number to his new phone, but it was my phone number. Fortunately, for me, we had the same carrier who pulled up the number he gave them, saw a female name on the account and called me and left a message on my voicemail. I, of course, called them back immediately and told them I had ended our relationship because I caught him steaming open all my mail while I was out of the country for 6 weeks going to school abroad in Paris. He offered to take care of my dog while I was out of the country (so he could go through all my mail and computers while I was away). Seriously. This was a man who treated me so well, was kind to my dog, and who never showed any signs of jealousy, rage, or violence toward me (or anyone). It just goes to show you that some people are extremely accomplished at being two-faced to the point of it being nearly undetectable. This was a highly intelligent man, who was moving to Cambridge, MA to attend MIT b-school, and it was there that he tried to port my number to his new phone AFTER I had caught him steaming open my mail and cut all contact with him and told him to never contact me via any form of communication again ever. He was such a seemingly nice, kind, generous man you would never suspect of anything like this, but that was just who he pretended to be when he was with me. He was living a kind of double persona around his friend group. His last words to me as I was escorting him out of my apartment building were, "I've never know anyone who is as honest as you are." I told him to remember that when someone else betrays him, how he treated the most honest person he had ever known in his lifetime." He hung his head and left quietly. Two months later, he tried to port my phone number and sim card to his phone on the other side of the US. Only the carrier calling my voicemail and leaving me a message saved him from being successful at it.
You can still increase protection by removing sms 2fa from sensitive accounts, instead relying on 2fa authentication apps on a biometrically secured phone.
@@fdllicksYep and it is groups and clubs. Need to go a little deeper with police work and really see who these people are working for. It’s not hard and I will not say it here. Groups and Clubs have changed. Not so much the burly dude anymore. Now it’s sending out people in the Suburbs to steal. Should be charged with Domestic Terrorism. I wouldn’t trust anyone especially in or near your home or phone . Turn Numbers Lock on and get off WIFI. Be careful at the Bits By store and the Tweak Squad . It is Rampant. (Not all but more than you think and can imagine).
In Italy, where I live and work, you have to present the phone company operator a police statement (theft, lost SIM, etc.) and an identity document (Passport, Identity Card, etc.) in order to get a new SIM. It has always been so. The European Union has recently released a series of rules to phone companies in order to fight SIM swapping and others types of scam. Transfering the phone number to a new operator is equally protected. For example, a phone call or a SMS is sent to the existing SIM in order to notify the user before moving the number to the new SIM.
@@bambinaforever1402no problem...ur id is stored at the company ..its easy to check if you are you ( passport, loss report from.police,puk code ) and all in person...
I was called by a tmobile store in brooklyn ny bcz a 19 yr old walked in with a completely legit looking drivers license with my name on it. They were suspicious bcz he was 19 and i am 51. also, their buddy works at the store and is orchestrating everything. Their buddy at the store is in on it.
Video is useless with the level fairly cheap AI can produce. It might work for a few month but soon AI will be able to produce on demand responses in real time. In person or bust imo.
Phone companies are not providing secure services to those paying the monthly talk and text bill and should be held accountable as they know from the get-go the consumer is NOT secure!!!!! The end users are not technically savvy and expected to figure this stuff out is ridiculous!!
Yes, because lots of information about you is available on public records. One common question is, in what city were you married. They can find the answer but if you give the wrong city as your answer, even if they know the right answer it will be wrong.
I started doing this after yahoo email was hacked, and I couldn't remember which security questions I'd answered (yahoo required them), and stupid yahoo gave no record of that.. At least there seems to be little use of security questions anymore.
Doesn't help. Inside jobs that are hard to trace. One employee steals another's credentials etc. Can also easily infect some store location with malware.
@@dodgek5270 Happens all the time already, and a guy lost millions in crypto and *lost* a lawsuit against att for this exact scenario. Carriers aren't responsible for sophisticated criminal employees that strike without warning...
100% Our phones aren't toys. It should be harder to swap sims than to get a passport ffs! Hell you should have to bring a witness, who has ID as well, that is pre listed on your phone account.
Interesting. In most developed countries you need to provide physical ID at a physical location or authenticate with your online banking credentials to request a new SIM, which can only be sent to your registered address or picked up from a store with physical ID like a passport or ID card.
I called AT&T and said DO NOT allow SIM swapping on my account about 2y ago. They said they have no way of doing this! I said okay put your manger on the phone, told them this phone call is recorded and that I want you to personally note my account that SIM SWAPS are not allowed unless done in person. I doubt they gave me a real name OR that my account was noted so I tested it and NO NOTE was added. The fact that a multi billion dollar company can't add a policy saying anything SIM related must be done in person, including changing options from this point on, is beyond me. Reminds me of trying to buy a series X from Microsoft a few years back, THE tech giant of the world, does not have a simple captcha in place to prevent bots from exploiting on their website. We must be real naive not to be able to read between the lines...
The bank bit pisses me off and like the phone companies, they should be held accountable for not taking steps to enable their customers to CYA. Your video was very informative as always. Thanks to you, my wife and I bought Yubikeys and love them! Thank you!
Re: carrier account pin code or p/w....a good practice is to change it after calling carrier and giving it to them to verify your account. You never known if they've written down somewhere
One more easy and important tip which you should have mentioned is to never use your primary SIM number as the 2FA number. Buy a 2nd SIM and use that for important accounts and only use for those accounts and never contact anyone with that SIM nor share that number with anyone.
But they're also low paid (and relatively numerous) and thus, low in quality. And quality costs money. We all want vast numbers of top quality people on the job until we realize how much that'll cost us. Large numbers of highly trained, high quality employees are not cheap, and you have to recruit and retain them, too. Millions in advertising is actually quite cheap, by comparison, and unlike customer service, ads generate revenue- which in turn could be used to improve customer service.
@@BologneyT yep, when your paycheck doesnt cover the bills, and you start thinking. And your buddy comes to you and asks you to help him with a sim card swap for$100. You look at your tiny paycheck, and tmobile says "we arent paying you for lunch anymore", and "come in at 11 instead of 9", it is tempting.
How do we know a product like "Efani" doesn't create a problem like this so they can sell their product. I'm always highly suspicious of such things. Remember a little movie way back in the 90's with Sandra Bullock called "The Net?"
Is this video sponsored content? I can't even tell, but I'm sketched out by the fact that not even a minute into the video, in rolls an inbuilt ad for a product you claim is "the only service" that protects against the scam that is the subject of the video. It just has that same creepy, inauthentic feel that sponsored content always has.
So the weakest link here is the customerservice of your cellphone provider. I just decided to read into how my provider deals with it and it seems they have extra security layers build in which is good to know. They also seem to get training a lot to look out for the signs.
The weakest link is the 1970s protocols that underpin mobile signals data. SS7 was outed to the world nearly ten years ago, and security is no tighter than it was, other than the employees with access being less open to bribes, and perhaps their access more tightly monitored when using certain parts of the system.
So there is no way to easily avoid it, other than your recommendation to buy this expensive third party cellphone plan. As far as Efani, one of my main concerns is if they all of a sudden go out of business. Since they're the one your phone number is with, and not the underlying carrier, you might be screwed and lose your number. They'll be no way to port it out. :/
Note it is not just two factor authentication. They can reset your password. One should not use the listed phone number as your password reset/two factor authentication number (they are different setting on, say Google). I use a prepaid where SIM swap is not possible. They will not provide a new SIM under any condition (if I lose the phone I lose the number and the balance) as they do not know whose it is. I have that number as the second SIM.
I had just subscribed...then I saw his rude snarky reply. Notice he didn't answer the question. This is a thinly veiled infomercial. During times of exponential inflation and the tail end of a pandemic that devastated the economy, $100 is DEFINITELY something to balk at. This guy's disgusting.
