One Monday morning in May, I woke up and grabbed my cell phone to read the news and scroll through memes. But it was out of cell service. I couldn’t make calls or texts.

That, though, turned out to be the least of my problems.

Using my home Wi-Fi connection, I checked my email and discovered a notification that $20,000 was being transferred from my credit card to an unfamiliar Discover Bank account.

I thwarted that transfer and reported the cell phone issues, but my nightmare was just starting. Days later, someone managed to transfer $19,000 from my credit card to the same strange bank account.

I was the victim of a type of fraud known as port-out hijacking, also called SIM-swapping. It’s a less-common form of identity theft. New federal regulations aimed at preventing port-out hijacking are under review, but it’s not clear how far they will go in stopping the crime.

  • superfes@lemmy.world
    link
    fedilink
    arrow-up
    24
    ·
    4 months ago

    Hey guys on the Intertubes, perhaps you’ll never see this, but if you do, please read the following: SMS is a terrible way to 2FA, don’t do it, ever.

    • pelletbucket@lemm.ee
      link
      fedilink
      arrow-up
      7
      ·
      4 months ago

      I was pretty annoyed when a couple apps forced me to start using an authenticator, but I’m glad for it now.

      • Rentlar@lemmy.ca
        link
        fedilink
        arrow-up
        6
        ·
        4 months ago

        I joined the pro-OTP club when I found open source alternatives to Google, Microsoft Authenticator and Authy (which Twilio would later ruin). Before I didn’t like it.

      • floofloof@lemmy.ca
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        4 months ago

        Pretty much all the sites I use offer authenticator apps or passkeys/security keys. But my bank only offers SMS and sets a limit on password length.

  • akakunai@lemmy.ca
    link
    fedilink
    arrow-up
    7
    ·
    edit-2
    4 months ago

    I mistyped my PIN (yes PIN, you can have only a 4 or 6 digit number, not a real password) into my bank app too many times and had to reset it. I was prompted the secret question “what is the name of your childhood best friend?” This alone would have given me (or anyone) access to my bank account. I forgot what the answer was and had my account locked after a few attempts.

    How was I to prove my identity? Call the 1-800 number and the automated system asked for my account number or any credit/debit card number, the numbers in my postal code, my phone number, and my birthday. THAT’S IT. Account unlocked and was able to set a new password PIN. So many people know or can easily find out this information.

    I use very strong digital security everywhere that allows it, but of the hundreds of accounts I have, my bank is the least secure and does not allow any stronger security even if you want it!

        • shortwavesurfer@lemmy.zip
          link
          fedilink
          arrow-up
          1
          ·
          4 months ago

          Primarily to buy groceries, and save. I would much rather hold my money outside of the fiat currencies. I have been thinking of getting some silver bars and i already have a few goldbacks.

            • shortwavesurfer@lemmy.zip
              link
              fedilink
              arrow-up
              2
              ·
              edit-2
              4 months ago

              Coinsbee.com. Buy an Instacart gift card and load that on your account. Then buy your groceries with that and just go pick them up when they’re ready. I suppose technically that means that that bit of Monero flows back into the Fiat economy which sucks but I do put more than just my grocery money into it so some money always stays in Monero each month no matter what

              Edit: By buying it through the gift card service, I’m also signaling to the economy, at least in some small way, that I prefer Monero instead.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    2
    ·
    4 months ago

    This is the best summary I could come up with:


    WASHINGTON (AP) — One Monday morning in May, I woke up and grabbed my cell phone to read the news and scroll through memes.

    The ability of thieves to obtain your personal information was again made clear Friday when AT&T said the data of nearly all of its customers was downloaded to a third-party platform in a security breach two years ago.

    Although AT&T claims no personal information was leaked, cybersecurity experts have warned breaches involving telephone companies leave customers vulnerable to SIM swapping.

    It took ten days to get my number back from Cricket Wireless — and that wasn’t until I told company representatives that I was writing a story about my experience.

    “Fraudulent port-outs are a form of theft committed by sophisticated criminals,” reads a company statement that was emailed to me.

    “We have measures in place to help defeat them, and we work closely with law enforcement, our industry and consumers to help prevent this type of crime.”


    The original article contains 1,130 words, the summary contains 161 words. Saved 86%. I’m a bot and I’m open source!