Knowledge Base
Community

Fraudulent Sim Swap led to stolen crypto

Started by: padduan
On: 18/02/2019 | 18:52
Replies: 16
Reply

by: padduan
on: 18/02/2019 | 18:52

Hi,

 

Today i got a text message saying a sim swap had been initiated, so please follow this link and log in to stop it. (didn't think anything of it since giffgaff contact me via text message very often)

 

I followed the link to what appeared to be a giffgaff site, then entered my account name and password. An hour later i got an email saying there had been suspicious activity on my gmail account.

 

It turned out that someone had posed as giffgaff, got my password, initiated a sim swap and then proceeded to log into one of my crypto wallets and transfer hundreds of pounds worh of Ethereum out of my wallet. I complained and was advised to change my passwords, however it is all with 2FA and my coverage is gone now so i cannot change my passwords as i cannot recieve the SMS with the 6 digit code.


Giffgaff have only acknowledged my account had been compromised, but not admit it to being their fault. How did they get my number then and know to pose as giffgaff and then initiate a sim swap?

 

I have 2FA on google, how did they log in to google without the verification step? 

 

How do i make sure i get a full re-imbursement from giffgaff?

 

Thanks forum

P

Message 1 of 17
by: jammo740
on: 18/02/2019 | 19:02
Giffgaff will not and should not admit liability because the onus is entirely on you.

Your phone number is not secret or private by any means. Any website or service you give your mobile phone number to may distribute it with third-parties either through PI-sales or the facilitation of services. Your phone number is very much public.

Furthermore, it is possible to determine a person's carrier simply from their phone number. This can be done using online websites, and Giffgaff's app has the ability to find friends on the network.

Finally, I cannot stress enough that it is YOUR RESPONSIBILITY to check the legitimacy of a website. It is trivial to create a dummy website for credential harvesting. There are a plethora of means for checking the legitimacy of a website such as looking at the root URL and the validity of the SSL certificate.

However, if you are fixed in your mind that you have no liability for this incident, you should seek legal advice on persuing Giffgaff in a civil lawsuit.
Helpful? Do everyone a favor - give kudos and best answers! Get £5 of free GiffGaff credit!
Message 2 of 17
by: padduan
on: 18/02/2019 | 19:06
But then how did they initiate a sim swap without my authorisation because i got messages from an official giffgaff number saying that i had initiated a sim swap...
Message 3 of 17
by: elbubsio
on: 18/02/2019 | 19:07
Hi,

Okay, let's deal with your questions/points individually -

1) How did they get your number - Various means. A data breach with whoever you bought the phone from, bought in a list along with thousands of others, you filled a form in online that asked for your number etc. It's remarkably easy for a determined scammer.

2) How did they log into google - Hmmm, not sure but possibly if they've done the SIM swap, they can then access your google account and click 'forgot password'. Google will send a verification to your SIM, which is now in the scammers hands, so they get the rest code and reset your password. Now they can log in properly.

3) Giffgaff haven't admitted fault - I don't see how it is gifgaff's fault. No offence but you've admitted that you gave the scammers your login details. From there, I'm afraid any follow up problems are on your head.

4) How do you get reimbursement from giffgaff - Again, as this is essentially your fault, I don't think you can. I'm afraid unless the company that does your etherium wallet can help, you may have to chalk this all up to experience (a very nasty one, but still...)

I'm sorry the news isn't better, but that may well be the reality of the situation.

Hope that helps Smiley Wink
Get a free giffgaff Sim
Message 4 of 17
by: jammo740
on: 18/02/2019 | 19:08 edited: 18/02/2019 | 19:09

Phone numbers can be spoofed with ease. It's the same way telemarketers can turn off Caller ID so no phone number is available to block. A scammer can very easily pretend to be acting as a mobile network, bank, etc by spoofing the legitimate phone number of correspondence.

You are the victim of fraud; this is a crime. Please visit a police station to file a report or use the ActionFraud website: https://www.actionfraud.police.uk/

Helpful? Do everyone a favor - give kudos and best answers! Get £5 of free GiffGaff credit!
Message 5 of 17
by: rqt
on: 18/02/2019 | 19:09

@padduan

"But then how did they initiate a sim swap without my authorisation?"

 

Using the information you provided?

"I followed the link to what appeared to be a giffgaff site, then entered my account name and password"

Message 6 of 17
by: mrsgrowler
on: 18/02/2019 | 19:11

@report_phishing

Are you aware of this?

Thank everybody you think deserves it by awarding Kudos. And give Best Answer to the post that has helped you the most
Message 7 of 17
by: padduan
on: 18/02/2019 | 19:11
Thanks and fair points, but again, how did giffgaff allow them to initiate a sim swap without my permission?
Message 8 of 17
by: jammo740
on: 18/02/2019 | 19:13
You gave the scammer your username and password.

From Giffgaff's perspective, it was YOU who initiated the SIM, because only you should know your username and password. It is impossible to know what human being is actually pulling the strings.
Helpful? Do everyone a favor - give kudos and best answers! Get £5 of free GiffGaff credit!
Message 9 of 17
by: padduan
on: 18/02/2019 | 19:14
But the sim swap was initiated before i gave my details away....
Message 10 of 17