@@SpecsAppeal agreed. If they were t going to answer the question they could of left out the rude response. Let’s not forget everyone isn’t as fortunate as this guy. $100 might be nothing to you but to some that’s money that goes toward rent.
@@Ricoxsuav3hh he’s def getting like $10 per haha, but def agree man’s was just asking a question after being surprised at the cost of the service, no need to be rude Man’s acting like he was working at a restaurant, saw young people ask why the steak is over $50 and told them that’s why cheap people need to eat at cheaper places
I use authenticator apps everywhere I can, but tell me, why don't banks give you the option to use authenticator apps? That's the most vulnerable account for anyone and banks don't let you use the more effective methods of authentication!
100% of SIM swap attacks are the result of someone other than the owner of the account modifying the account without the owner's approval. A company called Cloaked Wireless has solved this by only letting the subscriber modify the account (their staff can't modify accounts). Basically, it solved the whole SIM swap problem.
Thank you so much Let me share one more thing with you, I was a victim of sim swap before, so I set a pin and did what you just said, but I went a step further by asking the company to put a note on my account that no changes or swapping the SIM card over the phone or the internet, the only way to do something on my account is to be in the store physically, and with a valid ID. Now when I try to call the customer service or do something online I get a message: (sorry you need to come to the store with a valid ID in order to make changes.), it's not very convenient but it's more secure somehow. One question, do you know any bank that allow using physical 2fA key to login? Thanks again for your awesome info
That's a great way to do it, Michael. Most major banks I know don't allow for a 2FA key, but there are smaller online banks (such as Mercury) that do offer the option to secure with a Yubikey.
I was SIM swapped last week by a person physically in the store with a fake ID. T Mobile didn't require a pin or anything since they had a fake ID. You're not safe with that plan.
@@AllThingsSecured Excuse me, what do you mean by 'DON'T ALLOW'? In Europe, 2FA is a minimum requirement meanwhile for log in as well as for transactions.
It seems you can't, because the phone company customer service can't be trusted. No more online banking for me. And I'll continue ignoring my email account's pleas for 2FA activation.
Go personally to a physical outlet when purchasing a phone and renewing your plan. Here in Canada, where I live, I go to an outlet in the mall and they will give me $50 credit card as a token for doing business at their outlet.
One problem is you can often change the default 2-factor mechanism but the fallback is still likely SMS. There needs to be some sort of backup to prove your identity in case your primary method gets lost or broken.
@@ElaineGarcia-uo8qj lolz you are the only person that gets it. no sim = no sim swap. People always overlook the simple for the complex. I travel the world with no sim and log in with vpn. never a problem.
Haha I get that! It's one less thing to remember. But if you really want one, go SMH less. Buy just the device, do not install the pesky card 💳 (sometimes they come without. Hooray!) Then just use the phone like a mobile computer with wifi Source: that's what I do+
Thank you so much for these suggestions. Thanks to you, I was able to set up a SIM PIN, and I also enabled other security features my carrier offers to harden my account against misuse. Great tips! 👍
@@alejandragonzalezguel900False sense of security is a wonderful thing... In real life, the risk is from an insider at the cell carrier, or malware infected store computers... Neither of those is likely to happen to a bank. Hence: use a secret sim only with banks...and realize that whenever a human looks at your account, your secret # is less a secret - so do everything on mobile app, secured by biometrics and an extra security app that adds PIN to that, in case phone is stolen. That's what I do...
Some good information BUT!! it's basically an add for a security system without a price mentioned. To find out the price ? you would, no doubt, have to enter your information???
My final thought is this is noting more than a video to sell a product. Two step verification is the SECOND step in the process. ON all my accounts where it is setup, the code is NOT sent out UNTIL I have signed into my account using up to a 32 character password that is known only to me. A person cannot just enter a six digit code and gain access to my accounts. Yes, if they somehow get a hold of my computer or are able to implant a trojan to log keystrokes than that might work. However, since most people use their phone on a daily basis, they just need to understand if the phone no longer works call the provider and find out why. Go next door and call from your neighbors phone. What gets me is this video is so full of holes it is obvious someone is just trying to sell something.
This is great info, thanks. I wouldn't dare do that last thing, though, because I wouldn't be able to remember the fake info I gave for the security questions. It's still a great idea, though.
@@billl1127 Another variation of this that could work is, your answer to those questions is a random phrase or word that you use, which has nothing to do with the question. "Name of favorite pet?" = whatchamcallitphrase. "Name of favorite teacher?" = whatchamacallitphrase, etc...
Or just answer with the 2nd of whatever instead of the first. First street you lived on? Give the 2nd or 3rd or something you will remember. If your memory sucks so bad you can't do that. Work on your memory. If you are unwilling or too lazy to yo do that; get a digital password vault that you keep at home. But really, just spend less time scrolling and more time working on your memory. You will be way better off developing your brain, rather than rotting it away on social media.
@@borrago answering the second question is a good idea, but I don't know where you get the idea that I spend all my time on social media. Some people have short term memory problems that are not self-inflicted.
the solution to this SIM swap thing is simple- you need to drive down to your carrier and do the swap THERE- IN PERSON. You need to bring documents such as phone bills, utility bills and of course picture ID. No more over the phone sessions to some minimum wage employee clock watching for her next break.
@@fdllicks yes- the guy in the store that you RANDOMLY picked is 'in on it'. ??? Also- I'm saying to make it a REQUIREMENT that all sim swaps need to be done at the brick & mortar to begin with- not after the fact.
@@lynskyrd This happened 4x to me. Each time the store the fake sim card was sold in was in another state. Twice, it was in Brooklyn NY, where i have never been. Did this happen to you? If not, shut up. Talk about things you have experience with.
@@fdllicks okay- first off, the fact that you got scammed 4x doesn’t make you an authority on the subject- if anything, it just proves you’re either stupid or careless- take your pick. So with that said- let me try this ONE more time: in order to fall victim to this SIM swap- a few things have to ‘line-up’-- the victim would have to have somehow divulged specific information about one’s self- this is usually done through social engineering scams such as “you received a UPS package- please click this link to verify address” - that type of thing. The other piece that has to be in place is - sure- there might be an ‘inside man’ at the Verizon or AT&T store; but that’s traceable provided due diligence is followed. What I’m suggesting is that unilaterally, Verizon, AT&T, T-Mobile, etc enact an across the board policy that only permits SIM swaps at the brick & mortar in which, positive proof of ID must be demonstrated. This includes picture ID, utility bills and past cell phone bills. There is NO WAY a SIM can be stolen this way. OK - I’ll ‘shut-up’ now because I’m done with this- listen-don’t listen- I don't care.
I'm curious, how concerned are you about your mobile phone provider? If it's a serious concern, check out the added privacy and protection of Efani: efani.com/allthingssecured
@@savylany5754Broadcast interruptions and channel hijacks are old hat. Both analogue and digital systems have been used in the wild, from the late eighties until 2020 being the most recent I'm aware of. In the cases I know of, it wasn't for the purposes of fake news, but with AI video deepfakes becoming ever more widespread, in conjunction with a seamless signal hijack, you could fool just about anyone watching. As IoT devices smart TVs can also put a network at risk. And you wouldn't need anywhere near as much know-how and expensive equipment.
I have SIM card cloning issues, Authy is SIM based and was exploited in my iphone. Corrupt police can do anything on a cell phone, my ex's friends in police department have been ruthless, corrupt and downright criminal.
Authy is only sim based when you set it up the first time. Set up Authy on multiple devices, and then turn off multi device. No one can use Authy on a new device unless you enable multi device for setting up a new device.
You know the real reason most large financial institutions use SMS? It's safe. What the alarmists will never give you is hard data. How many SIM swaps were there last year involving financial fraud? How much money was taken? The banks have these numbers and they are not concerned. This whole issue is a chasm between potential and actual. Most SIM swaps are domestic disputes.
