@@tombucannon because, like every other company in this country, they don't care. All they want is that bill paid each month and screw your and you security conserns.
as someone who works in phone retail, this could never work because we so often have people who lost our broke their device and don’t have a secondary security number/family member to call to verify
No. I don't care what they do, you will NEVER be safe from a SIM swap. As long as your security key is controlled by a 3rd party you are vulnerable. The fault is ANY company that forces use of SMS a a factor for MFA. It's insane that SMS is used for this. The only secure way of dealing with things is hardware keys, auth apps or passkeys. SMS should be thrown in the rubbish bin for any form of security. It was meant to send quick personal messages between people who know each other, that's what it should remain doin.
How can u avoid getting scammed by sim swap? DO NOT MAKE BANK BUSINESS THROUGH PHONE APP!!!! I do my bank business on my lap top at home through bank internet page and bank codes. There is nothing that can not wait to get paid until u get home and nobody can access my bank account without my pin number and bank codes, even thou i receive an sms to confirm transactions.
@@bambinaforever1402 Sure. Now, how about most banks in my country that only offer SMS as a 2FA? There are no 'bank codes', it's SMS or nothing. And no, this has nothing to do with using a phone app, logging in on the web is exactly the same process. Yes, our banks are stupid bad for security.
You can still increase protection by removing sms 2fa from sensitive accounts, instead relying on 2fa authentication apps on a biometrically secured phone.
@@martinlutherkingjr.5582 True. For these select few (gov/financial) sites, I use a relatively private # that only these sites have, but also my personal contacts have/use. Reasoning behind it being, that it's extremely unlikely for that # to be leaked out, unlike my other # (now in Google Voice) that's on the B2B Business data leak of 2017, Facebook leak of 2019, Leadhunter leak of 2020, AT&T leak of 2021, and Twilio leak of 2024... Needless to say, that's the number I still use today to communicate with businesses. In the remote chance that my gov/financial # finds its way on the dark web (I have Google Dark Web Report), I'll move that # also to gv and get a new # asap lol
In Italy, where I live and work, you have to present the phone company operator a police statement (theft, lost SIM, etc.) and an identity document (Passport, Identity Card, etc.) in order to get a new SIM. It has always been so. The European Union has recently released a series of rules to phone companies in order to fight SIM swapping and others types of scam. Transfering the phone number to a new operator is equally protected. For example, a phone call or a SMS is sent to the existing SIM in order to notify the user before moving the number to the new SIM.
@@bambinaforever1402no problem...ur id is stored at the company ..its easy to check if you are you ( passport, loss report from.police,puk code ) and all in person...
@@fdllicksYep and it is groups and clubs. Need to go a little deeper with police work and really see who these people are working for. It’s not hard and I will not say it here. Groups and Clubs have changed. Not so much the burly dude anymore. Now it’s sending out people in the Suburbs to steal. Should be charged with Domestic Terrorism. I wouldn’t trust anyone especially in or near your home or phone . Turn Numbers Lock on and get off WIFI. Be careful at the Bits By store and the Tweak Squad . It is Rampant. (Not all but more than you think and can imagine).
Phone companies are not providing secure services to those paying the monthly talk and text bill and should be held accountable as they know from the get-go the consumer is NOT secure!!!!! The end users are not technically savvy and expected to figure this stuff out is ridiculous!!
What they need to do is force you to visit one of the stores with some sort of government issued photo ID (this would mean no credit cards can be used as ID). The whole idea is to do it in person rather than taking your word that the account is yours. Too many things are done over the phone or internet rather than in person. It is only for convenience. It is time to give up some of that convenience in exchange for security. Too many people want convenience but they don't realize what they get in exchange.
In my case, my exboyfriend did just that. He physically went into the store in another state claiming he wanted to port his number to his new phone, but it was my phone number. Fortunately, for me, we had the same carrier who pulled up the number he gave them, saw a female name on the account and called me and left a message on my voicemail. I, of course, called them back immediately and told them I had ended our relationship because I caught him steaming open all my mail while I was out of the country for 6 weeks going to school abroad in Paris. He offered to take care of my dog while I was out of the country (so he could go through all my mail and computers while I was away). Seriously. This was a man who treated me so well, was kind to my dog, and who never showed any signs of jealousy, rage, or violence toward me (or anyone). It just goes to show you that some people are extremely accomplished at being two-faced to the point of it being nearly undetectable. This was a highly intelligent man, who was moving to Cambridge, MA to attend MIT b-school, and it was there that he tried to port my number to his new phone AFTER I had caught him steaming open my mail and cut all contact with him and told him to never contact me via any form of communication again ever. He was such a seemingly nice, kind, generous man you would never suspect of anything like this, but that was just who he pretended to be when he was with me. He was living a kind of double persona around his friend group. His last words to me as I was escorting him out of my apartment building were, "I've never know anyone who is as honest as you are." I told him to remember that when someone else betrays him, how he treated the most honest person he had ever known in his lifetime." He hung his head and left quietly. Two months later, he tried to port my phone number and sim card to his phone on the other side of the US. Only the carrier calling my voicemail and leaving me a message saved him from being successful at it.
Yes, because lots of information about you is available on public records. One common question is, in what city were you married. They can find the answer but if you give the wrong city as your answer, even if they know the right answer it will be wrong.
I started doing this after yahoo email was hacked, and I couldn't remember which security questions I'd answered (yahoo required them), and stupid yahoo gave no record of that.. At least there seems to be little use of security questions anymore.
I was called by a tmobile store in brooklyn ny bcz a 19 yr old walked in with a completely legit looking drivers license with my name on it. They were suspicious bcz he was 19 and i am 51. also, their buddy works at the store and is orchestrating everything. Their buddy at the store is in on it.
Video is useless with the level fairly cheap AI can produce. It might work for a few month but soon AI will be able to produce on demand responses in real time. In person or bust imo.
Doesn't help. Inside jobs that are hard to trace. One employee steals another's credentials etc. Can also easily infect some store location with malware.
@@dodgek5270 Happens all the time already, and a guy lost millions in crypto and *lost* a lawsuit against att for this exact scenario. Carriers aren't responsible for sophisticated criminal employees that strike without warning...
100% Our phones aren't toys. It should be harder to swap sims than to get a passport ffs! Hell you should have to bring a witness, who has ID as well, that is pre listed on your phone account.
I called AT&T and said DO NOT allow SIM swapping on my account about 2y ago. They said they have no way of doing this! I said okay put your manger on the phone, told them this phone call is recorded and that I want you to personally note my account that SIM SWAPS are not allowed unless done in person. I doubt they gave me a real name OR that my account was noted so I tested it and NO NOTE was added. The fact that a multi billion dollar company can't add a policy saying anything SIM related must be done in person, including changing options from this point on, is beyond me. Reminds me of trying to buy a series X from Microsoft a few years back, THE tech giant of the world, does not have a simple captcha in place to prevent bots from exploiting on their website. We must be real naive not to be able to read between the lines...
Interesting. In most developed countries you need to provide physical ID at a physical location or authenticate with your online banking credentials to request a new SIM, which can only be sent to your registered address or picked up from a store with physical ID like a passport or ID card.
But they're also low paid (and relatively numerous) and thus, low in quality. And quality costs money. We all want vast numbers of top quality people on the job until we realize how much that'll cost us. Large numbers of highly trained, high quality employees are not cheap, and you have to recruit and retain them, too. Millions in advertising is actually quite cheap, by comparison, and unlike customer service, ads generate revenue- which in turn could be used to improve customer service.
