Today i got a text message saying a sim swap had been initiated, so please follow this link and log in to stop it. (didn't think anything of it since giffgaff contact me via text message very often)
I followed the link to what appeared to be a giffgaff site, then entered my account name and password. An hour later i got an email saying there had been suspicious activity on my gmail account.
It turned out that someone had posed as giffgaff, got my password, initiated a sim swap and then proceeded to log into one of my crypto wallets and transfer hundreds of pounds worh of Ethereum out of my wallet. I complained and was advised to change my passwords, however it is all with 2FA and my coverage is gone now so i cannot change my passwords as i cannot recieve the SMS with the 6 digit code.
Giffgaff have only acknowledged my account had been compromised, but not admit it to being their fault. How did they get my number then and know to pose as giffgaff and then initiate a sim swap?
I have 2FA on google, how did they log in to google without the verification step?
How do i make sure i get a full re-imbursement from giffgaff?
Phone numbers can be spoofed with ease. It's the same way telemarketers can turn off Caller ID so no phone number is available to block. A scammer can very easily pretend to be acting as a mobile network, bank, etc by spoofing the legitimate phone number of correspondence.
You are the victim of fraud; this is a crime. Please visit a police station to file a report or use the ActionFraud website: https://www.actionfraud.police.uk/