All very well to be aware of this, but is is the SECOND factor. The first factor is knowing the victim's bank account number AND their online password to log in, AND their phone number. None of these many videos about sim swapping even mention how that primary breach happened in the first place.
@@AllThingsSecured Yes, but It is still the same question... they do not have your phone to get the account number. They only have your new sim which gives them your phone number. So the first data breach had to happen another way.
What a lot of people do not understand is that the phone number they use is not theirs, you do not own your phone number, your provider owns it. Not you. Second, use an authenticator app for mfa. There are plenty out there you can use. Here (the Netherlands) you have to go to a store physically if you want you sim to be swapped and they will only do it if you bring your ID (Passport, Driver license) card to identify yourself. Thanks for your attention, Rik
Was almost a victim, luckily I received a message from mobile carrier that I have 1 hour and I called the customer service, it was in process of sim swap , they were able to cancel on time .
SIM change shouldn't rely on a few security questions! They should see that the phone SIM is currently active on a phone IMEI that has been the same for some time. They can even see that it's in the same area. If at home, then they would see it connected to the same cell tower that it's always connected to. If the thief claims that the phone was stolen, then need to show identity plus a plausible story. Especially when claiming that it's lost in a state that the phone wasn't recently in. Sure, people lose phones when they travel, and maybe you dropped it at the airport before your flight and report it missing in the new state, but then you could prove your story. If the person can't prove the story, then send message then block the number for 24 hours to give the real owner time to go to the store.
Doesn't the scammer need your account password to get into your account? There's a reason why they call it two factor authentication. They should need more than your phone number.
My boyfriend has a few of them plugin keys, and other weird looking gadgets. He is a network engineer mostly focusing on cyber security. I have all these issues literally DAILY
For what it's worth, I also live in Thailand. After watching this, with my passport being the only real piece of identification AIS has on me, I just got assured by customer service that the only way a replacement would be issued requires personal presentation of my passport. Apparently, they can't even access the number.
I enabled sim lock but when I'm logged in the sim card is unlocked. I need to use my selected pin before the login. I use my flip phone for bank texts. Instead
Here in the state of Colorado some police departments won't even bother to help you with any identy theft or cyber crime. You can't get a report to help you .
Use masked emails For your primary carrier I cannot stress this enough that and 2FA and if a company or bank will still only let you use a phone number use your masked one that gets filtered through a privacy app that way it intercepts the code first and your phone number doesn’t get it at all!
How about all sun swaps be done in person for security reasons . Just like banks will not make any changes to your account via phone . In person only .
Makes me very glad I was already insisting on non-SMS forms of 2FA to make it harder for "advertising partners" to use it as a high-reliability cross-site identifier or telemarket to me.
It has happened in UK in the past, but it is now so tied down no carrier would dare, or be able to do it. It really isn't worth the risk for even a disgruntled staff member to do it.
Hi, Can you make a video about SIM LOCK, this feature available in Android and iPhone. How is the sim lock work? Would it prevent SIM SWAP? AND further more about Esim. Would Esim prevent sim swap since it's not a physical sim card? Thanks
You can put a 4 digit lock code on your SIM which prevents it being used in another phone or indeed your own phone until you've entered it on turning on the phone but it wouldn't prevent the SIM swap fraud being discussed because the fraudster gets hold of another SIM which replaces yours
That's why you, Americans, need a SISSy act (for Stop Illicit Sim Swaps), obliging every carrier to log every SIM issued and provide their logs at the first police request.
Once again while watching SIM-swap related video I don't understand where in the world does that flawed practice of swapping SIM "legally" based on just a remote call of seeming "owner of a stolen phone" takes place?
Carriers rely on sve labor and storage wages in order to collect the insurance from scammed customers when it would in fact be easier to raise those wages and instead of holding the employee accountable, use the case to form an comprehensive investigation of where the fraud and scammers operate.
The key is to never make public anywhere your birthday, your bank account login name or numbers, and your address. The carrier I am with requires a 4 digit pass code, and the billing account number that is associated with the SIM card. For a SIM change they may ask the customer to visit one of their stores, and bring 2 IDs and a copy of the last phone bill.
There’s many expats from the US and other countries that are living in other countries. How are they able to login to their bank and credit card accounts? Most banks won’t accept a VoIP phone number or VPN. I’ve heard that Tello or US mobile would work but you have to be in the US to get them. I currently live on Guam and I would have to fly to the US just to get an account with Tello or US mobile. I need a solution that works reliably and consistently before I move to another country. Can you help? Thanks.
This is a long standing and unacceptable situation. Commenters here have complained about phone carriers but you're the 1st commenter to bring to attention the disgraceful archaic methods used by the financial institutions. I have the same problem as you and I too will have to go to the US to obtain a US Mobile acct for a long term solution. In the short term, I recommend you get hold of a relative/close friend to create a Google Voice acct for you. Despite using a VPN, I have failed to generate a GV and had to finally get someone in the US to do it for me. Altho GV is technically a virtual #, it appears to work with most banks. I would then get a 2nd virtaul number to link to the GV#. I've tried Hushed and it's decent - however, it will not work as a verification number for GV. It appears to work directly with some banks too but is not guaranteed. Torn my hair out trying to find a solution, again I stress that the current situation is unacceptable and all we can do is pray that all FINs adopt an alternative method.
i travel the world with no sim and login to 2 banks 4 brokerage accounts credit cards etc and never a problem. Google voice and vpn works for me with wifi. No sim = no sim swap. google advanced security locks my google accounts behind physical keys. Perhaps some banks in usa have a problem with sms over voip but I have never had that problem and I bank primarily in USA. Humorous that many backwards countries have banks with better online security than in USA.
You didn't explain: 1. Scammer needs userid BEFORE they can click on " forgot password" Having the sim card does not tell scammer what banking APPS are on your phone, what any saved userids are, or even what banks you use. 2. Service provider always is supposed to ask for passcode or answer to secret questions before believing anything. They should also attempt to call/text/email the phone first.
With the newer/higher end phones it's optional use a SIM - they have an "eSIM" which is builtin to the phones. I know iPhone 13 as one example I have personally helped someone switch to. Just call tech support with your cell provider and tell them you want to use only the eSIM. Then break the SIM with plyers, throw it away, and you're safe from this scam no matter what. Or Google on how to add the SIM pin if you don't have one. (The default pin is 0000 with Androids apparently, which is needed to set your pin.)
My mother's maiden name is a random string generated by my password manager. I haven't tried to pass phone security with it just yet, but I'm sure it would raise some eyebrows.
I use an app called S. S. E. That's a password storing app that you can store all your different answers to. You can also encrypt & decrypt text messages that you can then send over unsecured SMS apps & WITHOUT the proper password is a jumbled mess of nonsense.
Hi. Everyone. I have a question. Is Sim lock will prevent Sim swap (phone number port out) ? I saw a few UA-cam videos how to set Sim lock from the phone. But I'm not sure if that will prevent the Carrier from port your phone number out ? Any input information. Greatly appreciated. Thanks
You can put a 4 digit lock code on your SIM which prevents it being used in another phone or indeed your own phone until you've entered it on turning on the phone but it wouldn't prevent the SIM swap fraud being discussed because the fraudster gets hold of another SIM which replaces yours
Verizon let's you set a PIN to prevent number transfer, but it specifically says this does not prevent SIM swapping. As far as I can tell Verizon has NO protections against swapping.
Is theft from a SIM Swap not possible if one is using 1Password? The thief wouldn't be able to change passwords to my finanical accounts without knowing the original passowords, right? Am I missing something here?