@@BologneyT yep, when your paycheck doesnt cover the bills, and you start thinking. And your buddy comes to you and asks you to help him with a sim card swap for$100. You look at your tiny paycheck, and tmobile says "we arent paying you for lunch anymore", and "come in at 11 instead of 9", it is tempting.
I don't use my phone to pay for anything. I've got to use it for 2-step verification on many accounts I have, but I get e-mail alerts when that happens too. I have complex passwords for all of my accounts that aren't the same because I got an alert someone tried to get into one of them a year ago.
The bank bit pisses me off and like the phone companies, they should be held accountable for not taking steps to enable their customers to CYA. Your video was very informative as always. Thanks to you, my wife and I bought Yubikeys and love them! Thank you!
Re: carrier account pin code or p/w....a good practice is to change it after calling carrier and giving it to them to verify your account. You never known if they've written down somewhere
Thank you so much Let me share one more thing with you, I was a victim of sim swap before, so I set a pin and did what you just said, but I went a step further by asking the company to put a note on my account that no changes or swapping the SIM card over the phone or the internet, the only way to do something on my account is to be in the store physically, and with a valid ID. Now when I try to call the customer service or do something online I get a message: (sorry you need to come to the store with a valid ID in order to make changes.), it's not very convenient but it's more secure somehow. One question, do you know any bank that allow using physical 2fA key to login? Thanks again for your awesome info
That's a great way to do it, Michael. Most major banks I know don't allow for a 2FA key, but there are smaller online banks (such as Mercury) that do offer the option to secure with a Yubikey.
I was SIM swapped last week by a person physically in the store with a fake ID. T Mobile didn't require a pin or anything since they had a fake ID. You're not safe with that plan.
@@AllThingsSecured Excuse me, what do you mean by 'DON'T ALLOW'? In Europe, 2FA is a minimum requirement meanwhile for log in as well as for transactions.
One more easy and important tip which you should have mentioned is to never use your primary SIM number as the 2FA number. Buy a 2nd SIM and use that for important accounts and only use for those accounts and never contact anyone with that SIM nor share that number with anyone.
I'm curious, how concerned are you about your mobile phone provider? If it's a serious concern, check out the added privacy and protection of Efani: efani.com/allthingssecured
@@savylany5754Broadcast interruptions and channel hijacks are old hat. Both analogue and digital systems have been used in the wild, from the late eighties until 2020 being the most recent I'm aware of. In the cases I know of, it wasn't for the purposes of fake news, but with AI video deepfakes becoming ever more widespread, in conjunction with a seamless signal hijack, you could fool just about anyone watching. As IoT devices smart TVs can also put a network at risk. And you wouldn't need anywhere near as much know-how and expensive equipment.
So there is no way to easily avoid it, other than your recommendation to buy this expensive third party cellphone plan. As far as Efani, one of my main concerns is if they all of a sudden go out of business. Since they're the one your phone number is with, and not the underlying carrier, you might be screwed and lose your number. They'll be no way to port it out. :/
You didn't explain: 1. Scammer needs userid BEFORE they can click on " forgot password" Having the sim card does not tell scammer what banking APPS are on your phone, what any saved userids are, or even what banks you use. 2. Service provider always is supposed to ask for passcode or answer to secret questions before believing anything. They should also attempt to call/text/email the phone first.
@@ElaineGarcia-uo8qj lolz you are the only person that gets it. no sim = no sim swap. People always overlook the simple for the complex. I travel the world with no sim and log in with vpn. never a problem.
Thanks Josh, for the clear and detailed explanation of SIM swapping and yes...great advice and reminder, even for those of us in the IT industry...cheers
So the weakest link here is the customerservice of your cellphone provider. I just decided to read into how my provider deals with it and it seems they have extra security layers build in which is good to know. They also seem to get training a lot to look out for the signs.
The weakest link is the 1970s protocols that underpin mobile signals data. SS7 was outed to the world nearly ten years ago, and security is no tighter than it was, other than the employees with access being less open to bribes, and perhaps their access more tightly monitored when using certain parts of the system.
How do we know a product like "Efani" doesn't create a problem like this so they can sell their product. I'm always highly suspicious of such things. Remember a little movie way back in the 90's with Sandra Bullock called "The Net?"
One problem is you can often change the default 2-factor mechanism but the fallback is still likely SMS. There needs to be some sort of backup to prove your identity in case your primary method gets lost or broken.
Note it is not just two factor authentication. They can reset your password. One should not use the listed phone number as your password reset/two factor authentication number (they are different setting on, say Google). I use a prepaid where SIM swap is not possible. They will not provide a new SIM under any condition (if I lose the phone I lose the number and the balance) as they do not know whose it is. I have that number as the second SIM.
Is this video sponsored content? I can't even tell, but I'm sketched out by the fact that not even a minute into the video, in rolls an inbuilt ad for a product you claim is "the only service" that protects against the scam that is the subject of the video. It just has that same creepy, inauthentic feel that sponsored content always has.
Some good information BUT!! it's basically an add for a security system without a price mentioned. To find out the price ? you would, no doubt, have to enter your information???
I had just subscribed...then I saw his rude snarky reply. Notice he didn't answer the question. This is a thinly veiled infomercial. During times of exponential inflation and the tail end of a pandemic that devastated the economy, $100 is DEFINITELY something to balk at. This guy's disgusting.
@@SpecsAppeal agreed. If they were t going to answer the question they could of left out the rude response. Let’s not forget everyone isn’t as fortunate as this guy. $100 might be nothing to you but to some that’s money that goes toward rent.
@@Ricoxsuav3hh he’s def getting like $10 per haha, but def agree man’s was just asking a question after being surprised at the cost of the service, no need to be rude Man’s acting like he was working at a restaurant, saw young people ask why the steak is over $50 and told them that’s why cheap people need to eat at cheaper places
What a lot of people do not understand is that the phone number they use is not theirs, you do not own your phone number, your provider owns it. Not you. Second, use an authenticator app for mfa. There are plenty out there you can use. Here (the Netherlands) you have to go to a store physically if you want you sim to be swapped and they will only do it if you bring your ID (Passport, Driver license) card to identify yourself. Thanks for your attention, Rik
Thanks! iPhone has a sim pin in Settings- Cellular. Mine was set by default to 'off', so I enabled it, then set my own unique 5 number pin. I feel it's much more secure now!
1:55 How is this hard to detect? If my SIM gets disconnected from my carrier, then the notification in the top left of my phone changes. I look at my phone multiple times a day. I’m confident I’d notice this immediately.
I use authenticator apps everywhere I can, but tell me, why don't banks give you the option to use authenticator apps? That's the most vulnerable account for anyone and banks don't let you use the more effective methods of authentication!
I enabled sim lock but when I'm logged in the sim card is unlocked. I need to use my selected pin before the login. I use my flip phone for bank texts. Instead
This is great info, thanks. I wouldn't dare do that last thing, though, because I wouldn't be able to remember the fake info I gave for the security questions. It's still a great idea, though.
@@SurfCityBill Another variation of this that could work is, your answer to those questions is a random phrase or word that you use, which has nothing to do with the question. "Name of favorite pet?" = whatchamcallitphrase. "Name of favorite teacher?" = whatchamacallitphrase, etc...
