Vancouver man says scammers stole his phone number to access his online accounts
Credit to Author: Stephanie Ip| Date: Tue, 19 Nov 2019 16:05:28 +0000
A Vancouver man is warning others of a sophisticated sim card scam that left him without access to his own phone number and hit with thousands of dollars worth of fraudulent charges.
Stu Hunter, a Vancouver visual effects artist, said he was at work last Wednesday when he received a text message alerting him that a carrier move had been initiated for his cell phone number. Having been a Rogers customer for 15 years and having no plans to leave, Hunter found the message odd.
“My first thought was, OK, that sucks – I didn’t do this,” said Hunter, who thought it was an error at first. “In my mind, I wasn’t thinking it was fraud.”
That’s when Hunter, 45, said he logged into his online account and found that his Rogers account had been closed. Unable to contact Rogers through his inactive cell phone number, he connected with their online chat support via wifi and learned his number had been ported over to Telus under a new account without him knowing.
While chatting with Rogers support, Hunter received an email from PayPal, alerting him to an email address change. A few minutes later, wifi alerts on his phone let him know that three charges each of $3,700 for a Canadian appliance company had been placed on his Visa. Just 12 minutes had passed between Hunter being alerted to the carrier change and the last of the three charges.
What happened to Hunter was unauthorized porting – a new type of scam that targets digital users.
Under Canadian law, customers can retain their phone numbers when moving to a new carrier, in a process called porting, ordered by the CRTC in 2005. The CRTC determined that the entire process should take no longer than two-and-a-half hours.
“Like clockwork, they knew they were on limited time, I guess, for me to react to it,” said Hunter of whoever orchestrated the scam.
“Eventually, I got all the bleeding stopped, I got my credit card cancelled … I got PayPal – that took forever, what a hassle that was – fully restored to me.”
Hunter was able to regain access to his phone number later that day and his PayPal account later that week, but he said the experience has left him stressed and paranoid about digital security. His weekend was spent combing through his online accounts and updating passwords.
Now Hunter, who considers himself tech-savvy, is warning others of the complicated scam that works to get around two-factor authentication security protocols that are now popular with savvy digital users.
Two-factor authentication requires a person verify their identity through a secondary device or contact method – such as a one-time use code texted to your phone – and is generally the recommended practice for anyone looking to ensure their online security. With unauthorized porting, scammers can gain access to your two-factor authentication devices and change passwords and emails to other online accounts.
Hunter said Rogers so far has offered to reduce his monthly bill but he would prefer to cancel his account and have his remaining device balance waived so he can move on to a new carrier.
Rogers says it is aware of the scam and is working with its wireless competitors to come up with new protections for customers.
The Canadian Wireless Telecommunications Association, which represents major telecoms, says Rogers isn’t the only carrier being targeted by fraudsters.
“Each carrier will have their own specific security measures they employ to protect their subscribers. But we can tell you that, from an industry perspective, our members take their customers’ privacy and security very seriously, and as fraudsters are constantly evolving techniques to try to take advantage of wireless consumers, our members continually strengthen their security measures and verification procedures to protect their customers against fraudulent activity,” the CWTA said in a statement.
According to current CWTA guidelines, a customer wanting to port their number must show the new carrier their most recent phone bill or present them with either their wireless account number, a password/PIN, or the ESN/IMEI numbers located on the back of their phone.
With files from Scott Brown