When my wife and I switched to Freedom Mobile, I’ve wondered about the security to stop things like SIM swap scams. I say that because the way that Freedom Mobile has set up their “My Freedom” customer portal doesn’t seem all that secure to me. Which is why a story from Global News caught my attention as it details the story of a couple who are Freedom Mobile customers that lost $140K in a SIM swap scam:
Wayne Stork and his wife Diana had not heard of the SIM swap scam until they became victims.
The GTA couple did nothing wrong but they lost about $140,000 anyway.
“It’s a nightmare,” Wayne told Global News in a television interview, his wife Diana at his side.
“We’re doing this, in part, to get the word out,” Diana said.
The Storks are longtime customers of Freedom Mobile. Last September, when the couple were at home, Wayne’s phone suddenly stopped working.
“My phone went into SOS mode, it was deactivated,” he said.
From that point, Wayne had no use of the phone, but someone else had access to the personal information attached to it.
“He (Wayne) was watching his accounts drain of money, that’s when the panic set in,” Diana said.
Over the next 24 hours, scammers had gained access to Wayne’s stock trading account and other accounts, including a cryptocurrency one that contained the proceeds from an inheritance.
“The Bitcoin was worth $140,000, and we lost that,” Diana said.
When the couple called Freedom Mobile’s customer service line, they say a representative said records showed someone had obtained a new SIM card in a retail location in Toronto, apparently claiming to be Stork.
Stork says the phone representative asked “weren’t you in the store yesterday to get a new SIM card?” to which Stork said no, it wasn’t him.
So you’re likely wondering how a SIM swap scam ends up in someone losing a lot of cash. Well, people often use their cell phones, specifically text messaging, to receive multi factor authentication codes for the financial institutions or online services that they use. So if a threat actor can get their hands on your cell phone number and some other information like passwords and the like, they can drain you of all your cash.
Now while this incident didn’t involve the “My Freedom” customer portal, it does suggest that Freedom Mobile does have weaknesses in terms of preventing this sort of scam from happening. After all, it should not be possible, or at least very difficult to walk into a retail location and execute this scam in 2024. In fact, I pinged my “off the record” contacts at Rogers, TELUS, and Bell. While they don’t rule out the possibility of this happening with them, and they don’t know the specifics of how this incident was executed, all of them say that this would be far more difficult to execute with them because of the security measures that they have in place. Or put another way, they’re throwing shade on whatever security measures that Freedom Mobile does or more importantly doesn’t have because they assume that they can do better. I’m not sure that I would make that assumption. But that’s just me. And what makes this worse is that now that this story is out there, other threat actors will specifically target Freedom Mobile because the perception will be that they are an easier target in terms of executing this scam. That’s bad for Freedom Mobile, and its customers.
Now if you’re worried about being a victim of a SIM swapping, the Global News article as well as the link to what a SIM swap is has some actionable information. But the one thing that you could really do to protect yourself is use app based multi factor authentication rather than text message based multi factor authentication wherever possible. Because the second that you do that, the safer you become as that’s not tied to the SIM card in your phone. That does require financial institutions and online services to move in that direction. So you may be stuck with text message based multi factor for a while. Which means it’s up to carriers like Freedom Mobile to up their game to protect their customers. Let’s see if Freedom Mobile does that now that this incident is out in the public domain.
Like this:
Like Loading...
Related
This entry was posted on March 22, 2024 at 8:29 am and is filed under Commentary with tags Freedom Mobile, Scam. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
I Questioned Freedom Mobile’s Security When It Comes To Preventing A SIM Swap #Scam… Now There’s A Case Of SIM Swapping That Cost A Couple $140K
When my wife and I switched to Freedom Mobile, I’ve wondered about the security to stop things like SIM swap scams. I say that because the way that Freedom Mobile has set up their “My Freedom” customer portal doesn’t seem all that secure to me. Which is why a story from Global News caught my attention as it details the story of a couple who are Freedom Mobile customers that lost $140K in a SIM swap scam:
Wayne Stork and his wife Diana had not heard of the SIM swap scam until they became victims.
The GTA couple did nothing wrong but they lost about $140,000 anyway.
“It’s a nightmare,” Wayne told Global News in a television interview, his wife Diana at his side.
“We’re doing this, in part, to get the word out,” Diana said.
The Storks are longtime customers of Freedom Mobile. Last September, when the couple were at home, Wayne’s phone suddenly stopped working.
“My phone went into SOS mode, it was deactivated,” he said.
From that point, Wayne had no use of the phone, but someone else had access to the personal information attached to it.
“He (Wayne) was watching his accounts drain of money, that’s when the panic set in,” Diana said.
Over the next 24 hours, scammers had gained access to Wayne’s stock trading account and other accounts, including a cryptocurrency one that contained the proceeds from an inheritance.
“The Bitcoin was worth $140,000, and we lost that,” Diana said.
When the couple called Freedom Mobile’s customer service line, they say a representative said records showed someone had obtained a new SIM card in a retail location in Toronto, apparently claiming to be Stork.
Stork says the phone representative asked “weren’t you in the store yesterday to get a new SIM card?” to which Stork said no, it wasn’t him.
So you’re likely wondering how a SIM swap scam ends up in someone losing a lot of cash. Well, people often use their cell phones, specifically text messaging, to receive multi factor authentication codes for the financial institutions or online services that they use. So if a threat actor can get their hands on your cell phone number and some other information like passwords and the like, they can drain you of all your cash.
Now while this incident didn’t involve the “My Freedom” customer portal, it does suggest that Freedom Mobile does have weaknesses in terms of preventing this sort of scam from happening. After all, it should not be possible, or at least very difficult to walk into a retail location and execute this scam in 2024. In fact, I pinged my “off the record” contacts at Rogers, TELUS, and Bell. While they don’t rule out the possibility of this happening with them, and they don’t know the specifics of how this incident was executed, all of them say that this would be far more difficult to execute with them because of the security measures that they have in place. Or put another way, they’re throwing shade on whatever security measures that Freedom Mobile does or more importantly doesn’t have because they assume that they can do better. I’m not sure that I would make that assumption. But that’s just me. And what makes this worse is that now that this story is out there, other threat actors will specifically target Freedom Mobile because the perception will be that they are an easier target in terms of executing this scam. That’s bad for Freedom Mobile, and its customers.
Now if you’re worried about being a victim of a SIM swapping, the Global News article as well as the link to what a SIM swap is has some actionable information. But the one thing that you could really do to protect yourself is use app based multi factor authentication rather than text message based multi factor authentication wherever possible. Because the second that you do that, the safer you become as that’s not tied to the SIM card in your phone. That does require financial institutions and online services to move in that direction. So you may be stuck with text message based multi factor for a while. Which means it’s up to carriers like Freedom Mobile to up their game to protect their customers. Let’s see if Freedom Mobile does that now that this incident is out in the public domain.
Share this:
Like this:
Related
This entry was posted on March 22, 2024 at 8:29 am and is filed under Commentary with tags Freedom Mobile, Scam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.