If you only access important accounts from home and the bank has the option to call the number to provide one time code, you can specify your landline. Good luck trying to swap my landline.
I'm glad you found it helpful, and thanks for sharing this video with your family and friends!
วันที่ผ่านมา +3
Great video. I'm not sure why you say you were embarrassed by this though, since you did nothing at all wrong.... ie, it just happened out of the blue. SAME PRECISE thing happened to me: I did nothing wrong (no clicking suspicious links for example). Yet at 2am some hacker SIM swapped me then took over my personal email and then cleaned out $22000 of crypto....which was at the time, 80% of my liquid life savings. It still hurts really bad to this day. I later suid my mobile provider but I only got $4000 of that $22000 loss.
Thank you for the kind comments. The embarrassment was more of a "I should have done these preventative measures beforehand and not let a scary situation force me into action." That's really sad that the scammers got to you - having $22,000 of crypto stolen... ouch. How did you recover $4,000 worth of crypto? Or did the mobile company pay this as compensation?
Great video. I had a scammer who visited a Verizon store and attempted to buy a new phone and SIM card under my account. Thankfully it was a family phone number under my master account and I was able to put a stop to it. I'm going to add an authenticator app now. You used Google in your video. Is it better than the others or did you use it because you're in the Google ecosystem?
I'd recommend Ente Authenticator. It's open-source and end to end encrypted. Having tried Ente, Microsoft, Google and 2FAS authenticators, Ente provide the best security and experience.
I used Goggle authenticator for a while, then switched to Microsoft’s similar app, now I use the iPhone’s built in Passwords app. They all work pretty similar for 2FA auth codes, the main feature that’s useful is being able to have the same codes work on all of your devices. Most of these apps can do that by logging into the same account - but honestly using that feature actually reduces security a bit.
@@FredShin-m7x That's another option and a good one for those that can make that work, but how are you paying bills online? Does the bank still accept payments you make via ACH?
@MaxPower-11 100%. It was an awful breakfast experience, but the massive time zone difference saved the day. My wife tells me that we have to visit annually to "thank Maldives" for saving us. She may be the smartest ninja of all 😂
@Adam-s3w7d, you wrote, "Thanks for sharing this brother" in the previous version of this video just before I replaced it due to a video glitch. I just wanted to let you know I got your comment and appreciate you watching, dude! 🙏
Is there a bank that allows for 2FA app authentication as an option? Most banks I know of either use email or SMS 2FA and most don’t have the option to just use your email instead of SMS 2FA.
Several smaller banks and credit unions do, and brokerages like Fidelity and Schwab. Many national banks don't offer it currently. For these banks, you should elect email as the 2FA option and then lock your email security to mobile authentication only. You can see the list of financial institutions that offer app authentication (listed as TOTP) here: 2fa.directory/us/#banking
Banks are so bad about not having this feature! Fidelity has had it for a while but up until recently they only allowed you to use one specific brand of a TOTP-based authentication app. Now you can use any (I personally use Authy).
Do a research on those authenticators before using it. I can't remember which one, but hackers were able to breach one or two of the companies and gain access to peoples accounts.
@madmonkey762 Do you remember if the incident happened with one of the authenticators I mentioned, or was it from a different company that you can't recall? Doing some quick googling, it seemed like people were storing the backup keys somewhere that hackers were able to grab, but I couldn't find that the authenticator app itself was compromised.
Yes. SIM Protection would help if the scammers are trying to ask or trick a mobile service provider to swap a SIM. But if scammers instead pay carrier employees directly to swap SIMs, then this is useless since a bribed employee is not going to honor any SIM protections. So while it may help someone feel completely safe having SIM protection on a line, the reality is, if the phone number is used as the two-factor authentication method to secure against a large sum of irreversible funds (like crypto), the "protection" is irrelevant, as the scammers simply bypass it.
@craigf3277 Mine did too, but the text notification to the SIM switch is only 10 minutes apart. If you're away from your phone within that time frame... 😔
I'm shocked that these things aren't turned on by default too! Keep in mind though, that while creating a SIM swap PIN # will provide an additional layer of protection, it still wouldn't prevent a swap if the fraudster was able to bribe a contact center employee to do so as they are able to override it.
@@craigf3277 well, in many instances the reason one might want to do a legitimate swap is because they no longer have possession of their SIM. How does your carrier handle that?
@@dav1dw Websites get hacked all the time, and the information that gets leaked includes your name, phone number, etc. You can check if your email address has been leaked. If it's an email you use for many websites, chances are it is. Check here: haveibeenpwned.com/
@@themoneyninja yeh. all my emails and info has been leaked before. It took some effort to switch over to new emails and I also started using email aliases.
@@zenwar8835 Yes, and scammers can get that once they have control of your phone number and email address. They click on the "forgot username" or "forgot password?" feature and get this information sent as a text message or email.
It works with physical SIMs, too. Scammers visit mobile carrier stores pretending to be you and tell the employees that they lost the SIM card and ask for a replacement.