Or just answer with the 2nd of whatever instead of the first. First street you lived on? Give the 2nd or 3rd or something you will remember. If your memory sucks so bad you can't do that. Work on your memory. If you are unwilling or too lazy to yo do that; get a digital password vault that you keep at home. But really, just spend less time scrolling and more time working on your memory. You will be way better off developing your brain, rather than rotting it away on social media.
@@borrago answering the second question is a good idea, but I don't know where you get the idea that I spend all my time on social media. Some people have short term memory problems that are not self-inflicted.
Thank you so much for these suggestions. Thanks to you, I was able to set up a SIM PIN, and I also enabled other security features my carrier offers to harden my account against misuse. Great tips! 👍
@@alejandragonzalezguel900False sense of security is a wonderful thing... In real life, the risk is from an insider at the cell carrier, or malware infected store computers... Neither of those is likely to happen to a bank. Hence: use a secret sim only with banks...and realize that whenever a human looks at your account, your secret # is less a secret - so do everything on mobile app, secured by biometrics and an extra security app that adds PIN to that, in case phone is stolen. That's what I do...
Go personally to a physical outlet when purchasing a phone and renewing your plan. Here in Canada, where I live, I go to an outlet in the mall and they will give me $50 credit card as a token for doing business at their outlet.
100% of SIM swap attacks are the result of someone other than the owner of the account modifying the account without the owner's approval. A company called Cloaked Wireless has solved this by only letting the subscriber modify the account (their staff can't modify accounts). Basically, it solved the whole SIM swap problem.
Is theft from a SIM Swap not possible if one is using 1Password? The thief wouldn't be able to change passwords to my finanical accounts without knowing the original passowords, right? Am I missing something here?
If the SIM swap attacker pretends to be you and says they forgot their password, they can potentially reset your password if they know whatever basic personal info the bank also demands (username, account number, SSN, etc.). SMS 2FA can actually be worse than no 2FA, because they would never be able to do this with an account protected only by your password. The easiest solution is to keep a VoIP number on file at your bank instead of your real phone number. However, not all banks accept VoIP numbers, so this can narrow your options. It would be great if they allowed TOTP 2FA with an authenticator app (while also allowing SMS to be disabled as an option), but I don't know of a bank in the US that does.
Hi, Can you make a video about SIM LOCK, this feature available in Android and iPhone. How is the sim lock work? Would it prevent SIM SWAP? AND further more about Esim. Would Esim prevent sim swap since it's not a physical sim card? Thanks
You can put a 4 digit lock code on your SIM which prevents it being used in another phone or indeed your own phone until you've entered it on turning on the phone but it wouldn't prevent the SIM swap fraud being discussed because the fraudster gets hold of another SIM which replaces yours
My final thought is this is noting more than a video to sell a product. Two step verification is the SECOND step in the process. ON all my accounts where it is setup, the code is NOT sent out UNTIL I have signed into my account using up to a 32 character password that is known only to me. A person cannot just enter a six digit code and gain access to my accounts. Yes, if they somehow get a hold of my computer or are able to implant a trojan to log keystrokes than that might work. However, since most people use their phone on a daily basis, they just need to understand if the phone no longer works call the provider and find out why. Go next door and call from your neighbors phone. What gets me is this video is so full of holes it is obvious someone is just trying to sell something.
Interesting. So for anything financial we have a dedicated chromebook with a bogus account. From that chromebook/account I only ever log onto my password vault. So in theory even if my phone was sim swapped, then the google account they got access to would be my personal account, not the bogus one that I accessed the financial stuff. I never log onto my password vault from my regular email, So in theory if I was sim swapped it would be irritating but they would have no way to know what the 2FA codes were for right??
lock your google account behind a physical key. google advanced security is most secure way to go. Google voice, physical key, vpn and now you are locked down. no sim = no sim swap and your passwords are locked behind a physical key. Never associate a sim phone number to a financial account again.
the solution to this SIM swap thing is simple- you need to drive down to your carrier and do the swap THERE- IN PERSON. You need to bring documents such as phone bills, utility bills and of course picture ID. No more over the phone sessions to some minimum wage employee clock watching for her next break.
@@fdllicks yes- the guy in the store that you RANDOMLY picked is 'in on it'. ??? Also- I'm saying to make it a REQUIREMENT that all sim swaps need to be done at the brick & mortar to begin with- not after the fact.
@@lynskyrd This happened 4x to me. Each time the store the fake sim card was sold in was in another state. Twice, it was in Brooklyn NY, where i have never been. Did this happen to you? If not, shut up. Talk about things you have experience with.
@@fdllicks okay- first off, the fact that you got scammed 4x doesn’t make you an authority on the subject- if anything, it just proves you’re either stupid or careless- take your pick. So with that said- let me try this ONE more time: in order to fall victim to this SIM swap- a few things have to ‘line-up’-- the victim would have to have somehow divulged specific information about one’s self- this is usually done through social engineering scams such as “you received a UPS package- please click this link to verify address” - that type of thing. The other piece that has to be in place is - sure- there might be an ‘inside man’ at the Verizon or AT&T store; but that’s traceable provided due diligence is followed. What I’m suggesting is that unilaterally, Verizon, AT&T, T-Mobile, etc enact an across the board policy that only permits SIM swaps at the brick & mortar in which, positive proof of ID must be demonstrated. This includes picture ID, utility bills and past cell phone bills. There is NO WAY a SIM can be stolen this way. OK - I’ll ‘shut-up’ now because I’m done with this- listen-don’t listen- I don't care.
I have SIM card cloning issues, Authy is SIM based and was exploited in my iphone. Corrupt police can do anything on a cell phone, my ex's friends in police department have been ruthless, corrupt and downright criminal.
Authy is only sim based when you set it up the first time. Set up Authy on multiple devices, and then turn off multi device. No one can use Authy on a new device unless you enable multi device for setting up a new device.
Haha I get that! It's one less thing to remember. But if you really want one, go SMH less. Buy just the device, do not install the pesky card 💳 (sometimes they come without. Hooray!) Then just use the phone like a mobile computer with wifi Source: that's what I do+
How about all sun swaps be done in person for security reasons . Just like banks will not make any changes to your account via phone . In person only .
Can’t SIM swap a Google Voice number. Set it up on a dedicated Google account. Sometimes it doesn’t work for me because I assume they check and see if it’s a “real” number with a “real” carrier, but most of the times it works and that’s what I use.
Good information 👍 In Pakistan, even if I give my sim to some scammers myself they can't do anything bad to me. In case they spoof me somehow, for cell carriers to issue them a replacement sim card, they will ask a number of personal info plus a biometric verification (one thumb and and a fingerprint of other hand at least). As for my bank account, it is also set on a fingerprint sign-in method 😊
The really hilarious part in all of this. Most all countries not in the western world have better banking security. A price to pay for having prehistoric politicans running the country.
My bank does allow for the use of a physical dongle required for login. They say it will even work out of the country. But use of the dongle has allowed me to quit using their SMS-2-factor verification.
Hi. Everyone. I have a question. Is Sim lock will prevent Sim swap (phone number port out) ? I saw a few TH-cam videos how to set Sim lock from the phone. But I'm not sure if that will prevent the Carrier from port your phone number out ? Any input information. Greatly appreciated. Thanks
You can put a 4 digit lock code on your SIM which prevents it being used in another phone or indeed your own phone until you've entered it on turning on the phone but it wouldn't prevent the SIM swap fraud being discussed because the fraudster gets hold of another SIM which replaces yours
hi, I am one of the SIM SWAP victims. if the card is inserted into someone else's cellphone, it will take 5 minutes. Will the cellphone be hit too? please answer my question
Doesn't the scammer need your account password to get into your account? There's a reason why they call it two factor authentication. They should need more than your phone number.