If the SIM swap attacker pretends to be you and says they forgot their password, they can potentially reset your password if they know whatever basic personal info the bank also demands (username, account number, SSN, etc.). SMS 2FA can actually be worse than no 2FA, because they would never be able to do this with an account protected only by your password. The easiest solution is to keep a VoIP number on file at your bank instead of your real phone number. However, not all banks accept VoIP numbers, so this can narrow your options. It would be great if they allowed TOTP 2FA with an authenticator app (while also allowing SMS to be disabled as an option), but I don't know of a bank in the US that does.
Simple solution is to require customers go to cell phone stores in person and show government ID to have their number switched to a new sim card. This is beyond basic and our telecom companies should be held liable for all damages/missing money that happens through sim swapping. OUR society has given up security around too many critical areas of our lives in exchange for convenience. I'm not purchasing some plan to cover me in case this ever happens to me, as those things always have loopholes, just like insurance companies. I will be going into my cell provider and having them put a note in my file that unless I go in to a store in person with my ID NO sim card swapping is authorized. I will also be going to my bank and making it known that no charges over "x" number of dollars is authorized. If they wont agree and give me a copy in writing of the agreement, I will withdraw all my money. Not even joking.
every site which asks for mother's maiden name, favorite movie, etc..., I provide a different response to the same question each time and I store that info somewhere.
Good information 👍 In Pakistan, even if I give my sim to some scammers myself they can't do anything bad to me. In case they spoof me somehow, for cell carriers to issue them a replacement sim card, they will ask a number of personal info plus a biometric verification (one thumb and and a fingerprint of other hand at least). As for my bank account, it is also set on a fingerprint sign-in method 😊
The really hilarious part in all of this. Most all countries not in the western world have better banking security. A price to pay for having prehistoric politicans running the country.
Interesting. So for anything financial we have a dedicated chromebook with a bogus account. From that chromebook/account I only ever log onto my password vault. So in theory even if my phone was sim swapped, then the google account they got access to would be my personal account, not the bogus one that I accessed the financial stuff. I never log onto my password vault from my regular email, So in theory if I was sim swapped it would be irritating but they would have no way to know what the 2FA codes were for right??
lock your google account behind a physical key. google advanced security is most secure way to go. Google voice, physical key, vpn and now you are locked down. no sim = no sim swap and your passwords are locked behind a physical key. Never associate a sim phone number to a financial account again.
Just notify carriers and banks that porting and wiring must be done in real person. In addition to all double verifications. Third party privacy services can also be hacked.
This is totally the fault of the phone companies and they should be held liable for the loses due to their lack of security in these instances.
No. I don't care what they do, you will NEVER be safe from a SIM swap. As long as your security key is controlled by a 3rd party you are vulnerable. The fault is ANY company that forces use of SMS a a factor for MFA. It's insane that SMS is used for this.
The only secure way of dealing with things is hardware keys, auth apps or passkeys. SMS should be thrown in the rubbish bin for any form of security. It was meant to send quick personal messages between people who know each other, that's what it should remain doin.
Or call your banker. Nevermind, most of my employees love no banking personalization.
How can u avoid getting scammed by sim swap? DO NOT MAKE BANK BUSINESS THROUGH PHONE APP!!!! I do my bank business on my lap top at home through bank internet page and bank codes. There is nothing that can not wait to get paid until u get home and nobody can access my bank account without my pin number and bank codes, even thou i receive an sms to confirm transactions.
@@bambinaforever1402 Sure. Now, how about most banks in my country that only offer SMS as a 2FA? There are no 'bank codes', it's SMS or nothing.
And no, this has nothing to do with using a phone app, logging in on the web is exactly the same process.
Yes, our banks are stupid bad for security.
@@repatch43 Bank of America uses SMS text as 2FA, which is the ONLY 2FA that they support. A major bank... and that's their ONLY option....
Here’s a stupid question…why don’t Carriers call the actual number before allowing a sim swap?
Idea to simple for complex unchecked levels at corporate
@@tombucannon because, like every other company in this country, they don't care. All they want is that bill paid each month and screw your and you security conserns.
as someone who works in phone retail, this could never work because we so often have people who lost our broke their device and don’t have a secondary security number/family member to call to verify
So that the one who stole your phone can cancel the swap?
It is not a stupid question
What they need to do is force you to visit one of the stores with some sort of government issued photo ID (this would mean no credit cards can be used as ID). The whole idea is to do it in person rather than taking your word that the account is yours. Too many things are done over the phone or internet rather than in person. It is only for convenience. It is time to give up some of that convenience in exchange for security. Too many people want convenience but they don't realize what they get in exchange.
In my case, my exboyfriend did just that. He physically went into the store in another state claiming he wanted to port his number to his new phone, but it was my phone number. Fortunately, for me, we had the same carrier who pulled up the number he gave them, saw a female name on the account and called me and left a message on my voicemail. I, of course, called them back immediately and told them I had ended our relationship because I caught him steaming open all my mail while I was out of the country for 6 weeks going to school abroad in Paris. He offered to take care of my dog while I was out of the country (so he could go through all my mail and computers while I was away).
Seriously.
This was a man who treated me so well, was kind to my dog, and who never showed any signs of jealousy, rage, or violence toward me (or anyone). It just goes to show you that some people are extremely accomplished at being two-faced to the point of it being nearly undetectable.
This was a highly intelligent man, who was moving to Cambridge, MA to attend MIT b-school, and it was there that he tried to port my number to his new phone AFTER I had caught him steaming open my mail and cut all contact with him and told him to never contact me via any form of communication again ever.
He was such a seemingly nice, kind, generous man you would never suspect of anything like this, but that was just who he pretended to be when he was with me. He was living a kind of double persona around his friend group.
His last words to me as I was escorting him out of my apartment building were, "I've never know anyone who is as honest as you are." I told him to remember that when someone else betrays him, how he treated the most honest person he had ever known in his lifetime." He hung his head and left quietly.
Two months later, he tried to port my phone number and sim card to his phone on the other side of the US. Only the carrier calling my voicemail and leaving me a message saved him from being successful at it.
The don't require it to vote. Also they won't require it to transfer because people are lazy.
The guy at the store is in on it. He is buddies with the thief and orchestrating everything.
That is how it is done here. Finland. The country with the first operational GSM network.
@@fdllicks Yes, and next the person, who issued the change, faces some interesting questions. Simple.
More proof that regardless of how vigilant you are with cyber security, the large corporations we commerce with are the weakest link.
You can still increase protection by removing sms 2fa from sensitive accounts, instead relying on 2fa authentication apps on a biometrically secured phone.
Until security is tightened on the SS7 protocols your data is open to interception anyway. Just don't use SMS for 2FA.
Your phone service carrier should be held liable for poor employee training if sim swap happens to you.
Usually, the guy at the store is in on it.
Bottom line I have a cheap prepaid phone. I was already scammed.
@@Maria-fz1muu do not need to have a cheap phone to have a prepaid sim card. I have an expensive iphone with prepaid UNREGISTERED card
How would it have the same number if your phone still work?
@@fdllicksYep and it is groups and clubs. Need to go a little deeper with police work and really see who these people are working for. It’s not hard and I will not say it here. Groups and Clubs have changed. Not so much the burly dude anymore. Now it’s sending out people in the Suburbs to steal. Should be charged with Domestic Terrorism. I wouldn’t trust anyone especially in or near your home or phone . Turn Numbers Lock on and get off WIFI. Be careful at the Bits By store and the Tweak Squad . It is Rampant. (Not all but more than you think and can imagine).
In Italy, where I live and work, you have to present the phone company operator a police statement (theft, lost SIM, etc.) and an identity document (Passport, Identity Card, etc.) in order to get a new SIM. It has always been so. The European Union has recently released a series of rules to phone companies in order to fight SIM swapping and others types of scam. Transfering the phone number to a new operator is equally protected. For example, a phone call or a SMS is sent to the existing SIM in order to notify the user before moving the number to the new SIM.
This!!!
As it should be!!!
EU is always lightyears ahead of US/Can in these things.
