Sim swapping fraud

lionelrowie

I was recently the victim of a sim swapping fraud as a result of upgrading my phone with three mobile. The customer service rep stole and sold my phone number and personal details. Two days after receiving the new phone i received a text saying I had requested a PAC code to swap my phone number to another phone. I spoke to three and they said there was nothing they could do until the sim swap had happened. Once the fraudster had my phone number they used it and my personal details to hijack my emails and in turn my online banking. They attempted to take £380 out of my current account but fortunately HSBC fraud team stopped this. Once I managed to recovery access to my email there was 2 emails from loan company’s which the fraudster had applied for under my name luckily they had not been verified and I was able to cancel the application. Has anyone else had any similar experience? I am concerned about my credit score. In addition am I liable to compensation due to data protection breaches from three mobile?

thank you 

OrbitHeadache

Have you complained to 3?

Have you got evidence that the 3 employee stole your personal info? If so have you reported this to the relevant authorities?

DCFC79

Are you sure it was a Three employee and not someone pretending to be one ?

That's a big claim to make there OP.

Your credit score is only seen by you only, your credit history is what lenders etc see.

lionelrowie

I rang three’s official contact number and I don’t think someone posing as a three employee would send me a new iPhone 11 as part of a sim swapping fraud. Also my contract as be updated to the terms of the upgrade agreed with the employee on the phone. Haven’t spoken to any other person or company regarding my personal details in this time period. I am awaiting a call from the three fraud team but this will take 7 working days. After some reading I will be reporting the the Information commissioners office (ICO) and a formal compliant to three.

lionelrowie

Perhaps I may have overstepped the mark with word sold but there has been a data breach which has let my personal data be accessed for fraudulent activity. I have also reported the action fraud uk

theoldmiser

lionelrowie said:

...Once the fraudster had my phone number they used it and my personal details to hijack my emails and in turn my online banking. .

So how exactly does anybody "hijack" somebody else's emails with a PHONE NUMBER? And how does anybody with access to your email (which isn't possible using just a phone number and 'personal details') then somehow access your online banking? Resetting your online bank account password isn't as simple as them sending you an EMAIL, they will want to send you a code by snail mail.

I have searched all over the internet about 'SIM swapping fraud', and so far every single 'explanation' says that 'once the scammers have your phone number on their SIM they can gain access to your bank account', but nowhere does anybody ever explain HOW this is possible. My bank account has a made up username which nobody can guess (it's 20 characters and impossible to crack) and a passphrase of 12 characters (the maximum that my idiotic bank will allow, but still very secure, no real words in it), and then my 'memorable info', where they ask you to enter three characters out of 15 possible ones, which I have written down in a password book. (Here's a clue: all your usernames and passwords should be difficult to remember that you HAVE to write them down. Anybody telling you any different is an idiot who knows nothing about basic online security, nor have they any common sense. Your passwords should be written down in a small book that you can put anywhere you want in your house. Your chances of being burgled AND a burglar desperately searching for a little notebook, which they have no idea even exists, rather than stealing your TV and jewellery, are a million to one. Find me some (believable) examples of a burglar actually stealing somebody's password book and maybe I'll change my mind.)

So all the SIM swap scammer would have of mine would be the six digit confirmation code from the bank, when I try to log in. But wait - it gets worse (for the scammer). When I try to log into my bank, the first thing I do is get my phone out, ready, and turn it on, ready to receive the confirmation code. But what will I see if my SIM has been swapped? "PLEASE INSERT A SIM CARD" on the lock screen of my phone, and I won't be able to do anything without seeing that message. At that point I obviously wouldn't be trying to sign into my bank account, I'd be fiddling with my SIM card, then logging into my SIM provider online account, to see why my SIM isn't working.

So HOW does SIM Swapping fraud work again?

To the OP - why did your bank think the attempt to take out £380 was fraudulent and stop it? What possible reason could they have had? I don't believe a word of this...

DCFC79

theoldmiser said:

lionelrowie said:

...Once the fraudster had my phone number they used it and my personal details to hijack my emails and in turn my online banking. .

So how exactly does anybody "hijack" somebody else's emails with a PHONE NUMBER? And how does anybody with access to your email (which isn't possible using just a phone number and 'personal details') then somehow access your online banking? Resetting your online bank account password isn't as simple as them sending you an EMAIL, they will want to send you a code by snail mail.

I have searched all over the internet about 'SIM swapping fraud', and so far every single 'explanation' says that 'once the scammers have your phone number on their SIM they can gain access to your bank account', but nowhere does anybody ever explain HOW this is possible. My bank account has a made up username which nobody can guess (it's 20 characters and impossible to crack) and a passphrase of 12 characters (the maximum that my idiotic bank will allow, but still very secure, no real words in it), and then my 'memorable info', where they ask you to enter three characters out of 15 possible ones, which I have written down in a password book. (Here's a clue: all your usernames and passwords should be difficult to remember that you HAVE to write them down. Anybody telling you any different is an idiot who knows nothing about basic online security, nor have they any common sense. Your passwords should be written down in a small book that you can put anywhere you want in your house. Your chances of being burgled AND a burglar desperately searching for a little notebook, which they have no idea even exists, rather than stealing your TV and jewellery, are a million to one. Find me some (believable) examples of a burglar actually stealing somebody's password book and maybe I'll change my mind.)

So all the SIM swap scammer would have of mine would be the six digit confirmation code from the bank, when I try to log in. But wait - it gets worse (for the scammer). When I try to log into my bank, the first thing I do is get my phone out, ready, and turn it on, ready to receive the confirmation code. But what will I see if my SIM has been swapped? "PLEASE INSERT A SIM CARD" on the lock screen of my phone, and I won't be able to do anything without seeing that message. At that point I obviously wouldn't be trying to sign into my bank account, I'd be fiddling with my SIM card, then logging into my SIM provider online account, to see why my SIM isn't working.

So HOW does SIM Swapping fraud work again?

To the OP - why did your bank think the attempt to take out £380 was fraudulent and stop it? What possible reason could they have had? I don't believe a word of this...

You do realise the thread is from last year and the OP hasnt been back.