Once again while watching SIM-swap related video I don't understand where in the world does that flawed practice of swapping SIM "legally" based on just a remote call of seeming "owner of a stolen phone" takes place?
So what about people who dont have there actual phone number widely known like if you use a service like Hushed or Cloaked would that be a good way to avoid this ???
I don't believe this could happen to me because whenever call my mobile carrier they always ask me for a four digit PIN number that only I know and have known since I set it up and without which I can't change anything
Sim Swap may transfer the phone but it does not transfer the Keychain where the user id and passwords are housed , without out the user id a sim swap is useless even if a 2FA account reset is done imo.
Use masked emails For your primary carrier I cannot stress this enough that and 2FA and if a company or bank will still only let you use a phone number use your masked one that gets filtered through a privacy app that way it intercepts the code first and your phone number doesn’t get it at all!
Let’s say someone steals my phone #…how would they a) know which bank I deal with? And b) even if they knew that, how would they logon to my online banking to trigger an sms to be sent?
Here in the state of Colorado some police departments won't even bother to help you with any identy theft or cyber crime. You can't get a report to help you .
SIM change shouldn't rely on a few security questions! They should see that the phone SIM is currently active on a phone IMEI that has been the same for some time. They can even see that it's in the same area. If at home, then they would see it connected to the same cell tower that it's always connected to. If the thief claims that the phone was stolen, then need to show identity plus a plausible story. Especially when claiming that it's lost in a state that the phone wasn't recently in. Sure, people lose phones when they travel, and maybe you dropped it at the airport before your flight and report it missing in the new state, but then you could prove your story. If the person can't prove the story, then send message then block the number for 24 hours to give the real owner time to go to the store.
My boyfriend has a few of them plugin keys, and other weird looking gadgets. He is a network engineer mostly focusing on cyber security. I have all these issues literally DAILY
All very well to be aware of this, but is is the SECOND factor. The first factor is knowing the victim's bank account number AND their online password to log in, AND their phone number. None of these many videos about sim swapping even mention how that primary breach happened in the first place.
@@AllThingsSecured Yes, but It is still the same question... they do not have your phone to get the account number. They only have your new sim which gives them your phone number. So the first data breach had to happen another way.
The FEDS can use devices in your neighbors house that can make your cell phone think it's connecting to a legit tower when it's actually connecting to their device. This enables them to access your operating system and perform a Sim SWAP and perform Debugging operations on your phone.
With the newer/higher end phones it's optional use a SIM - they have an "eSIM" which is builtin to the phones. I know iPhone 13 as one example I have personally helped someone switch to. Just call tech support with your cell provider and tell them you want to use only the eSIM. Then break the SIM with plyers, throw it away, and you're safe from this scam no matter what. Or Google on how to add the SIM pin if you don't have one. (The default pin is 0000 with Androids apparently, which is needed to set your pin.)
Here’s a stupid question…why don’t Carriers call the actual number before allowing a sim swap?
Idea to simple for complex unchecked levels at corporate
@@tombucannon because, like every other company in this country, they don't care. All they want is that bill paid each month and screw your and you security conserns.
as someone who works in phone retail, this could never work because we so often have people who lost our broke their device and don’t have a secondary security number/family member to call to verify
So that the one who stole your phone can cancel the swap?
It is not a stupid question
This is totally the fault of the phone companies and they should be held liable for the loses due to their lack of security in these instances.
No. I don't care what they do, you will NEVER be safe from a SIM swap. As long as your security key is controlled by a 3rd party you are vulnerable. The fault is ANY company that forces use of SMS a a factor for MFA. It's insane that SMS is used for this.
The only secure way of dealing with things is hardware keys, auth apps or passkeys. SMS should be thrown in the rubbish bin for any form of security. It was meant to send quick personal messages between people who know each other, that's what it should remain doin.
Or call your banker. Nevermind, most of my employees love no banking personalization.
How can u avoid getting scammed by sim swap? DO NOT MAKE BANK BUSINESS THROUGH PHONE APP!!!! I do my bank business on my lap top at home through bank internet page and bank codes. There is nothing that can not wait to get paid until u get home and nobody can access my bank account without my pin number and bank codes, even thou i receive an sms to confirm transactions.
@@bambinaforever1402 Sure. Now, how about most banks in my country that only offer SMS as a 2FA? There are no 'bank codes', it's SMS or nothing.
And no, this has nothing to do with using a phone app, logging in on the web is exactly the same process.
Yes, our banks are stupid bad for security.
@@repatch43 Bank of America uses SMS text as 2FA, which is the ONLY 2FA that they support. A major bank... and that's their ONLY option....
More proof that regardless of how vigilant you are with cyber security, the large corporations we commerce with are the weakest link.
You can still increase protection by removing sms 2fa from sensitive accounts, instead relying on 2fa authentication apps on a biometrically secured phone.
Until security is tightened on the SS7 protocols your data is open to interception anyway. Just don't use SMS for 2FA.
@@Fatman305It depends on the site, many don’t allow that
@@martinlutherkingjr.5582 True. For these select few (gov/financial) sites, I use a relatively private # that only these sites have, but also my personal contacts have/use. Reasoning behind it being, that it's extremely unlikely for that # to be leaked out, unlike my other # (now in Google Voice) that's on the B2B Business data leak of 2017, Facebook leak of 2019, Leadhunter leak of 2020, AT&T leak of 2021, and Twilio leak of 2024...
Needless to say, that's the number I still use today to communicate with businesses. In the remote chance that my gov/financial # finds its way on the dark web (I have Google Dark Web Report), I'll move that # also to gv and get a new # asap lol
In Italy, where I live and work, you have to present the phone company operator a police statement (theft, lost SIM, etc.) and an identity document (Passport, Identity Card, etc.) in order to get a new SIM. It has always been so. The European Union has recently released a series of rules to phone companies in order to fight SIM swapping and others types of scam. Transfering the phone number to a new operator is equally protected. For example, a phone call or a SMS is sent to the existing SIM in order to notify the user before moving the number to the new SIM.
This!!!
As it should be!!!
EU is always lightyears ahead of US/Can in these things.
That is a bummer. If your phone is stolen or got destroyed together with sim card how is that possible
@@bambinaforever1402no problem...ur id is stored at the company ..its easy to check if you are you ( passport, loss report from.police,puk code ) and all in person...
Your phone service carrier should be held liable for poor employee training if sim swap happens to you.
Usually, the guy at the store is in on it.
Bottom line I have a cheap prepaid phone. I was already scammed.
@@Maria-fz1muu do not need to have a cheap phone to have a prepaid sim card. I have an expensive iphone with prepaid UNREGISTERED card
How would it have the same number if your phone still work?
@@fdllicksYep and it is groups and clubs. Need to go a little deeper with police work and really see who these people are working for. It’s not hard and I will not say it here. Groups and Clubs have changed. Not so much the burly dude anymore. Now it’s sending out people in the Suburbs to steal. Should be charged with Domestic Terrorism. I wouldn’t trust anyone especially in or near your home or phone . Turn Numbers Lock on and get off WIFI. Be careful at the Bits By store and the Tweak Squad . It is Rampant. (Not all but more than you think and can imagine).
The phone companies should be held accountable
I wish they were.