That is a bummer. If your phone is stolen or got destroyed together with sim card how is that possible
@@bambinaforever1402no problem...ur id is stored at the company ..its easy to check if you are you ( passport, loss report from.police,puk code ) and all in person...
how about requiring customers come to a phone store and show their physical ID? if they can’t there is always video conference.
I was called by a tmobile store in brooklyn ny bcz a 19 yr old walked in with a completely legit looking drivers license with my name on it. They were suspicious bcz he was 19 and i am 51. also, their buddy works at the store and is orchestrating everything.
Their buddy at the store is in on it.
My carrier tracfone doesn't require a security word . Confusing
Video is useless with the level fairly cheap AI can produce. It might work for a few month but soon AI will be able to produce on demand responses in real time. In person or bust imo.
2FA via SMS can be intercepted anyway. Don't use SMS for 2FA.
The phone companies should be held accountable
I wish they were.
Phone companies are not providing secure services to those paying the monthly talk and text bill and should be held accountable as they know from the get-go the consumer is NOT secure!!!!! The end users are not technically savvy and expected to figure this stuff out is ridiculous!!
That suggestion about not giving truthful answers to security questions is a good one. I've been doing that for a while.
I have a hard enough time remembering the real answers let alone made up ones.
That’s a good idea
Yes, because lots of information about you is available on public records. One common question is, in what city were you married. They can find the answer but if you give the wrong city as your answer, even if they know the right answer it will be wrong.
Been doing that since the first time lol. I treat them as passwords and whatever the question is I just enter a 20 digit hard af password.
I started doing this after yahoo email was hacked, and I couldn't remember which security questions I'd answered (yahoo required them), and stupid yahoo gave no record of that.. At least there seems to be little use of security questions anymore.
The phone companies should require people to come into the store with 3 pieces of ID to transfer a phone number to a new SIM card.
Doesn't help. Inside jobs that are hard to trace. One employee steals another's credentials etc. Can also easily infect some store location with malware.
@@Fatman305 It would help because SIM scams are not always an inside job. Scammers want to avoid security cameras and avoid leaving evidence (DNA).
Then that's easy. You can sue the carrier directly if that happens.
@@dodgek5270 Happens all the time already, and a guy lost millions in crypto and *lost* a lawsuit against att for this exact scenario. Carriers aren't responsible for sophisticated criminal employees that strike without warning...
100% Our phones aren't toys. It should be harder to swap sims than to get a passport ffs! Hell you should have to bring a witness, who has ID as well, that is pre listed on your phone account.
Interesting. In most developed countries you need to provide physical ID at a physical location or authenticate with your online banking credentials to request a new SIM, which can only be sent to your registered address or picked up from a store with physical ID like a passport or ID card.
That’s y scammers use an rdp server and link it to ur ip so it looks like the mobile call is coming from the residence u stay in
@@EMERBRUHare you brain dead? He said PHYSICAL. What's that got to do with an RDP server?
In America, our representatives do not work for us. This is why were the only 1st world power without national health and so much more.
I called AT&T and said DO NOT allow SIM swapping on my account about 2y ago. They said they have no way of doing this! I said okay put your manger on the phone, told them this phone call is recorded and that I want you to personally note my account that SIM SWAPS are not allowed unless done in person. I doubt they gave me a real name OR that my account was noted so I tested it and NO NOTE was added. The fact that a multi billion dollar company can't add a policy saying anything SIM related must be done in person, including changing options from this point on, is beyond me. Reminds me of trying to buy a series X from Microsoft a few years back, THE tech giant of the world, does not have a simple captcha in place to prevent bots from exploiting on their website. We must be real naive not to be able to read between the lines...
You are not bright. Maybe rewatch video 10x to understand how it works
hint: no sim = no sim swap. i bank all over the world without a phone number tied to a sim.
The bank bit pisses me off and like the phone companies, they should be held accountable for not taking steps to enable their customers to CYA. Your video was very informative as always. Thanks to you, my wife and I bought Yubikeys and love them! Thank you!
Re: carrier account pin code or p/w....a good practice is to change it after calling carrier and giving it to them to verify your account. You never known if they've written down somewhere
Good thinking !
One more easy and important tip which you should have mentioned is to never use your primary SIM number as the 2FA number.
Buy a 2nd SIM and use that for important accounts and only use for those accounts and never contact anyone with that SIM nor share that number with anyone.
Ok so I presume that for Sim swapping you at least need to give them your number?
That is good advice. My wife's phone has space for two SIM cards. So, she could do that with just one physical phone.
yup
@@CzechShooter nope. the real solution is a phone number not tied to a sim.
lolz try a phone number not tied to sim....much safer.
As usually with corporations, spend millions advertising how wonderful they are but pennies on training.
It is not "training". The guy working at the store is in on it.
@@fdllicks
Not talking about the store, talking about customer service. The vid talked about them being the weakest link and insufficient training.
But they're also low paid (and relatively numerous) and thus, low in quality. And quality costs money. We all want vast numbers of top quality people on the job until we realize how much that'll cost us. Large numbers of highly trained, high quality employees are not cheap, and you have to recruit and retain them, too. Millions in advertising is actually quite cheap, by comparison, and unlike customer service, ads generate revenue- which in turn could be used to improve customer service.
@@BologneyT yep, when your paycheck doesnt cover the bills, and you start thinking. And your buddy comes to you and asks you to help him with a sim card swap for$100. You look at your tiny paycheck, and tmobile says "we arent paying you for lunch anymore", and "come in at 11 instead of 9", it is tempting.
This was an infomercial 😂
this clown is a shill selling useless garbage that is not needed.
1000 bucks a year ! Who can afford that in today's world with prices of basics like food etc getting more and more unaffordable ?!
RE: Security questions - giving the wrong/incorrect answers.
This is the best nugget of info in this video, cant believe i didnt think of this before
this was nothing more than a long commercial for efani
Don't save/remember User Name or Login ID on an app. Another thing that a scammer would have to guess.
He never showed visually how this scam operates!!!!!!!!!
How do we know a product like "Efani" doesn't create a problem like this so they can sell their product. I'm always highly suspicious of such things. Remember a little movie way back in the 90's with Sandra Bullock called "The Net?"
Exactly. I feel the same about antivirus software.
Oooh, The Net is one of my favorite movies! Not one of my security question answers. lol
Yeah, ok . They invented sim swapping. Right, smart guy
Is this video sponsored content? I can't even tell, but I'm sketched out by the fact that not even a minute into the video, in rolls an inbuilt ad for a product you claim is "the only service" that protects against the scam that is the subject of the video. It just has that same creepy, inauthentic feel that sponsored content always has.
So the weakest link here is the customerservice of your cellphone provider. I just decided to read into how my provider deals with it and it seems they have extra security layers build in which is good to know. They also seem to get training a lot to look out for the signs.
you can get a phone number not tied to a sim.
The weakest link is the 1970s protocols that underpin mobile signals data. SS7 was outed to the world nearly ten years ago, and security is no tighter than it was, other than the employees with access being less open to bribes, and perhaps their access more tightly monitored when using certain parts of the system.
So there is no way to easily avoid it, other than your recommendation to buy this expensive third party cellphone plan. As far as Efani, one of my main concerns is if they all of a sudden go out of business. Since they're the one your phone number is with, and not the underlying carrier, you might be screwed and lose your number. They'll be no way to port it out. :/
have a second SIM for just the 2FA ... easy
Note it is not just two factor authentication. They can reset your password. One should not use the listed phone number as your password reset/two factor authentication number (they are different setting on, say Google). I use a prepaid where SIM swap is not possible. They will not provide a new SIM under any condition (if I lose the phone I lose the number and the balance) as they do not know whose it is. I have that number as the second SIM.
Interesting idea. Thanks for sharing.
I like this idea
Who do you buy your pre-paid SIM from?
