Advice request - is this a security risk on the BT mobile network?
Just had the message below from a contact located in Canada - could this be a problem in the UK and if so can BT provide the service of not changing a number's destination without authentication?
So I was defrauded $1000 and you can learn from my experience.
It started when I couldn't login to my email. After a couple of tries I thought maybe Yahoo was forcing a password change- so I tried to change the password- but for some reason I wasn't getting the text code for authentication- I check my phone in case I inadvertently turned the volume off. No service on my phone. Not totally crazy- there are a couple of dead spots in my house so I move to the kitchen- no service. Check partner's phone which has service.
OK now I'm suspicious.
I try to get my authentication for email by sending a text code to partner's email. I login to partner's email to get the code and there's an email from cell phone provider says that my phone is roaming - in UK.
I had to wake my partner up and because the phones are in his name so he has to call. In the meantime, it takes me about 15 minutes but I do get my email account recovered. Check my bank accounts- because I'm like that- 4 unauthorized purchases of Bitcoin- $1000 from my account.
My partner was able to get the phone transferred back-
and here's what the cell phone provider rep said- Someone hacked the cell phone account online and did what they call a sim swap- just switched my phone number from my phone sim card to theirs. Then hacked my email and changed the password. With those 2 things- they could scan my email to find out what accounts I have, change passwords, get authentication text to my phone number which they now have and just like that- they are $1K richer, and I am $1K smarter!
So here's what you need to do- Call your cell provider and tell them not to allow a sim phone number swap without sending you a confirmation text first. That way if someone tries to hijack your phone number, you will get a text about it.
And this guy was super slick- it took him 15 minutes to steal $1k from the time my email got broken into. Not the first time they've done this. And most people would have their phone hijacked and returned to them and they would have no idea how it happened.....
So would this be a security issue with BT mobile re bank and PayPal accounts etc?
If so is this security facility be provided on the BT mobile phone network?