SIM swap hack money taken from Kraken to Revolut, how to proceed?

flaneurs_lobster

Olinda99 said:

As far as I know there are only three ways to do this 

There's a 3.5th way, where the contact is not in a shop but takes place by phone/chat conversation. This gives more opportunity for the fraudster to work their skills as to why they don't have the password/pin, can't supply (copy of) photo id and why the replacement SIM should be sent to a new address. 

It shouldn't happen but quite obviously does, apart from anything else only the "big" NOs have physical shops, the others can only be contacted remotely. If you are serious about your SIM's security, check out how hard it would be to request a replacement ("sim-swap") from your current supplier. 

E-SIMs should make the process more secure, since they will only work on the phone on which they are activated, but of course if the supply of a replacement is lax then they simply cut out the physical dispatch/delivery phase of the scam and make it happen more efficiently. At the very least a replacement eSIM should only be sent to the original email address (which can, of course, be changed....).

AmityNeon

PACs can be requested over the phone. The standards of identity verification vary by provider, and rogue employees are also a possibility. Such lax practices are why carriers like Efani can exist.

flaneurs_lobster

AmityNeon said:

PACs can be requested over the phone. The standards of identity verification vary by provider, and rogue employees are also a possibility. Such lax practices are why carriers like Efani can exist.

Indeed, one can assume that it would be rather more difficult to weedle a fraudulent sim-swap from a service costing north of $1000/year rather than (checks MSE's latest listing) £1 a month.

surreysaver

gary1312 said:

friolento said:

Just to say though that SIM swap fraud has been around for a long time and there are some key preventative measures people can take to reduce their risk of falling prey to it:

1. put a PIN on your SIM
2. add a second password to your mobile phone account
3. use 2 factor authentication for logging into all your accounts

https://www.met.police.uk/SysSiteAssets/media/downloads/force-content/met/campaigns/fraud/cyber-protect_protect-yourself-from-sim-swap-fraud.pdf

I like to think I'm pretty savvy but this is a new one on me so I appreciate this post - I didn't even know one could put a PIN on a sim. Thanks for posting.

I've had a PIN on my SIM since 1997 when I first had a SIM! 

surreysaver

friolento said:

I am afraid I don't have any information that could help with your current situation.

Just to say though that SIM swap fraud has been around for a long time and there are some key preventative measures people can take to reduce their risk of falling prey to it:

1. put a PIN on your SIM
2. add a second password to your mobile phone account
3. use 2 factor authentication for logging into all your accounts

https://www.met.police.uk/SysSiteAssets/media/downloads/force-content/met/campaigns/fraud/cyber-protect_protect-yourself-from-sim-swap-fraud.pdf

I cannot see what difference having a PIN on your SIM would make, as the PIN only protects that SIM, and wouldn't stop a new SIM porting your number over?

flaneurs_lobster

surreysaver said:

friolento said:

I am afraid I don't have any information that could help with your current situation.

Just to say though that SIM swap fraud has been around for a long time and there are some key preventative measures people can take to reduce their risk of falling prey to it:

1. put a PIN on your SIM
2. add a second password to your mobile phone account
3. use 2 factor authentication for logging into all your accounts

https://www.met.police.uk/SysSiteAssets/media/downloads/force-content/met/campaigns/fraud/cyber-protect_protect-yourself-from-sim-swap-fraud.pdf

I cannot see what difference having a PIN on your SIM would make, as the PIN only protects that SIM, and wouldn't stop a new SIM porting your number over?

Absolutely correct, but what it does stop is a locked phone being lifted and the SIM being removed to a new phone for fraudulent 2FA use. 

Petriix

flaneurs_lobster said:

surreysaver said:

friolento said:

I am afraid I don't have any information that could help with your current situation.

Just to say though that SIM swap fraud has been around for a long time and there are some key preventative measures people can take to reduce their risk of falling prey to it:

1. put a PIN on your SIM
2. add a second password to your mobile phone account
3. use 2 factor authentication for logging into all your accounts

https://www.met.police.uk/SysSiteAssets/media/downloads/force-content/met/campaigns/fraud/cyber-protect_protect-yourself-from-sim-swap-fraud.pdf

I cannot see what difference having a PIN on your SIM would make, as the PIN only protects that SIM, and wouldn't stop a new SIM porting your number over?

Absolutely correct, but what it does stop is a locked phone being lifted and the SIM being removed to a new phone for fraudulent 2FA use. 

But, let's be totally clear, that's not really SIM swapping. Your protection from a genuine SIM swap is only as good as the security of your mobile provider and/or your email account. 

Olenna

grumpy_codger said:

Olenna said:

grumpy_codger said:

Nicehouse said:

... giff gaff, Kraken and Revolut don't seem to have any answers as to how it happened ...

Well, they must investigate and give answers. 
Giffgaff are definitely at fault, but claiming financial loss from them can be problematic.
With Kraken and Revolut, I gues, a mobile phone (number) is only one factor of two-factor authorisation, isn't it?

I don't see definitive evidence of this being Giffgaff's fault yet.

They gave a new SIM to some stranger without making adequate checks to make sure that it was their customer who requested this.

Are you accusing the OP of lying?

"They gave a new SIM to some stranger without making adequate checks to make sure that it was their customer who requested this"  You have no idea what happened here and clearly have no idea of how giffgaff operate. 

As a side note, I'm not sure that accusing someone else of lying is appropriate. 

Olenna

Petriix said:

flaneurs_lobster said:

surreysaver said:

friolento said:

I am afraid I don't have any information that could help with your current situation.

Just to say though that SIM swap fraud has been around for a long time and there are some key preventative measures people can take to reduce their risk of falling prey to it:

1. put a PIN on your SIM
2. add a second password to your mobile phone account
3. use 2 factor authentication for logging into all your accounts

https://www.met.police.uk/SysSiteAssets/media/downloads/force-content/met/campaigns/fraud/cyber-protect_protect-yourself-from-sim-swap-fraud.pdf

I cannot see what difference having a PIN on your SIM would make, as the PIN only protects that SIM, and wouldn't stop a new SIM porting your number over?

Absolutely correct, but what it does stop is a locked phone being lifted and the SIM being removed to a new phone for fraudulent 2FA use. 

But, let's be totally clear, that's not really SIM swapping. Your protection from a genuine SIM swap is only as good as the security of your mobile provider and/or your email account. 

As giffgaff is an online only provider so you'd normally need to login (username /  password) and have access 2FA to login (email or sms). They do have an exceptions process but it appears reasonably robust. .

wmb194

I suspect there's more to the story e.g., this began with phishing.