After I was SIM swapped, I moved to Cloaked Wireless. Haven't worried about it since.
Beware this dude selling Efani.
$99/mo!!! How much of that do you get?
Oh goodness. If you’re balking at $99/mo, then the service definitely isn’t designed for you.
I had just subscribed...then I saw his rude snarky reply. Notice he didn't answer the question. This is a thinly veiled infomercial. During times of exponential inflation and the tail end of a pandemic that devastated the economy, $100 is DEFINITELY something to balk at. This guy's disgusting.
@@SpecsAppeal agreed. If they were t going to answer the question they could of left out the rude response. Let’s not forget everyone isn’t as fortunate as this guy. $100 might be nothing to you but to some that’s money that goes toward rent.
@@Ricoxsuav3hh he’s def getting like $10 per haha, but def agree man’s was just asking a question after being surprised at the cost of the service, no need to be rude
Man’s acting like he was working at a restaurant, saw young people ask why the steak is over $50 and told them that’s why cheap people need to eat at cheaper places
@@AllThingsSecuredso you don't want more subscribers. Nice.
I use authenticator apps everywhere I can, but tell me, why don't banks give you the option to use authenticator apps? That's the most vulnerable account for anyone and banks don't let you use the more effective methods of authentication!
my banks are tied to my devices. i have no sim and use vpn. I sleep just fine at night and never have a problem logging in.
100% of SIM swap attacks are the result of someone other than the owner of the account modifying the account without the owner's approval. A company called Cloaked Wireless has solved this by only letting the subscriber modify the account (their staff can't modify accounts). Basically, it solved the whole SIM swap problem.
The presenter failed to tell us how the Effany staff are screened before they are hired. Their jobs give them too much access to people accounts.
Thank you so much
Let me share one more thing with you, I was a victim of sim swap before, so I set a pin and did what you just said, but I went a step further by asking the company to put a note on my account that no changes or swapping the SIM card over the phone or the internet, the only way to do something on my account is to be in the store physically, and with a valid ID.
Now when I try to call the customer service or do something online I get a message: (sorry you need to come to the store with a valid ID in order to make changes.), it's not very convenient but it's more secure somehow.
One question, do you know any bank that allow using physical 2fA key to login?
Thanks again for your awesome info
That's a great way to do it, Michael. Most major banks I know don't allow for a 2FA key, but there are smaller online banks (such as Mercury) that do offer the option to secure with a Yubikey.
@@AllThingsSecured
Thank you so much ❤
I was SIM swapped last week by a person physically in the store with a fake ID. T Mobile didn't require a pin or anything since they had a fake ID. You're not safe with that plan.
@@mattshaul5670 that is what just happened to me today, it was super scary!
@@AllThingsSecured Excuse me, what do you mean by 'DON'T ALLOW'? In Europe, 2FA is a minimum requirement meanwhile for log in as well as for transactions.
My mobile service provider leaked my phone number and the serial number of my sim card. Does this expose me to the increased risk of SIM swapping?
Yes change it
Not really seeing the "how YOU can easily avoid it" part...
You aren't very bright, are you, Feed_Bleed_Read ?
It seems you can't, because the phone company customer service can't be trusted. No more online banking for me. And I'll continue ignoring my email account's pleas for 2FA activation.
@@Billy_Bad_Ass low iq trollish answer for the fail
he is too busy trying to sell you some dubious garbage you do not need. hint: get a phone number not tied to a sim.
Go personally to a physical outlet when purchasing a phone and renewing your plan. Here in Canada, where I live, I go to an outlet in the mall and they will give me $50 credit card as a token for doing business at their outlet.
One problem is you can often change the default 2-factor mechanism but the fallback is still likely SMS. There needs to be some sort of backup to prove your identity in case your primary method gets lost or broken.
What about newer phones without physical SIM cards. Or are they digital SIM cards?
They use "e-sims". Most phones the last few years have both types.
Without sim card is also a thing. The slot stays empty and phone runs on wifi.
America runs on Dunkin and my smartphone runs on wifi
@@ElaineGarcia-uo8qj lolz you are the only person that gets it. no sim = no sim swap. People always overlook the simple for the complex. I travel the world with no sim and log in with vpn. never a problem.
All that effort and things you need to know . What about throwing away your cell phone ? Isn't that an option ? I did it two years ago , works great !
Haha I get that! It's one less thing to remember.
But if you really want one, go SMH less. Buy just the device, do not install the pesky card 💳 (sometimes they come without. Hooray!) Then just use the phone like a mobile computer with wifi
Source: that's what I do+
Thank you so much for these suggestions. Thanks to you, I was able to set up a SIM PIN, and I also enabled other security features my carrier offers to harden my account against misuse. Great tips! 👍
I’m glad it was useful!
How does SIM Pin prevent the swap?
The explanation I read on forums is that it only prevents the physical SIM from being used on a different device
@@alejandragonzalezguel900False sense of security is a wonderful thing... In real life, the risk is from an insider at the cell carrier, or malware infected store computers... Neither of those is likely to happen to a bank. Hence: use a secret sim only with banks...and realize that whenever a human looks at your account, your secret # is less a secret - so do everything on mobile app, secured by biometrics and an extra security app that adds PIN to that, in case phone is stolen. That's what I do...
Some good information BUT!! it's basically an add for a security system without a price mentioned. To find out the price ? you would, no doubt, have to enter your information???
My final thought is this is noting more than a video to sell a product. Two step verification is the SECOND step in the process. ON all my accounts where it is setup, the code is NOT sent out UNTIL I have signed into my account using up to a 32 character password that is known only to me. A person cannot just enter a six digit code and gain access to my accounts.
Yes, if they somehow get a hold of my computer or are able to implant a trojan to log keystrokes than that might work. However, since most people use their phone on a daily basis, they just need to understand if the phone no longer works call the provider and find out why. Go next door and call from your neighbors phone.
What gets me is this video is so full of holes it is obvious someone is just trying to sell something.
Thank you for that. I feel a little better about this, after reading what you said. It makes sense to me.
I don't get it, what does PIN-lock for the SIM help if they get a new SIM card....or did not understand it
you have to give them PIN number before they can give you new SiM card - and only the owner would know PIN to his own SIM
This is great info, thanks. I wouldn't dare do that last thing, though, because I wouldn't be able to remember the fake info I gave for the security questions. It's still a great idea, though.
I agree. I have a hard time remembering the real answer let alone the fake one I came up with two years ago.
@@billl1127 Same here. I have a hard time even remembering if I capitalized the first word or not.
@@billl1127 Another variation of this that could work is, your answer to those questions is a random phrase or word that you use, which has nothing to do with the question. "Name of favorite pet?" = whatchamcallitphrase. "Name of favorite teacher?" = whatchamacallitphrase, etc...
Or just answer with the 2nd of whatever instead of the first.
First street you lived on? Give the 2nd or 3rd or something you will remember.
If your memory sucks so bad you can't do that. Work on your memory.
If you are unwilling or too lazy to yo do that; get a digital password vault that you keep at home.
But really, just spend less time scrolling and more time working on your memory. You will be way better off developing your brain, rather than rotting it away on social media.
@@borrago answering the second question is a good idea, but I don't know where you get the idea that I spend all my time on social media. Some people have short term memory problems that are not self-inflicted.
Sue the phone company with class action suit for billion dollar, they will take care of this problem right away. Lawyers, this is a sure winning case.
the solution to this SIM swap thing is simple- you need to drive down to your carrier and do the swap THERE- IN PERSON. You need to bring documents such as phone bills, utility bills and of course picture ID. No more over the phone sessions to some minimum wage employee clock watching for her next break.
Too late. They already drained your accounts by the time you figure it out. Also, the guy at the store is in on it.