Phone companies are not providing secure services to those paying the monthly talk and text bill and should be held accountable as they know from the get-go the consumer is NOT secure!!!!! The end users are not technically savvy and expected to figure this stuff out is ridiculous!!
What they need to do is force you to visit one of the stores with some sort of government issued photo ID (this would mean no credit cards can be used as ID). The whole idea is to do it in person rather than taking your word that the account is yours. Too many things are done over the phone or internet rather than in person. It is only for convenience. It is time to give up some of that convenience in exchange for security. Too many people want convenience but they don't realize what they get in exchange.
In my case, my exboyfriend did just that. He physically went into the store in another state claiming he wanted to port his number to his new phone, but it was my phone number. Fortunately, for me, we had the same carrier who pulled up the number he gave them, saw a female name on the account and called me and left a message on my voicemail. I, of course, called them back immediately and told them I had ended our relationship because I caught him steaming open all my mail while I was out of the country for 6 weeks going to school abroad in Paris. He offered to take care of my dog while I was out of the country (so he could go through all my mail and computers while I was away).
Seriously.
This was a man who treated me so well, was kind to my dog, and who never showed any signs of jealousy, rage, or violence toward me (or anyone). It just goes to show you that some people are extremely accomplished at being two-faced to the point of it being nearly undetectable.
This was a highly intelligent man, who was moving to Cambridge, MA to attend MIT b-school, and it was there that he tried to port my number to his new phone AFTER I had caught him steaming open my mail and cut all contact with him and told him to never contact me via any form of communication again ever.
He was such a seemingly nice, kind, generous man you would never suspect of anything like this, but that was just who he pretended to be when he was with me. He was living a kind of double persona around his friend group.
His last words to me as I was escorting him out of my apartment building were, "I've never know anyone who is as honest as you are." I told him to remember that when someone else betrays him, how he treated the most honest person he had ever known in his lifetime." He hung his head and left quietly.
Two months later, he tried to port my phone number and sim card to his phone on the other side of the US. Only the carrier calling my voicemail and leaving me a message saved him from being successful at it.
The don't require it to vote. Also they won't require it to transfer because people are lazy.
The guy at the store is in on it. He is buddies with the thief and orchestrating everything.
That is how it is done here. Finland. The country with the first operational GSM network.
@@fdllicks Yes, and next the person, who issued the change, faces some interesting questions. Simple.
That suggestion about not giving truthful answers to security questions is a good one. I've been doing that for a while.
I have a hard enough time remembering the real answers let alone made up ones.
That’s a good idea
Yes, because lots of information about you is available on public records. One common question is, in what city were you married. They can find the answer but if you give the wrong city as your answer, even if they know the right answer it will be wrong.
Been doing that since the first time lol. I treat them as passwords and whatever the question is I just enter a 20 digit hard af password.
I started doing this after yahoo email was hacked, and I couldn't remember which security questions I'd answered (yahoo required them), and stupid yahoo gave no record of that.. At least there seems to be little use of security questions anymore.
how about requiring customers come to a phone store and show their physical ID? if they can’t there is always video conference.
I was called by a tmobile store in brooklyn ny bcz a 19 yr old walked in with a completely legit looking drivers license with my name on it. They were suspicious bcz he was 19 and i am 51. also, their buddy works at the store and is orchestrating everything.
Their buddy at the store is in on it.
My carrier tracfone doesn't require a security word . Confusing
Video is useless with the level fairly cheap AI can produce. It might work for a few month but soon AI will be able to produce on demand responses in real time. In person or bust imo.
2FA via SMS can be intercepted anyway. Don't use SMS for 2FA.
@@fdllicks I thought this was the case. Inside job.
RE: Security questions - giving the wrong/incorrect answers.
This is the best nugget of info in this video, cant believe i didnt think of this before
The phone companies should require people to come into the store with 3 pieces of ID to transfer a phone number to a new SIM card.
Doesn't help. Inside jobs that are hard to trace. One employee steals another's credentials etc. Can also easily infect some store location with malware.
@@Fatman305 It would help because SIM scams are not always an inside job. Scammers want to avoid security cameras and avoid leaving evidence (DNA).
Then that's easy. You can sue the carrier directly if that happens.
@@dodgek5270 Happens all the time already, and a guy lost millions in crypto and *lost* a lawsuit against att for this exact scenario. Carriers aren't responsible for sophisticated criminal employees that strike without warning...
100% Our phones aren't toys. It should be harder to swap sims than to get a passport ffs! Hell you should have to bring a witness, who has ID as well, that is pre listed on your phone account.
I called AT&T and said DO NOT allow SIM swapping on my account about 2y ago. They said they have no way of doing this! I said okay put your manger on the phone, told them this phone call is recorded and that I want you to personally note my account that SIM SWAPS are not allowed unless done in person. I doubt they gave me a real name OR that my account was noted so I tested it and NO NOTE was added. The fact that a multi billion dollar company can't add a policy saying anything SIM related must be done in person, including changing options from this point on, is beyond me. Reminds me of trying to buy a series X from Microsoft a few years back, THE tech giant of the world, does not have a simple captcha in place to prevent bots from exploiting on their website. We must be real naive not to be able to read between the lines...
You are not bright. Maybe rewatch video 10x to understand how it works
hint: no sim = no sim swap. i bank all over the world without a phone number tied to a sim.
Interesting. In most developed countries you need to provide physical ID at a physical location or authenticate with your online banking credentials to request a new SIM, which can only be sent to your registered address or picked up from a store with physical ID like a passport or ID card.
That’s y scammers use an rdp server and link it to ur ip so it looks like the mobile call is coming from the residence u stay in
@@EMERBRUHare you brain dead? He said PHYSICAL. What's that got to do with an RDP server?
In America, our representatives do not work for us. This is why were the only 1st world power without national health and so much more.
As usually with corporations, spend millions advertising how wonderful they are but pennies on training.
It is not "training". The guy working at the store is in on it.
@@fdllicks
Not talking about the store, talking about customer service. The vid talked about them being the weakest link and insufficient training.
But they're also low paid (and relatively numerous) and thus, low in quality. And quality costs money. We all want vast numbers of top quality people on the job until we realize how much that'll cost us. Large numbers of highly trained, high quality employees are not cheap, and you have to recruit and retain them, too. Millions in advertising is actually quite cheap, by comparison, and unlike customer service, ads generate revenue- which in turn could be used to improve customer service.
@@BologneyT yep, when your paycheck doesnt cover the bills, and you start thinking. And your buddy comes to you and asks you to help him with a sim card swap for$100. You look at your tiny paycheck, and tmobile says "we arent paying you for lunch anymore", and "come in at 11 instead of 9", it is tempting.
I don't use my phone to pay for anything. I've got to use it for 2-step verification on many accounts I have, but I get e-mail alerts when that happens too. I have complex passwords for all of my accounts that aren't the same because I got an alert someone tried to get into one of them a year ago.
The bank bit pisses me off and like the phone companies, they should be held accountable for not taking steps to enable their customers to CYA. Your video was very informative as always. Thanks to you, my wife and I bought Yubikeys and love them! Thank you!
Re: carrier account pin code or p/w....a good practice is to change it after calling carrier and giving it to them to verify your account. You never known if they've written down somewhere
Good thinking !
Thank you so much
Let me share one more thing with you, I was a victim of sim swap before, so I set a pin and did what you just said, but I went a step further by asking the company to put a note on my account that no changes or swapping the SIM card over the phone or the internet, the only way to do something on my account is to be in the store physically, and with a valid ID.