@@themoneyninja Wow so replace the entire phone? I guess this would only work if you had insurance against lost phones, right? Sorry for the noob questions, this has all just gotten a lot more complicated since the last time I got a phone.
@johnbeene3117 Yes, they're able to replace the phone on the account with a fake ID. Call your mobile service provider and ask if they can add an additional layer of security to lock your SIM. But the advice here (adding an authenticator app) would prevent them from logging into your financial accounts. No worries about the questions, you're asking good ones!
@Halfnoob I chuckled out loud when this popped up in my notifications. We all start somewhere, buddy. Like I always say at the end of my videos, "start small, think big."
That's exactly right. Redirecting to another email address is definitely a good option, though I love having an authenticator app centralize and secure all my important accounts.
@ToboeKey309 Unfortunately most banks don't offer Passkey or Authenticator app as 2fa. They have gone all in on SMS even though they have known it's not safe. Even the US government is now warning against texts for communications yet the banks won't change. They simply don't want to spend the money to upgrade their systems.
@lostbydesign You don't need a phone number. Go to your Google settings and click on "Security". You can add multiple ways to verify yourself under the "2-Step Verification" option without requiring a phone number.
![ILLSLICK X YOUNGOHM - We're The same [Official Video]](http://i.ytimg.com/vi/yUJNkobYR0E/mqdefault.jpg)
Thanks for watching! For more ways to make and save money, check out my site: themoneyninja.com/
If you only access important accounts from home and the bank has the option to call the number to provide one time code, you can specify your landline. Good luck trying to swap my landline.
Very true! This option is a hard pill to swallow for most, though. I'm always on the go and need to check things with my phone all the time 🤷♂️
Excellent video. I forward it to my family and friends. Thank you for making it.
I'm glad you found it helpful, and thanks for sharing this video with your family and friends!
Great video. I'm not sure why you say you were embarrassed by this though, since you did nothing at all wrong.... ie, it just happened out of the blue.
SAME PRECISE thing happened to me: I did nothing wrong (no clicking suspicious links for example). Yet at 2am some hacker SIM swapped me then took over my personal email and then cleaned out $22000 of crypto....which was at the time, 80% of my liquid life savings.
It still hurts really bad to this day.
I later suid my mobile provider but I only got $4000 of that $22000 loss.
Thank you for the kind comments. The embarrassment was more of a "I should have done these preventative measures beforehand and not let a scary situation force me into action."
That's really sad that the scammers got to you - having $22,000 of crypto stolen... ouch. How did you recover $4,000 worth of crypto? Or did the mobile company pay this as compensation?
Great video. I had a scammer who visited a Verizon store and attempted to buy a new phone and SIM card under my account. Thankfully it was a family phone number under my master account and I was able to put a stop to it.
I'm going to add an authenticator app now. You used Google in your video. Is it better than the others or did you use it because you're in the Google ecosystem?
It's crazy, right? Just remember to have a different password for each site, use an authenticator app where possible, and lock thar SIM card down! 💪
I'd recommend Ente Authenticator. It's open-source and end to end encrypted. Having tried Ente, Microsoft, Google and 2FAS authenticators, Ente provide the best security and experience.
I used Goggle authenticator for a while, then switched to Microsoft’s similar app, now I use the iPhone’s built in Passwords app. They all work pretty similar for 2FA auth codes, the main feature that’s useful is being able to have the same codes work on all of your devices. Most of these apps can do that by logging into the same account - but honestly using that feature actually reduces security a bit.
I just checked Ente out. Looks like a good authenticator. How did you find out about this one? It's pretty new.
I have a copy of the authenticator app I use on an older phone in case I lose my current one.
i set my bank account that can only make changes and get funds in person with id .
@@FredShin-m7x That's another option and a good one for those that can make that work, but how are you paying bills online? Does the bank still accept payments you make via ACH?
Scary sh*t dude. Glad everything turned out well and going to Maldives annually because of what happened is a pretty good deal for the wife haha.
Maldives 🏝 ❤️
😂😂😂
Wow. Really, the chance fact that you were on vacation on the other side of the world may have been what saved you.
@MaxPower-11 100%. It was an awful breakfast experience, but the massive time zone difference saved the day.
My wife tells me that we have to visit annually to "thank Maldives" for saving us. She may be the smartest ninja of all 😂
@Adam-s3w7d, you wrote, "Thanks for sharing this brother" in the previous version of this video just before I replaced it due to a video glitch. I just wanted to let you know I got your comment and appreciate you watching, dude! 🙏
Informative video, thanks!
Glad you found it helpful!
Is there a bank that allows for 2FA app authentication as an option? Most banks I know of either use email or SMS 2FA and most don’t have the option to just use your email instead of SMS 2FA.
Several smaller banks and credit unions do, and brokerages like Fidelity and Schwab.
Many national banks don't offer it currently. For these banks, you should elect email as the 2FA option and then lock your email security to mobile authentication only.
You can see the list of financial institutions that offer app authentication (listed as TOTP) here: 2fa.directory/us/#banking
I’m at First Tech FCU and they have it
Banks are so bad about not having this feature! Fidelity has had it for a while but up until recently they only allowed you to use one specific brand of a TOTP-based authentication app. Now you can use any (I personally use Authy).