@@fdllicks yes- the guy in the store that you RANDOMLY picked is 'in on it'. ??? Also- I'm saying to make it a REQUIREMENT that all sim swaps need to be done at the brick & mortar to begin with- not after the fact.
@@lynskyrd This happened 4x to me. Each time the store the fake sim card was sold in was in another state. Twice, it was in Brooklyn NY, where i have never been. Did this happen to you? If not, shut up. Talk about things you have experience with.
@@fdllicks okay- first off, the fact that you got scammed 4x doesn’t make you an authority on the subject- if anything, it just proves you’re either stupid or careless- take your pick. So with that said- let me try this ONE more time: in order to fall victim to this SIM swap- a few things have to ‘line-up’-- the victim would have to have somehow divulged specific information about one’s self- this is usually done through social engineering scams such as “you received a UPS package- please click this link to verify address” - that type of thing. The other piece that has to be in place is - sure- there might be an ‘inside man’ at the Verizon or AT&T store; but that’s traceable provided due diligence is followed. What I’m suggesting is that unilaterally, Verizon, AT&T, T-Mobile, etc enact an across the board policy that only permits SIM swaps at the brick & mortar in which, positive proof of ID must be demonstrated. This includes picture ID, utility bills and past cell phone bills. There is NO WAY a SIM can be stolen this way. OK - I’ll ‘shut-up’ now because I’m done with this- listen-don’t listen- I don't care.
and the old sim... if possible
I'm curious, how concerned are you about your mobile phone provider? If it's a serious concern, check out the added privacy and protection of Efani: efani.com/allthingssecured
What else they can attack in future ?
Third party ( tv media or radio ) seems pissed n try to attack when they cant
@Savy Lany nope. Most guys just want your money 💰 or atleast the people ik 🤷 so I wouldn't worry about that just secure your device and account
@@savylany5754Broadcast interruptions and channel hijacks are old hat. Both analogue and digital systems have been used in the wild, from the late eighties until 2020 being the most recent I'm aware of.
In the cases I know of, it wasn't for the purposes of fake news, but with AI video deepfakes becoming ever more widespread, in conjunction with a seamless signal hijack, you could fool just about anyone watching.
As IoT devices smart TVs can also put a network at risk. And you wouldn't need anywhere near as much know-how and expensive equipment.
Wow this video is basically one long commercial.
I have SIM card cloning issues, Authy is SIM based and was exploited in my iphone. Corrupt police can do anything on a cell phone, my ex's friends in police department have been ruthless, corrupt and downright criminal.
That sounds terrible. I'm sorry.
Authy is only sim based when you set it up the first time. Set up Authy on multiple devices, and then turn off multi device. No one can use Authy on a new device unless you enable multi device for setting up a new device.
@@mementomori29231interesting…need more info on multi-auth
You know the real reason most large financial institutions use SMS? It's safe. What the alarmists will never give you is hard data. How many SIM swaps were there last year involving financial fraud? How much money was taken? The banks have these numbers and they are not concerned. This whole issue is a chasm between potential and actual. Most SIM swaps are domestic disputes.
All very well to be aware of this, but is is the SECOND factor. The first factor is knowing the victim's bank account number AND their online password to log in, AND their phone number. None of these many videos about sim swapping even mention how that primary breach happened in the first place.
Not true. Many accounts use phone numbers as a bailout if you forget your password. They send you a code and give you access.
@@AllThingsSecured Yes, but It is still the same question... they do not have your phone to get the account number. They only have your new sim which gives them your phone number. So the first data breach had to happen another way.
@@rtel123wonder if the cloud backup gives them access to usernames?
What a lot of people do not understand is that the phone number they use is not theirs, you do not own your phone number, your provider owns it. Not you. Second, use an authenticator app for mfa.
There are plenty out there you can use.
Here (the Netherlands) you have to go to a store physically if you want you sim to be swapped and they will only do it if you bring your ID (Passport, Driver license) card to identify yourself.
Thanks for your attention,
Rik
Was almost a victim, luckily I received a message from mobile carrier that I have 1 hour and I called the customer service, it was in process of sim swap , they were able to cancel on time .
Helpful info that isn’t widely discussed
wrong info to get you to buy something would be more accurate.
All major carriers now support Number Lock and a customer service agent or store clerk cannot swap the SIM without your PIN.
SIM change shouldn't rely on a few security questions! They should see that the phone SIM is currently active on a phone IMEI that has been the same for some time. They can even see that it's in the same area. If at home, then they would see it connected to the same cell tower that it's always connected to. If the thief claims that the phone was stolen, then need to show identity plus a plausible story. Especially when claiming that it's lost in a state that the phone wasn't recently in. Sure, people lose phones when they travel, and maybe you dropped it at the airport before your flight and report it missing in the new state, but then you could prove your story. If the person can't prove the story, then send message then block the number for 24 hours to give the real owner time to go to the store.
That’s what I’ve been saying…the victim will appreciate the due diligence. The criminal won’t.
Doesn't the scammer need your account password to get into your account? There's a reason why they call it two factor authentication. They should need more than your phone number.
Many (most or all?) banks won't allow you to remove your phone number from 2FA or password reset options. This is a problem.
Are there any cheaper ways? 99 dollars per month is expensive
My boyfriend has a few of them plugin keys, and other weird looking gadgets. He is a network engineer mostly focusing on cyber security. I have all these issues literally DAILY
For what it's worth, I also live in Thailand. After watching this, with my passport being the only real piece of identification AIS has on me, I just got assured by customer service that the only way a replacement would be issued requires personal presentation of my passport. Apparently, they can't even access the number.
why would you have a lot of money tied up in foreign currency? you running a business?
7:51 As far I am aware, the passcode is only valid to the simcard you are holding, not another sim.
I enabled sim lock but when I'm logged in the sim card is unlocked. I need to use my selected pin before the login. I use my flip phone for bank texts. Instead
Here in the state of Colorado some police departments won't even bother to help you with any identy theft or cyber crime. You can't get a report to help you .
Use masked emails
For your primary carrier I cannot stress this enough that and 2FA and if a company or bank will still only let you use a phone number use your masked one that gets filtered through a privacy app that way it intercepts the code first and your phone number doesn’t get it at all!
This is great! I can’t help but take credit for the suggestion to talk about physical SIM passcodes. :)
Feel free. I will caution people that it’s very easy to get locked out of your SIM if you do it wrong, though.
@@AllThingsSecured yes absolutely.
@@AllThingsSecuredCould you recommend a similar phone product that people reside in Canada can use?
if u dont use sms verifaction your vulnerable to key loggers i think key loggers are more common
How about all sun swaps be done in person for security reasons . Just like banks will not make any changes to your account via phone . In person only .
Makes me very glad I was already insisting on non-SMS forms of 2FA to make it harder for "advertising partners" to use it as a high-reliability cross-site identifier or telemarket to me.
It has happened in UK in the past, but it is now so tied down no carrier would dare, or be able to do it. It really isn't worth the risk for even a disgruntled staff member to do it.
I was actually just looking for a great video explaining this. Thanks so much, Josh!
My pleasure!
Hi, Can you make a video about SIM LOCK, this feature available in Android and iPhone. How is the sim lock work? Would it prevent SIM SWAP? AND further more about Esim. Would Esim prevent sim swap since it's not a physical sim card? Thanks
You can put a 4 digit lock code on your SIM which prevents it being used in another phone or indeed your own phone until you've entered it on turning on the phone but it wouldn't prevent the SIM swap fraud being discussed because the fraudster gets hold of another SIM which replaces yours
That's why you, Americans, need a SISSy act (for Stop Illicit Sim Swaps), obliging every carrier to log every SIM issued and provide their logs at the first police request.
Once again while watching SIM-swap related video I don't understand where in the world does that flawed practice of swapping SIM "legally" based on just a remote call of seeming "owner of a stolen phone" takes place?
