Advice for potential phone fraud

jadubsee

Back in February, my Pixel phone fell out of my pocket while I was cycling and was seemingly quite quickly taken and turned off by a passer by. I disabled everything I could with Find My Device and contacted my network, O2, to let them know and to get a new phone and sim. I logged out of all devices remotely on any important apps. 

I didn't really think anything else of it until I started getting roaming texts from O2 this week, while I've been here in the UK. Since Sunday, I've had 'Welcome to the UAE', 'Welcome to Hong Kong' and 'Welcome to China', the same as I've previously had when I've actually been abroad. They appear in the same text thread as legitimate messages I've had from O2 in the past, so they are coming from O2.

Should I be worried about this? I contacted O2 and the live chat rep suggested I change my number, which I desperately don't want to do. I've had this number for 15 years. They've now opened a fraud investigation. I guess my major concern is over 2FA. I can't see any other suspicious activity in any of my accounts.

Mark_d

It sounds like a copy of your SIM card is moving around the far East.  Looking at your O2 bill do you see any charges or details of calls/texts/data usage not done by you?

I would be worried.  If you're receiving messages intended for someone else then they may be receiving messages intended for you!

2FA by text message is better than not having 2FA but it is open to SIM swap fraud. I recommend using an app such as Authy for 2FA.

jadubsee

Thanks for the reply. I can't see anything suspicious at all. I'd have no idea anything was happening were it not for these roaming messages.

flaneurs_lobster

I thought cloning SIM cards was very hard. Difficult to see a purpose unless you were going to attempt to access and empty bank/savings accounts by SIM swap fraud. Bit amateurish having the phone switched on as you travel.

Did you wipe the phone remotely? Any chance that the nicked phone has retained enough detail of you to be using RCS (rather than mobile) to send you texts? 

I'd be worried.

I'd consider changing any 2FA with anyone holding your money to either not use SMS or perhaps think about a cheap second SIM/number just for these accounts.

DullGreyGuy

jadubsee said:

They appear in the same text thread as legitimate messages I've had from O2 in the past, so they are coming from O2.

Thats not how phones work, it simply groups all messages from the same sending number/name (or multiple if they are associated with the same contact in your address book). It has no way of knowing if some are from a legitimate sender and some are from someone impersonating the number. 

When someone took the wife's phone and we activated Lost Phone Mode which exposed my mobile number I started getting texts from "Apple" which did also go into the same conversation thread as legitimate texts however they were telling me to go to https://FindMy.Apple.com.SomeJunk.co/LogIn to log into my Apple Account. 

flaneurs_lobster

DullGreyGuy said:

Thats not how phones work, it simply groups all messages from the same sending number/name (or multiple if they are associated with the same contact in your address book). It has no way of knowing if some are from a legitimate sender and some are from someone impersonating the number. 

When someone took the wife's phone and we activated Lost Phone Mode which exposed my mobile number I started getting texts from "Apple" which did also go into the same conversation thread as legitimate texts however they were telling me to go to https://FindMy.Apple.com.SomeJunk.co/LogIn to log into my Apple Account. 

Good point. Do the "Welcome to...." messages contain a link and an invitation to click.....

jadubsee

Thanks for replying. Sorry, I should have added that O2 also seem to think the messages came from them. The only links are to legitimate O2 bolt-on pages, not phishing pages