Now when I try to call the customer service or do something online I get a message: (sorry you need to come to the store with a valid ID in order to make changes.), it's not very convenient but it's more secure somehow.
One question, do you know any bank that allow using physical 2fA key to login?
Thanks again for your awesome info
That's a great way to do it, Michael. Most major banks I know don't allow for a 2FA key, but there are smaller online banks (such as Mercury) that do offer the option to secure with a Yubikey.
@@AllThingsSecured
Thank you so much ❤
I was SIM swapped last week by a person physically in the store with a fake ID. T Mobile didn't require a pin or anything since they had a fake ID. You're not safe with that plan.
@@mattshaul5670 that is what just happened to me today, it was super scary!
@@AllThingsSecured Excuse me, what do you mean by 'DON'T ALLOW'? In Europe, 2FA is a minimum requirement meanwhile for log in as well as for transactions.
One more easy and important tip which you should have mentioned is to never use your primary SIM number as the 2FA number.
Buy a 2nd SIM and use that for important accounts and only use for those accounts and never contact anyone with that SIM nor share that number with anyone.
Ok so I presume that for Sim swapping you at least need to give them your number?
That is good advice. My wife's phone has space for two SIM cards. So, she could do that with just one physical phone.
yup
@@CzechShooter nope. the real solution is a phone number not tied to a sim.
lolz try a phone number not tied to sim....much safer.
I'm curious, how concerned are you about your mobile phone provider? If it's a serious concern, check out the added privacy and protection of Efani: efani.com/allthingssecured
What else they can attack in future ?
Third party ( tv media or radio ) seems pissed n try to attack when they cant
@Savy Lany nope. Most guys just want your money 💰 or atleast the people ik 🤷 so I wouldn't worry about that just secure your device and account
@@savylany5754Broadcast interruptions and channel hijacks are old hat. Both analogue and digital systems have been used in the wild, from the late eighties until 2020 being the most recent I'm aware of.
In the cases I know of, it wasn't for the purposes of fake news, but with AI video deepfakes becoming ever more widespread, in conjunction with a seamless signal hijack, you could fool just about anyone watching.
As IoT devices smart TVs can also put a network at risk. And you wouldn't need anywhere near as much know-how and expensive equipment.
So there is no way to easily avoid it, other than your recommendation to buy this expensive third party cellphone plan. As far as Efani, one of my main concerns is if they all of a sudden go out of business. Since they're the one your phone number is with, and not the underlying carrier, you might be screwed and lose your number. They'll be no way to port it out. :/
have a second SIM for just the 2FA ... easy
You didn't explain:
1. Scammer needs userid BEFORE they can click on " forgot password" Having the sim card does not tell scammer what banking APPS are on your phone, what any saved userids are, or even what banks you use.
2. Service provider always is supposed to ask for passcode or answer to secret questions before believing anything. They should also attempt to call/text/email the phone first.
What about newer phones without physical SIM cards. Or are they digital SIM cards?
They use "e-sims". Most phones the last few years have both types.
Without sim card is also a thing. The slot stays empty and phone runs on wifi.
America runs on Dunkin and my smartphone runs on wifi
@@ElaineGarcia-uo8qj lolz you are the only person that gets it. no sim = no sim swap. People always overlook the simple for the complex. I travel the world with no sim and log in with vpn. never a problem.
Thanks Josh, for the clear and detailed explanation of SIM swapping and yes...great advice and reminder, even for those of us in the IT industry...cheers
So the weakest link here is the customerservice of your cellphone provider. I just decided to read into how my provider deals with it and it seems they have extra security layers build in which is good to know. They also seem to get training a lot to look out for the signs.
you can get a phone number not tied to a sim.
The weakest link is the 1970s protocols that underpin mobile signals data. SS7 was outed to the world nearly ten years ago, and security is no tighter than it was, other than the employees with access being less open to bribes, and perhaps their access more tightly monitored when using certain parts of the system.
How do we know a product like "Efani" doesn't create a problem like this so they can sell their product. I'm always highly suspicious of such things. Remember a little movie way back in the 90's with Sandra Bullock called "The Net?"
Exactly. I feel the same about antivirus software.
Oooh, The Net is one of my favorite movies! Not one of my security question answers. lol
Yeah, ok . They invented sim swapping. Right, smart guy
Don't save/remember User Name or Login ID on an app. Another thing that a scammer would have to guess.
I don't get it, what does PIN-lock for the SIM help if they get a new SIM card....or did not understand it
you have to give them PIN number before they can give you new SiM card - and only the owner would know PIN to his own SIM
One problem is you can often change the default 2-factor mechanism but the fallback is still likely SMS. There needs to be some sort of backup to prove your identity in case your primary method gets lost or broken.
Note it is not just two factor authentication. They can reset your password. One should not use the listed phone number as your password reset/two factor authentication number (they are different setting on, say Google). I use a prepaid where SIM swap is not possible. They will not provide a new SIM under any condition (if I lose the phone I lose the number and the balance) as they do not know whose it is. I have that number as the second SIM.
Interesting idea. Thanks for sharing.
I like this idea
Who do you buy your pre-paid SIM from?
Is this video sponsored content? I can't even tell, but I'm sketched out by the fact that not even a minute into the video, in rolls an inbuilt ad for a product you claim is "the only service" that protects against the scam that is the subject of the video. It just has that same creepy, inauthentic feel that sponsored content always has.
This was an infomercial 😂
this clown is a shill selling useless garbage that is not needed.
1000 bucks a year ! Who can afford that in today's world with prices of basics like food etc getting more and more unaffordable ?!
Some good information BUT!! it's basically an add for a security system without a price mentioned. To find out the price ? you would, no doubt, have to enter your information???
$99/mo!!! How much of that do you get?
Oh goodness. If you’re balking at $99/mo, then the service definitely isn’t designed for you.
I had just subscribed...then I saw his rude snarky reply. Notice he didn't answer the question. This is a thinly veiled infomercial. During times of exponential inflation and the tail end of a pandemic that devastated the economy, $100 is DEFINITELY something to balk at. This guy's disgusting.
@@SpecsAppeal agreed. If they were t going to answer the question they could of left out the rude response. Let’s not forget everyone isn’t as fortunate as this guy. $100 might be nothing to you but to some that’s money that goes toward rent.
@@Ricoxsuav3hh he’s def getting like $10 per haha, but def agree man’s was just asking a question after being surprised at the cost of the service, no need to be rude
Man’s acting like he was working at a restaurant, saw young people ask why the steak is over $50 and told them that’s why cheap people need to eat at cheaper places
@@AllThingsSecuredso you don't want more subscribers. Nice.
What a lot of people do not understand is that the phone number they use is not theirs, you do not own your phone number, your provider owns it. Not you. Second, use an authenticator app for mfa.
There are plenty out there you can use.
Here (the Netherlands) you have to go to a store physically if you want you sim to be swapped and they will only do it if you bring your ID (Passport, Driver license) card to identify yourself.
Thanks for your attention,
Rik
Thanks! iPhone has a sim pin in Settings- Cellular. Mine was set by default to 'off', so I enabled it, then set my own unique 5 number pin. I feel it's much more secure now!
if u dont use sms verifaction your vulnerable to key loggers i think key loggers are more common
1:55 How is this hard to detect? If my SIM gets disconnected from my carrier, then the notification in the top left of my phone changes. I look at my phone multiple times a day. I’m confident I’d notice this immediately.