This video explained "shitt" haha
Carriers rely on sve labor and storage wages in order to collect the insurance from scammed customers when it would in fact be easier to raise those wages and instead of holding the employee accountable, use the case to form an comprehensive investigation of where the fraud and scammers operate.
If this involves simple "social engineering" by calling and talking to you cellphone provider, then . . . It's impossible to stop.
The key is to never make public anywhere your birthday, your bank account login name or numbers, and your address. The carrier I am with requires a 4 digit pass code, and the billing account number that is associated with the SIM card. For a SIM change they may ask the customer to visit one of their stores, and bring 2 IDs and a copy of the last phone bill.
HW Keys? Sure, except nobody will allow you to use them. It's either phone or email for 2fa for the ordinary person.
you are 1/2 way there. voip= no sim needed.
There’s many expats from the US and other countries that are living in other countries. How are they able to login to their bank and credit card accounts? Most banks won’t accept a VoIP phone number or VPN. I’ve heard that Tello or US mobile would work but you have to be in the US to get them. I currently live on Guam and I would have to fly to the US just to get an account with Tello or US mobile. I need a solution that works reliably and consistently before I move to another country. Can you help? Thanks.
This is a long standing and unacceptable situation. Commenters here have complained about phone carriers but you're the 1st commenter to bring to attention the disgraceful archaic methods used by the financial institutions. I have the same problem as you and I too will have to go to the US to obtain a US Mobile acct for a long term solution. In the short term, I recommend you get hold of a relative/close friend to create a Google Voice acct for you. Despite using a VPN, I have failed to generate a GV and had to finally get someone in the US to do it for me. Altho GV is technically a virtual #, it appears to work with most banks. I would then get a 2nd virtaul number to link to the GV#. I've tried Hushed and it's decent - however, it will not work as a verification number for GV. It appears to work directly with some banks too but is not guaranteed. Torn my hair out trying to find a solution, again I stress that the current situation is unacceptable and all we can do is pray that all FINs adopt an alternative method.
i travel the world with no sim and login to 2 banks 4 brokerage accounts credit cards etc and never a problem. Google voice and vpn works for me with wifi. No sim = no sim swap. google advanced security locks my google accounts behind physical keys. Perhaps some banks in usa have a problem with sms over voip but I have never had that problem and I bank primarily in USA. Humorous that many backwards countries have banks with better online security than in USA.
You didn't explain:
1. Scammer needs userid BEFORE they can click on " forgot password" Having the sim card does not tell scammer what banking APPS are on your phone, what any saved userids are, or even what banks you use.
2. Service provider always is supposed to ask for passcode or answer to secret questions before believing anything. They should also attempt to call/text/email the phone first.
Every one of your videos appears to be an ad.
AGREED! 💥 I clicked off whn he started talking about that E company. Sounds like an 8 minute INFOMERCIAL to me…. ✌🏽
because he is a con artsist
With the newer/higher end phones it's optional use a SIM - they have an "eSIM" which is builtin to the phones. I know iPhone 13 as one example I have personally helped someone switch to. Just call tech support with your cell provider and tell them you want to use only the eSIM. Then break the SIM with plyers, throw it away, and you're safe from this scam no matter what. Or Google on how to add the SIM pin if you don't have one. (The default pin is 0000 with Androids apparently, which is needed to set your pin.)
My mother's maiden name is a random string generated by my password manager. I haven't tried to pass phone security with it just yet, but I'm sure it would raise some eyebrows.
This just happened to Conservative Matt Walsh. Hopefully he can find the person(s).
I use an app called S. S. E. That's a password storing app that you can store all your different answers to.
You can also encrypt & decrypt text messages that you can then send over unsecured SMS apps & WITHOUT the proper password is a jumbled mess of nonsense.
How does setting a pin on the sim card help? Wish this had been explained more fully.
Hi. Everyone. I have a question. Is Sim lock will prevent Sim swap (phone number port out) ? I saw a few UA-cam videos how to set Sim lock from the phone. But I'm not sure if that will prevent the Carrier from port your phone number out ? Any input information. Greatly appreciated. Thanks
You can put a 4 digit lock code on your SIM which prevents it being used in another phone or indeed your own phone until you've entered it on turning on the phone but it wouldn't prevent the SIM swap fraud being discussed because the fraudster gets hold of another SIM which replaces yours
real solution: no sim = no sim swap.
In my country Kenya, you use you voice as your identification to get through to customer care
With AI voice cloning, that's not very good security.. Also what happens if the person calls while they're sick and their voice sounds different?
Verizon let's you set a PIN to prevent number transfer, but it specifically says this does not prevent SIM swapping. As far as I can tell Verizon has NO protections against swapping.
Carriers should be held ACCOUNTABLE that would be the only way to STOP them from allowing thos to Happen like PIN CODES
Watch show Mr. Robot. Hackers know this backwards typing trick.
Great. Then just make up an answer.
Still don't know why this is dangerous. Ok, only if someone uses a phone number as recovery option. But who would be that trusting?
Is theft from a SIM Swap not possible if one is using 1Password? The thief wouldn't be able to change passwords to my finanical accounts without knowing the original passowords, right? Am I missing something here?
If the SIM swap attacker pretends to be you and says they forgot their password, they can potentially reset your password if they know whatever basic personal info the bank also demands (username, account number, SSN, etc.). SMS 2FA can actually be worse than no 2FA, because they would never be able to do this with an account protected only by your password.
The easiest solution is to keep a VoIP number on file at your bank instead of your real phone number. However, not all banks accept VoIP numbers, so this can narrow your options. It would be great if they allowed TOTP 2FA with an authenticator app (while also allowing SMS to be disabled as an option), but I don't know of a bank in the US that does.
Simple solution is to require customers go to cell phone stores in person and show government ID to have their number switched to a new sim card. This is beyond basic and our telecom companies should be held liable for all damages/missing money that happens through sim swapping. OUR society has given up security around too many critical areas of our lives in exchange for convenience.
I'm not purchasing some plan to cover me in case this ever happens to me, as those things always have loopholes, just like insurance companies. I will be going into my cell provider and having them put a note in my file that unless I go in to a store in person with my ID NO sim card swapping is authorized. I will also be going to my bank and making it known that no charges over "x" number of dollars is authorized. If they wont agree and give me a copy in writing of the agreement, I will withdraw all my money. Not even joking.
Thank you for this video!
My pleasure!
every site which asks for mother's maiden name, favorite movie, etc..., I provide a different response to the same question each time and I store that info somewhere.
lolz lock yer shiyat down with google advanced security.
Good information 👍
In Pakistan, even if I give my sim to some scammers myself they can't do anything bad to me. In case they spoof me somehow, for cell carriers to issue them a replacement sim card, they will ask a number of personal info plus a biometric verification (one thumb and and a fingerprint of other hand at least). As for my bank account, it is also set on a fingerprint sign-in method 😊
The really hilarious part in all of this. Most all countries not in the western world have better banking security. A price to pay for having prehistoric politicans running the country.
Interesting. So for anything financial we have a dedicated chromebook with a bogus account. From that chromebook/account I only ever log onto my password vault. So in theory even if my phone was sim swapped, then the google account they got access to would be my personal account, not the bogus one that I accessed the financial stuff. I never log onto my password vault from my regular email, So in theory if I was sim swapped it would be irritating but they would have no way to know what the 2FA codes were for right??
lock your google account behind a physical key. google advanced security is most secure way to go. Google voice, physical key, vpn and now you are locked down. no sim = no sim swap and your passwords are locked behind a physical key. Never associate a sim phone number to a financial account again.
With EFANI, what’s the protection against an insider attack? If a TMobile employee can be bought off…
Just notify carriers and banks that porting and wiring must be done in real person. In addition to all double verifications. Third party privacy services can also be hacked.
$100 a month?!?!? I'd rather be a victim of fraud and just claim it back. Lol