Project Disrupt: Toronto police arrest 10 people, lay more than 100 charges in SIM swap scam
- Thread starter canada-man
- Start date
Dont have bank apps on my phone and never use my phone for banking or paying for anything. Thats the way to avoid being scammed like this.
I had to use my phone and get texts from two banks this week to prove who I was. One for online and one for in person.
So they use your phone number to verify everything. I have voice authorization for online banking and they still wanted to confirm who I was.
So they use your phone number to verify everything. I have voice authorization for online banking and they still wanted to confirm who I was.
Same here. I got rid of my Paypal, Facebook, and Instagram accts as well on my smartphone
Last edited:
I m a little slow here and need your assistance. I don't have google pay/ Apple Pay or any touch and go banking on my phone. I have banking Apps but they require a password. If go online - I still have to give a password before a text is sent to my phone. Generally any changes to the account require my three digit code on my credit card and description of my last transaction - location and amount. This is even for a temporary daily limit extension.
Now you have my SIM card - how do you get my money ??
Now you have my SIM card - how do you get my money ??
That Banks will use a 6 digit code via text for in-person transactions is BS. I can read that text without actually unlocking my device; so that only proves that I have Farquhar's device, and not that I am Farquhar.
If the Banks actually gave two shits, they would use Authenticator Apps - but that would require them to spend money, and they don't want to do that.
Perhaps you used your VISA Debit or Debit MasterCard to pay for something on a website that was compromised - such as what happened to TicketMaster recently. That Data ends up on the Dark Web and is packaged and resold.
So, the criminal has your Name, Address, Birthday, Phone Number, Bank Card number, Expiry, and the 3 digit Security Code - the criminal then uses Fake ID or good old fashioned Social Engineering to go to your Mobile Provider and convince them that they are you, and swap service from your SIM card to a SIM card they have in another phone.
The Criminal then goes on the Bank's website and initiates a Password Reset - they have all the required information, and the Bank will send them the code to complete the Password Reset.
Now that the Password is reset, the Criminal has full access to your Bank Accounts - and will either E-transfer money out to the daily limit to an e-mail address they control; or add some Prepaid VISAs to your Billers and make Bill Payments to those accounts, and siphon your money onto those Prepaid VISA cards; or send a Global Money Transfer to an offshore account.
Royal Bank and wealth simple support authenticator apps, tangerine does not and relies on SMS, no idea about other banks. The best security is security keys like yubikey but almost nobody supports them, I bought 2 yubikeys but they are more or less useless.
At some point you'll be forced to. Scotiabank, ING and I think a couple of others require 2FA , which means you'll need their app on your phone to verify who you are when you log online to your account.
Two-factor authentication (2FA) is a security system that requires two separate, distinct forms of identification in order to access something. The first factor is a password and the second commonly includes a text with a code sent to your smartphone, or biometrics using your fingerprint, face, or retina.
Last edited:
The criminal still needs your email account password to complete the password reset but if you recycle your login passwords then your pussy will be easily grabbed.
CIBC and BMO both don't support authenticator apps.
140 BMO customers say they lost $1.5M in transfer frauds, plan to sue bank | CBC News
The question is the last transaction - not did you buy something from Ticket Master - so that approach won't work. BTW: I've never purchased from Ticket Master - they actually ask for you birthday ? Also a SIM card does not give him access to my bank passwords. However if he has my charge card with the 3 digit code - why bother with the SIM ? He has a limited time until the card number is flagged so I would run with that and forget about the SIM.
The SIM doesn't provide him access to the Bank passwords; it is used to reset the Bank passwords. He already knows your Debit Card number. The Bank sends an SMS with a one-time use code, which he uses to reset the password to whatever he wants.
Why bother SIM swapping if he has a charge card with the 3 digit code? Because the payoff for SIM swapping is much greater. Tens of thousands of dollars.
Put it another way; my Daily E-transfer Limit at BMO is $7,500, and my Daily Bill Payment Limit at BMO is $25,000. So, that's $32,500 right there if my Online Banking gets compromised. There is also Western Union Money Transfers and Global Money Transfers - not sure of the Limits for those.
I was buying a S24 off of Samsung's website last week for a measly $881, and CIBC wouldn't let the transaction authorize until I spoke to the Fraud Department.
But once they reset the password to your bank(ing), they have full access to your accounts and that's fucked up.
Any money in the Chequing account plus I also have a $68,000 Line of Credit; and when it comes to these types of Frauds, the Banks generally will find some way to blame the customer (as you saw in the BMO article I linked) and deny compensation.
If you have a problem with your Bank, there is an Escalation process; if the Bank won't solve your problem, you can have a second review by the Ombudsman for Banking Services and Investments - OBSI ; however, in most cases OBSI sides with the Bank; only in cases where the Bank did not follow its own policies does OBSI compensate the consumer.
Credit Card fraud is covered by the credit card company so it is not something to be freaked out over by the end customer.
Banking fraud is usually not covered and the limits are potentially much higher so it is something to be very concerned about.
With Banking fraud, the criminal needs your SIM account and banking account# and banking password, if they can not get a hold of the banking password then they will request a banking password reset which requires the username and password of the recovery email address.
Your banking password and email password is the challenging thing for criminals to get but if you recycle your passwords then the password is easy to get.
Banking fraud is usually not covered and the limits are potentially much higher so it is something to be very concerned about.
With Banking fraud, the criminal needs your SIM account and banking account# and banking password, if they can not get a hold of the banking password then they will request a banking password reset which requires the username and password of the recovery email address.
Your banking password and email password is the challenging thing for criminals to get but if you recycle your passwords then the password is easy to get.
CIBC won't send One-time Codes to most free E-mail providers for this reason. CIBC will only send the One-time Code via Voice Call or SMS to whatever number they have on your Customer File - which is what motivates criminals to get your SIM account.
After clicking Far's link, another story, this poor woman had plans to kill herself after losing $340k in wire transfers back to Hong Kong.
