swarfendor437   14 #1 Posted March 22, 2019 Colleague at work told me of an in-law who is tech savvy lost his mobile number and all contacts via a hacker who contacted his mobile provider (Tesco mobile) stating he was moving his SIM to a new phone. Only alerted to the fact via text from provider saying they were acknowledging his request. By the time he had contacted customer support it was too late and now no mobile! Share this post Link to post Share on other sites Share this content via...
Happ   25 #2 Posted March 22, 2019 How would the contacts be lost; they are stored on the phone rather than the sim now? Share this post Link to post Share on other sites Share this content via...
alchresearch   215 #3 Posted March 22, 2019 Sounds similar to this from last month:  EE customer: Creepy ex used employee access to change my mobile number, spy on me https://www.theregister.co.uk/2019/02/08/ee_customer_says_creepy_ex_used_employee_access_to_change_her_mobe_number/ Share this post Link to post Share on other sites Share this content via...
ez8004   10 #4 Posted March 22, 2019 (edited) Seriously, who the hell is stupid enough to keep their contacts on the SIM card nowadays?  Also, the victim obviously isn't that tech savvy for picking a mobile provider with such weak user authentication. There should not be anyway a person is able to impersonate them if they didn't have knowledge of the person in the first place. Edited March 22, 2019 by ez8004 Share this post Link to post Share on other sites Share this content via...
andysm   18 #5 Posted March 24, 2019 (edited) This sort of mobile account takeover is sometimes used to gain access to text-based 2FA codes in order to allow the attacker to take over more of the victims accounts. Edited March 24, 2019 by andysm Typo Share this post Link to post Share on other sites Share this content via...
swarfendor437 Â Â 14 #6 Posted March 24, 2019 (edited) Thanks to everyone's responses - as to the mobile provider - is there any weaknesses of O2 network? Also is GiffGaff just as weak as Tesco mobile as it too piggy backs off O2 - So is vodafone or EE more secure - bearing in mind alchresearch's quote from The Register? Perhaps if he had installed Comodo Mobile Security and had anti-theft settings it would locate the new sim with existing phone if he had logged in to Comodo anti-theft locator? That's what I have on mine. Edited March 24, 2019 by swarfendor437 Share this post Link to post Share on other sites Share this content via...
Ghozer   112 #7 Posted March 24, 2019 if the contacts were stored on the SiM, changin SiM's wouldn't erase those contacts, the SiM just would no longer connect to the mobile network, contacts will still be there... Likely that it was stored on google or iCloud, and the password/account was accessed, and all contacts / details that way... having hacked an account, they would then have access to all the persons details, enough to call Customer Service, and pass data protection and verification.... and hence move the number to a new SiM! But loosing contacts, (Unless, like I said above, the account was compromised) would be impossible without local access.... (Unless it was an iPhone, and they got into iCloud / FindMyPhone and used the "erase my phone" option) Share this post Link to post Share on other sites Share this content via...
andysm   18 #8 Posted March 25, 2019 Security depends on the customer service reps, the company procedures and how well trained the CSRs are. I don't know if Tesco Mobile have their own CSRs or use the same ones as O2. GiffGaff support is via the GiffGaff support website, I don't think they have any telephone based support. Mobile account takeovers are usually a human problem rather then a technical one. Share this post Link to post Share on other sites Share this content via...
Ghozer   112 #9 Posted March 25, 2019 4 hours ago, andysm said: Security depends on the customer service reps, the company procedures and how well trained the CSRs are. I don't know if Tesco Mobile have their own CSRs or use the same ones as O2. GiffGaff support is via the GiffGaff support website, I don't think they have any telephone based support. Mobile account takeovers are usually a human problem rather then a technical one. That may be, but there's also a legal minimum amount of verification needed for Data protection purposes, so regardless - the hacker likely got into some account (social media, icloud, email, anything) and used the details to login to which ever website, or call the CS etc.... there's NO way ANYTHING can be deleted from a phone REMOTELY (other than the iPhone one i mentioned) without it first being setup to do so.... which would need physical access... Share this post Link to post Share on other sites Share this content via...
swarfendor437 Â Â 14 #10 Posted March 25, 2019 I've been updated on this situation - will let you know what the outcome is once known, but can't say any more than that at present for various reasons. Share this post Link to post Share on other sites Share this content via...