Knowledge Base
Community

Unauthorized SIM Swap

Started by: k89bpa
On: 03/01/2019 | 11:46
Replies: 15
Reply

by: k89bpa
on: 03/01/2019 | 11:46

Been reading on Twitter that a few people have experienced an unauthorized SIM swap which has caused them all kinds of problems.

 

How does this happen?

 

People have been posting screenshots of agent responses reassuring customers that the accounts here are secure and haven't been compromised, so how exactly do these SIM swaps occur?

 

Also, what protections are in place to stop it from happening?

 

I didn't even know this was a thing until today. 

Huawei P20 Pro | 9.0.0 | Data Plan: 80GB

Message 1 of 16
by: koshka
on: 03/01/2019 | 11:54 edited: 03/01/2019 | 11:59

Not sure but this may be down to the scam texts directing members to a fake copycat site. Been happening for the last month or so.

 

editto add https://community.giffgaff.com/t5/Announcements/Security-Update-Phishing-smishing-and-SIM-swaps/td-p...

Message 2 of 16
by: endorphin
on: 03/01/2019 | 12:01

I believe that some giffgaff accounts have been compromised due to people using the same username and password as on a site elsewhere that has been hacked.

 

There was a spate of these towards the end of last year https://community.giffgaff.com/t5/Announcements/Heads-up-on-some-scams-protect-yourself/td-p/2224127...

Get a free giffgaff SIM/microSIM/nanoSIM with free £5 credit
Message 3 of 16
by: mightymario
on: 03/01/2019 | 12:07 edited: 03/01/2019 | 12:09

@k89bpa wrote:

Been reading on Twitter that a few people have experienced an unauthorized SIM swap which has caused them all kinds of problems.

 

How does this happen?

 

People have been posting screenshots of agent responses reassuring customers that the accounts here are secure and haven't been compromised, so how exactly do these SIM swaps occur?

 

Also, what protections are in place to stop it from happening?

 

I didn't even know this was a thing until today. 

It could be due to scams like

 

https://community.giffgaff.com/t5/Contribute/Free-10-giffgaff-credit-offer-by-sms-Scam-Confirmed/td-...

 

https://community.giffgaff.com/t5/Help-Support/Is-this-a-scam/m-p/22854289

 

https://community.giffgaff.com/t5/Announcements/Security-Update-Phishing-smishing-and-SIM-swaps/m-p/...

Message 4 of 16
by: k89bpa
on: 03/01/2019 | 12:52
Perhaps it's time for two factor authentication on accounts, or at least on SIM swaps?

Huawei P20 Pro | 9.0.0 | Data Plan: 80GB

Message 5 of 16
by: tradertall
on: 03/01/2019 | 13:39
has to be phishing
Get a free giffgaff Sim
Message 6 of 16
by: woodyuk
on: 03/01/2019 | 14:31

Some kind of extra security layer is definitely needed to prevent these rogue sim swaps,if giffgaff were to go the 2FA route though,it would probably have to be done via email with a clickable link to confirm you asked for the sim swap because if it's a genuine swap because a member's sim has failed then a text confirmation would be a non starter.

 

At the end of November in a post I'll link to below re the phishing texts that were doing the rounds giffgaff told us this:-

 

"To better protect against SIM swaps that our members are unaware of, we’ve built upon the confirmation email we already send to advise that the SIM swap is in progress - you’ll now receive a SIM swap confirmation text message to your phone where you have the possibility to immediately raise a case with the agents if you were not the one that requested the SIM swap."

 

But given that the average sim swap takes just a few minutes to complete whereas for an agent to read a member's report and respond to it can take up to 24 hours,is it just me that sees a bit of a flaw in this new feature?

 

So some kind of 2FA would be a huge improvement because all that members have in the way of protection at the moment is just about sweet FA.

 

https://community.giffgaff.com/t5/Announcements/Security-Update-Phishing-smishing-and-SIM-swaps/td-p...

 

Message 7 of 16
by: k89bpa
on: 03/01/2019 | 15:24 edited: 03/01/2019 | 15:25

Yeah, was thinking an email confirmation link too @woodyuk for much the same reason, or a 2FA app but given the technical level here...

 

Perhaps user choice?

Huawei P20 Pro | 9.0.0 | Data Plan: 80GB

Message 8 of 16
by: woodyuk
on: 03/01/2019 | 15:49

Email seems like the simplest solution to me and one that could be implemented quickly because you need a method that a genuine member can access if their sim has stopped working so they have a dead phone.

 

If when you started a sim swap you got a message saying a confirmation link has been sent via email and the swap doesn't go ahead until that link is clicked that would stop all of the rogue sim swaps we're seeing unless the scammer also has access to the member's email account.

Message 9 of 16
by: k89bpa
on: 03/01/2019 | 15:53
Agreed

Huawei P20 Pro | 9.0.0 | Data Plan: 80GB

Message 10 of 16