| Page 1 of 1 |
Mythril
Posts: 703
Location: Playing Hunt: Showdown
|
 Posted: Wed, 16th Oct 2019 01:17 Post subject: Sim-jacking |
|
 |
Last week I received several message on my phone one after another in the early evening from my provider stating that my contract was moving over to Vodafone. At first glance I took them as a spam message but an hour or so later I had a closer look and they had in fact come from my provider not some random number so I called up EE and had a word.
I asked the operator if anything weird had happened on my account within the last day or so. She replied by saying a PAC request code had been authorised (by myself) and I was moving my contract over to Vodafone. Well that's weird as I have not asked for any such code and I was defiantly not moving to another operator. So my next question was "how can this have been done without my knowledge?" One of three ways. Either a text message to 150 with the text PAC within the subject, a call to the operator or online chat. Two out of those three require my security details. I asked which method had been used. Both online chat and telephone one two separate occasions, the latest being the 9th Oct.
So I asked if the PAC code request could be stopped. She assured me that it could be and she had sent the request to cancel it. My next question was if they had both called you and chatted online to EE, then surely they have my login details ? The online chat was just a chat, no security details were used I'm told but this is something I'm wanting to check out shortly but the phone call requires all of my login details and personal information.
The operator then explained she had looked into the logs and explained that the operator that had been dealing with the request had since been fired. She also stated that I was the 3rd person within 24 hours that had exactly the same issue. Maybe it was an internal security breech ?
The next day I called EE to double check that the PAC code request had been cancelled. Yes I was told.
Moving forwards to Friday afternoon around 4pm. I noticed that my phone was displaying a strange symbol. No service ! I was like WFT  Not having another phone to hand, I quickly drove around to my mothers and borrowed her phone and called EE. At that moment there was a login attempt from somewhere near London on a new device. Before I could even click the "Is this you" I was totally locked out of my Gmail account. Then they got into my PayPal account but luckily my mother was on the phone to them and it was locked down. I was also on the phone to both EE and my bank account and got my bank accounts locked.
No money was taken but I'm totally locked out of my Gmail account until EE manage to get back my account from Vodafone. This could take up to 30 days I'm told. The annoying this is, the people behind this have access to everywhere I go. My phone by all accounts is "cloned" as they most probably have downloaded a backup of my phone and so can see everything. I can not change any passwords yet until I get my number back as most places I visit have a two step authentication process which is tied to my email and phone. They have also removed all known logged in devices from my Google account so I can not even attempt to recover it yet. If I do, then they will know the new password and block the change. Of course it's impossible to actually contact Google about this matter so I have to just sit and wait until I get my account back from EE.
One more annoying thing is that trying to reset the Gmail account is fruitless. As soon as I put my email in or phone number I'm greeted with the same message every time and I can't progress. I have found another link to try and reset my password and this one actually allows me to put in my name etc so I'm hoping it'll work when I try it.
So as of now, I'm a bit screwed. I can't change anything, do bugger all and I'm expected to just sit and wait for the Fraud team at EE to conduct their business.
The thing that is bugging me the most is that they somehow have managed to get my password and it's not anything simple either. Now it's either a security breech within EE or some web site has been hacked and their password/user detail file(s) have not been encrypted. Most annoying !
Anyway, I thought I would share my dilemma with you guys, see if anyone else has witness anything like this before. Funny, yesterday there was an article on BBC News about someone within their ranks had just had £5000 taken from their account and their sim was also hijacked moments before hand.
---=== AMD Ryzen 7 9800X3D / RTX 4090 FE / 32GB DDR5 6000 / 2TB Gen 5 M.2 / 1 x TB M.2 / 45" Corsair Flex / ASUS ROG Ryujin III AIO / SoundBlaster AE-5 Plus / Lian Li 011 Dynamic XL / Logitech MX Master S2 / Logitech G915 TKL / Steelseries Arctis Pro Wireless ===---
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 16th Oct 2019 01:57 Post subject: |
|
|
Wow, that's crazy. What is scary and annoying is that most of these breaches start by phone calls, social engineering. What are you supposed to do if a company's customer support is fooled by a caller?
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
Mythril
Posts: 703
Location: Playing Hunt: Showdown
|
| Posted: Wed, 16th Oct 2019 08:02 Post subject: |
|
|
Out of interest, how are they protected by this ?
---=== AMD Ryzen 7 9800X3D / RTX 4090 FE / 32GB DDR5 6000 / 2TB Gen 5 M.2 / 1 x TB M.2 / 45" Corsair Flex / ASUS ROG Ryujin III AIO / SoundBlaster AE-5 Plus / Lian Li 011 Dynamic XL / Logitech MX Master S2 / Logitech G915 TKL / Steelseries Arctis Pro Wireless ===---
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 16th Oct 2019 08:05 Post subject: |
|
|
This sounds like you got socially engineered rather than simjacked.
i5 6600k @ 4.3 GHz | MSI z170 Gaming M7 | 32GB Kingston HyperX Fury | 850 Evo 500GB | EVGA 1070 SC | Seasonic X-660 | CM Storm Stryker
|
|
| Back to top |
|
|
Mythril
Posts: 703
Location: Playing Hunt: Showdown
|
| Posted: Wed, 16th Oct 2019 08:29 Post subject: |
|
|
I'm not sure how that can be correct as they would need my password/security details to continue with any conversation so it's either a breach within EE themselves or some site has been hacked at some point and their password/user details file was not encrypted. I do think though that they have harvested some details via social media though.
---=== AMD Ryzen 7 9800X3D / RTX 4090 FE / 32GB DDR5 6000 / 2TB Gen 5 M.2 / 1 x TB M.2 / 45" Corsair Flex / ASUS ROG Ryujin III AIO / SoundBlaster AE-5 Plus / Lian Li 011 Dynamic XL / Logitech MX Master S2 / Logitech G915 TKL / Steelseries Arctis Pro Wireless ===---
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 16th Oct 2019 11:48 Post subject: |
|
|
What does EE even stand for? What country are you in?
|
|
| Back to top |
|
|
Mythril
Posts: 703
Location: Playing Hunt: Showdown
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 16th Oct 2019 18:57 Post subject: |
|
|
funny how that shit still works when there is movies on youtube about this shit for like 15 years now ..., sue your phone company for damages in small claims court or something like for all the time it takes u to call google n shit
Last edited by PickupArtist on Wed, 16th Oct 2019 18:59; edited 1 time in total
|
|
| Back to top |
|
|
3E74
Posts: 2559
Location: feels wrong
|
| Posted: Wed, 16th Oct 2019 18:58 Post subject: |
|
|
Why even use Gmail?
Theres more then enough better ones out there, also free..
Disroot.org, Protonmail, etc.... alone these 2 are way way safer then the google ones..
Just saying
..:: Life - A sexually transmitted disease which always ends in death. There is currently no known cure::.. 
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 16th Oct 2019 19:01 Post subject: |
|
|
safer how ? when they get ur phone number, u are toast for any second level authentication, not even the like steam authenticator protects u ?
everything gets sent to that phone number so the sim holder gets acces to everything
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 16th Oct 2019 20:55 Post subject: |
|
|
| Mythril wrote: | | Out of interest, how are they protected by this ? |
They don't use S@T Browser app on sim
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 20th Nov 2019 12:47 Post subject: |
|
|
| VGAdeadcafe wrote: | | What does EE even stand for? What country are you in? |
Everything Everywhere
|
|
| Back to top |
|
|
| Page 1 of 1 |
All times are GMT + 1 Hour |