Banks are the slowest to adopt features... one of my biggest gripes with financial institutions.
Do a research on those authenticators before using it. I can't remember which one, but hackers were able to breach one or two of the companies and gain access to peoples accounts.
@madmonkey762 Do you remember if the incident happened with one of the authenticators I mentioned, or was it from a different company that you can't recall?
Doing some quick googling, it seemed like people were storing the backup keys somewhere that hackers were able to grab, but I couldn't find that the authenticator app itself was compromised.
money ninja my goat thanks for the help
You got it, dude!
Thank you 🙏
@@lafavini Glad you found it useful 👍
did your tmobile account have "SIM Protection" turned on?
Yes if you have T-Mobile definitely activate that!
Yes. SIM Protection would help if the scammers are trying to ask or trick a mobile service provider to swap a SIM. But if scammers instead pay carrier employees directly to swap SIMs, then this is useless since a bribed employee is not going to honor any SIM protections.
So while it may help someone feel completely safe having SIM protection on a line, the reality is, if the phone number is used as the two-factor authentication method to secure against a large sum of irreversible funds (like crypto), the "protection" is irrelevant, as the scammers simply bypass it.
My carrier sends a text to the phone before it will switch. I believe this is pretty good.
@craigf3277 Mine did too, but the text notification to the SIM switch is only 10 minutes apart. If you're away from your phone within that time frame... 😔
Thank u !!
@saxophoneplaya You're welcome and thank you for watching! 👍
Create a SIM Swap PIN. Every cell company offers this option. The sad part is, this security option should be enabled by default. It's NOT.
I'm shocked that these things aren't turned on by default too!
Keep in mind though, that while creating a SIM swap PIN # will provide an additional layer of protection, it still wouldn't prevent a swap if the fraudster was able to bribe a contact center employee to do so as they are able to override it.
Mine does not offer PIN. I even called them to verify. They will only do a change with a code sent to the phone before switching.
@@craigf3277 well, in many instances the reason one might want to do a legitimate swap is because they no longer have possession of their SIM. How does your carrier handle that?
Never use SMS as a 2FA!!! NEVER!
Preach brother! 👍
I'm finally convinced. Now more places are using auth apps.
The thing I don't understand is how the hacker know what number you use? Are you already compromised, and they're working their way deeper?
@@dav1dw Websites get hacked all the time, and the information that gets leaked includes your name, phone number, etc.
You can check if your email address has been leaked. If it's an email you use for many websites, chances are it is. Check here: haveibeenpwned.com/
@@themoneyninja yeh. all my emails and info has been leaked before. It took some effort to switch over to new emails and I also started using email aliases.
Very smart to do. It's another layer that makes it more difficult for scammers to penetrate.
Don't they need your username and password for your financial accounts?
@@zenwar8835 Yes, and scammers can get that once they have control of your phone number and email address. They click on the "forgot username" or "forgot password?" feature and get this information sent as a text message or email.
Does scam method #1 work with eSIM only phones?
It works with physical SIMs, too. Scammers visit mobile carrier stores pretending to be you and tell the employees that they lost the SIM card and ask for a replacement.
@@themoneyninja I'll rephrase: Does method 1 work with eSIM? It seems to me that it would only work with physical SIMs but I'm not sure.
@johnbeene3117 Thanks for clarifying. The answer is still yes. Scammers can pretend to lose "their" phone, which includes the eSiM.
@@themoneyninja Wow so replace the entire phone? I guess this would only work if you had insurance against lost phones, right? Sorry for the noob questions, this has all just gotten a lot more complicated since the last time I got a phone.
@johnbeene3117 Yes, they're able to replace the phone on the account with a fake ID.
Call your mobile service provider and ask if they can add an additional layer of security to lock your SIM. But the advice here (adding an authenticator app) would prevent them from logging into your financial accounts.
No worries about the questions, you're asking good ones!
I have a 12 digit passcode that you must state beforehand
@SunshineFL That offers some protection, but unfortunately, if scammers are able to bribe the employees, that security layer is ineffective.
joke on the scammer. i only have $33 to my name.
@Halfnoob I chuckled out loud when this popped up in my notifications. We all start somewhere, buddy. Like I always say at the end of my videos, "start small, think big."
Best thing to do is dont use your phone numbers for 2fa on your email accounts and just use another email as your 2fa
That's exactly right. Redirecting to another email address is definitely a good option, though I love having an authenticator app centralize and secure all my important accounts.
@ToboeKey309 Unfortunately most banks don't offer Passkey or Authenticator app as 2fa. They have gone all in on SMS even though they have known it's not safe. Even the US government is now warning against texts for communications yet the banks won't change. They simply don't want to spend the money to upgrade their systems.
Gmail requires a phone though
@lostbydesign You don't need a phone number. Go to your Google settings and click on "Security". You can add multiple ways to verify yourself under the "2-Step Verification" option without requiring a phone number.
You can change the authenticator @@lostbydesign