I use authenticator apps everywhere I can, but tell me, why don't banks give you the option to use authenticator apps? That's the most vulnerable account for anyone and banks don't let you use the more effective methods of authentication!
my banks are tied to my devices. i have no sim and use vpn. I sleep just fine at night and never have a problem logging in.
I enabled sim lock but when I'm logged in the sim card is unlocked. I need to use my selected pin before the login. I use my flip phone for bank texts. Instead
My mobile service provider leaked my phone number and the serial number of my sim card. Does this expose me to the increased risk of SIM swapping?
Yes change it
Beware this dude selling Efani.
Helpful info that isn’t widely discussed
wrong info to get you to buy something would be more accurate.
This is great info, thanks. I wouldn't dare do that last thing, though, because I wouldn't be able to remember the fake info I gave for the security questions. It's still a great idea, though.
I agree. I have a hard time remembering the real answer let alone the fake one I came up with two years ago.
@@SurfCityBill Same here. I have a hard time even remembering if I capitalized the first word or not.
@@SurfCityBill Another variation of this that could work is, your answer to those questions is a random phrase or word that you use, which has nothing to do with the question. "Name of favorite pet?" = whatchamcallitphrase. "Name of favorite teacher?" = whatchamacallitphrase, etc...
Or just answer with the 2nd of whatever instead of the first.
First street you lived on? Give the 2nd or 3rd or something you will remember.
If your memory sucks so bad you can't do that. Work on your memory.
If you are unwilling or too lazy to yo do that; get a digital password vault that you keep at home.
But really, just spend less time scrolling and more time working on your memory. You will be way better off developing your brain, rather than rotting it away on social media.
@@borrago answering the second question is a good idea, but I don't know where you get the idea that I spend all my time on social media. Some people have short term memory problems that are not self-inflicted.
Thank you so much for these suggestions. Thanks to you, I was able to set up a SIM PIN, and I also enabled other security features my carrier offers to harden my account against misuse. Great tips! 👍
I’m glad it was useful!
How does SIM Pin prevent the swap?
The explanation I read on forums is that it only prevents the physical SIM from being used on a different device
@@alejandragonzalezguel900False sense of security is a wonderful thing... In real life, the risk is from an insider at the cell carrier, or malware infected store computers... Neither of those is likely to happen to a bank. Hence: use a secret sim only with banks...and realize that whenever a human looks at your account, your secret # is less a secret - so do everything on mobile app, secured by biometrics and an extra security app that adds PIN to that, in case phone is stolen. That's what I do...
Go personally to a physical outlet when purchasing a phone and renewing your plan. Here in Canada, where I live, I go to an outlet in the mall and they will give me $50 credit card as a token for doing business at their outlet.
100% of SIM swap attacks are the result of someone other than the owner of the account modifying the account without the owner's approval. A company called Cloaked Wireless has solved this by only letting the subscriber modify the account (their staff can't modify accounts). Basically, it solved the whole SIM swap problem.
The presenter failed to tell us how the Effany staff are screened before they are hired. Their jobs give them too much access to people accounts.
Is theft from a SIM Swap not possible if one is using 1Password? The thief wouldn't be able to change passwords to my finanical accounts without knowing the original passowords, right? Am I missing something here?
If the SIM swap attacker pretends to be you and says they forgot their password, they can potentially reset your password if they know whatever basic personal info the bank also demands (username, account number, SSN, etc.). SMS 2FA can actually be worse than no 2FA, because they would never be able to do this with an account protected only by your password.
The easiest solution is to keep a VoIP number on file at your bank instead of your real phone number. However, not all banks accept VoIP numbers, so this can narrow your options. It would be great if they allowed TOTP 2FA with an authenticator app (while also allowing SMS to be disabled as an option), but I don't know of a bank in the US that does.
Hi, Can you make a video about SIM LOCK, this feature available in Android and iPhone. How is the sim lock work? Would it prevent SIM SWAP? AND further more about Esim. Would Esim prevent sim swap since it's not a physical sim card? Thanks
You can put a 4 digit lock code on your SIM which prevents it being used in another phone or indeed your own phone until you've entered it on turning on the phone but it wouldn't prevent the SIM swap fraud being discussed because the fraudster gets hold of another SIM which replaces yours
My final thought is this is noting more than a video to sell a product. Two step verification is the SECOND step in the process. ON all my accounts where it is setup, the code is NOT sent out UNTIL I have signed into my account using up to a 32 character password that is known only to me. A person cannot just enter a six digit code and gain access to my accounts.
Yes, if they somehow get a hold of my computer or are able to implant a trojan to log keystrokes than that might work. However, since most people use their phone on a daily basis, they just need to understand if the phone no longer works call the provider and find out why. Go next door and call from your neighbors phone.
What gets me is this video is so full of holes it is obvious someone is just trying to sell something.
Thank you for that. I feel a little better about this, after reading what you said. It makes sense to me.
This is great! I can’t help but take credit for the suggestion to talk about physical SIM passcodes. :)
Feel free. I will caution people that it’s very easy to get locked out of your SIM if you do it wrong, though.
@@AllThingsSecured yes absolutely.
@@AllThingsSecuredCould you recommend a similar phone product that people reside in Canada can use?
7:51 As far I am aware, the passcode is only valid to the simcard you are holding, not another sim.
He never showed visually how this scam operates!!!!!!!!!
Interesting. So for anything financial we have a dedicated chromebook with a bogus account. From that chromebook/account I only ever log onto my password vault. So in theory even if my phone was sim swapped, then the google account they got access to would be my personal account, not the bogus one that I accessed the financial stuff. I never log onto my password vault from my regular email, So in theory if I was sim swapped it would be irritating but they would have no way to know what the 2FA codes were for right??
lock your google account behind a physical key. google advanced security is most secure way to go. Google voice, physical key, vpn and now you are locked down. no sim = no sim swap and your passwords are locked behind a physical key. Never associate a sim phone number to a financial account again.
Are there any cheaper ways? 99 dollars per month is expensive
the solution to this SIM swap thing is simple- you need to drive down to your carrier and do the swap THERE- IN PERSON. You need to bring documents such as phone bills, utility bills and of course picture ID. No more over the phone sessions to some minimum wage employee clock watching for her next break.
Too late. They already drained your accounts by the time you figure it out. Also, the guy at the store is in on it.
@@fdllicks yes- the guy in the store that you RANDOMLY picked is 'in on it'. ??? Also- I'm saying to make it a REQUIREMENT that all sim swaps need to be done at the brick & mortar to begin with- not after the fact.
@@lynskyrd This happened 4x to me. Each time the store the fake sim card was sold in was in another state. Twice, it was in Brooklyn NY, where i have never been. Did this happen to you? If not, shut up. Talk about things you have experience with.
@@fdllicks okay- first off, the fact that you got scammed 4x doesn’t make you an authority on the subject- if anything, it just proves you’re either stupid or careless- take your pick. So with that said- let me try this ONE more time: in order to fall victim to this SIM swap- a few things have to ‘line-up’-- the victim would have to have somehow divulged specific information about one’s self- this is usually done through social engineering scams such as “you received a UPS package- please click this link to verify address” - that type of thing. The other piece that has to be in place is - sure- there might be an ‘inside man’ at the Verizon or AT&T store; but that’s traceable provided due diligence is followed. What I’m suggesting is that unilaterally, Verizon, AT&T, T-Mobile, etc enact an across the board policy that only permits SIM swaps at the brick & mortar in which, positive proof of ID must be demonstrated. This includes picture ID, utility bills and past cell phone bills. There is NO WAY a SIM can be stolen this way. OK - I’ll ‘shut-up’ now because I’m done with this- listen-don’t listen- I don't care.
and the old sim... if possible
Can you change the default sim PIN on your iPhone?
I have SIM card cloning issues, Authy is SIM based and was exploited in my iphone. Corrupt police can do anything on a cell phone, my ex's friends in police department have been ruthless, corrupt and downright criminal.
That sounds terrible. I'm sorry.
Authy is only sim based when you set it up the first time. Set up Authy on multiple devices, and then turn off multi device. No one can use Authy on a new device unless you enable multi device for setting up a new device.
@@mementomori29231interesting…need more info on multi-auth
All that effort and things you need to know . What about throwing away your cell phone ? Isn't that an option ? I did it two years ago , works great !
Haha I get that! It's one less thing to remember.
But if you really want one, go SMH less. Buy just the device, do not install the pesky card 💳 (sometimes they come without. Hooray!) Then just use the phone like a mobile computer with wifi
Source: that's what I do+
With EFANI, what’s the protection against an insider attack? If a TMobile employee can be bought off…
Many (most or all?) banks won't allow you to remove your phone number from 2FA or password reset options. This is a problem.
How about all sun swaps be done in person for security reasons . Just like banks will not make any changes to your account via phone . In person only .
Can’t SIM swap a Google Voice number. Set it up on a dedicated Google account. Sometimes it doesn’t work for me because I assume they check and see if it’s a “real” number with a “real” carrier, but most of the times it works and that’s what I use.
After I was SIM swapped, I moved to Cloaked Wireless. Haven't worried about it since.
Good information 👍
In Pakistan, even if I give my sim to some scammers myself they can't do anything bad to me. In case they spoof me somehow, for cell carriers to issue them a replacement sim card, they will ask a number of personal info plus a biometric verification (one thumb and and a fingerprint of other hand at least). As for my bank account, it is also set on a fingerprint sign-in method 😊
The really hilarious part in all of this. Most all countries not in the western world have better banking security. A price to pay for having prehistoric politicans running the country.
Sounds like y'all are really ahead of the game there
To skip the ad, go to 8:55
I was actually just looking for a great video explaining this. Thanks so much, Josh!
My pleasure!
Thank you for this video!
My pleasure!
My bank does allow for the use of a physical dongle required for login. They say it will even work out of the country. But use of the dongle has allowed me to quit using their SMS-2-factor verification.
Hi. Everyone. I have a question. Is Sim lock will prevent Sim swap (phone number port out) ? I saw a few TH-cam videos how to set Sim lock from the phone. But I'm not sure if that will prevent the Carrier from port your phone number out ? Any input information. Greatly appreciated. Thanks
You can put a 4 digit lock code on your SIM which prevents it being used in another phone or indeed your own phone until you've entered it on turning on the phone but it wouldn't prevent the SIM swap fraud being discussed because the fraudster gets hold of another SIM which replaces yours
real solution: no sim = no sim swap.
one thing the author doesn't say- is it possible only on I phones with no physical SIM card, but e-Sim card?
The iPhone 14 Pro does not use an external SIM card. Does that prevent this theft?
Wow this video is basically one long commercial.
Cheers Josh , great information.
My pleasure, John!
hi, I am one of the SIM SWAP victims. if the card is inserted into someone else's cellphone, it will take 5 minutes. Will the cellphone be hit too? please answer my question
hint: a phone number not tied to a sim cannot be sim swapped.
I avoid it with eSims
I need this answer please answer even if it’s one year old this video can it interfere with sms like PayPal sms or what
Doesn't the scammer need your account password to get into your account? There's a reason why they call it two factor authentication. They should need more than your phone number.
Sue the phone company with class action suit for billion dollar, they will take care of this problem right away. Lawyers, this is a sure winning case.
How does setting a pin on the sim card help? Wish this had been explained more fully.
Once again while watching SIM-swap related video I don't understand where in the world does that flawed practice of swapping SIM "legally" based on just a remote call of seeming "owner of a stolen phone" takes place?
This video explained "shitt" haha
So what about people who dont have there actual phone number widely known like if you use a service like Hushed or Cloaked would that be a good way to avoid this ???
I don't believe this could happen to me because whenever call my mobile carrier they always ask me for a four digit PIN number that only I know and have known since I set it up and without which I can't change anything
Do you know of anything like efani available in Canada?
What should I do if my mom was sim swap. What are all the steps I should take to make sure they cannot take more.
This happened to me just today. How do I solve this?
Sim Swap may transfer the phone but it does not transfer the Keychain where the user id and passwords are housed , without out the user id a sim swap is useless even if a 2FA account reset is done imo.
Use masked emails
For your primary carrier I cannot stress this enough that and 2FA and if a company or bank will still only let you use a phone number use your masked one that gets filtered through a privacy app that way it intercepts the code first and your phone number doesn’t get it at all!
How good is esim for sim swap
Let’s say someone steals my phone #…how would they a) know which bank I deal with? And b) even if they knew that, how would they logon to my online banking to trigger an sms to be sent?
how if u have a sim card on another persons name that u only use for banking when It's not to be avoided...and for nothing else ...?
Why do they call it a sim swap if they just highjacked your phone number?
Here in the state of Colorado some police departments won't even bother to help you with any identy theft or cyber crime. You can't get a report to help you .
I never save bank account passwords. How do criminals access to the bank account in this case?
..thanks for explaining..
You bet!
SIM change shouldn't rely on a few security questions! They should see that the phone SIM is currently active on a phone IMEI that has been the same for some time. They can even see that it's in the same area. If at home, then they would see it connected to the same cell tower that it's always connected to. If the thief claims that the phone was stolen, then need to show identity plus a plausible story. Especially when claiming that it's lost in a state that the phone wasn't recently in. Sure, people lose phones when they travel, and maybe you dropped it at the airport before your flight and report it missing in the new state, but then you could prove your story. If the person can't prove the story, then send message then block the number for 24 hours to give the real owner time to go to the store.
That’s what I’ve been saying…the victim will appreciate the due diligence. The criminal won’t.
My boyfriend has a few of them plugin keys, and other weird looking gadgets. He is a network engineer mostly focusing on cyber security. I have all these issues literally DAILY
All very well to be aware of this, but is is the SECOND factor. The first factor is knowing the victim's bank account number AND their online password to log in, AND their phone number. None of these many videos about sim swapping even mention how that primary breach happened in the first place.
Not true. Many accounts use phone numbers as a bailout if you forget your password. They send you a code and give you access.
@@AllThingsSecured Yes, but It is still the same question... they do not have your phone to get the account number. They only have your new sim which gives them your phone number. So the first data breach had to happen another way.
@@rtel123wonder if the cloud backup gives them access to usernames?
The FEDS can use devices in your neighbors house that can make your cell phone think it's connecting to a legit tower when it's actually connecting to their device. This enables them to access your operating system and perform a Sim SWAP and perform Debugging operations on your phone.
With the newer/higher end phones it's optional use a SIM - they have an "eSIM" which is builtin to the phones. I know iPhone 13 as one example I have personally helped someone switch to. Just call tech support with your cell provider and tell them you want to use only the eSIM. Then break the SIM with plyers, throw it away, and you're safe from this scam no matter what. Or Google on how to add the SIM pin if you don't have one. (The default pin is 0000 with Androids apparently, which is needed to set your pin.)