SIM swap attacks are always a scary scenario for wireless customers. Thieves can walk into a store and pretend to be the owner of the SIM and get away with a new one. After that, they already have access to everything the owner has– bank accounts, email, and security questions.
One T-Mobile customer recently shared his SIM swap experience on Reddit. While he was at home, he received an email from his carrier that a SIM change had been completed. This was already sketchy since he never requested for one.
Knowing about the dangers of SIM swap attacks, the customer hurriedly got on the phone with a rep for the carrier. Unfortunately, it took him almost an hour to be able to explain what was going on.
In that amount of time, the thief was already able to start making purchases on luxury items. Thankfully, his bank blocked these purchases and sent him fraud alerts. Still, the thief was able to change the security settings on the customer’s banking app and almost made several purchases that cost over $10,000.
To stop the whole thing from happening, the customer headed to the nearest T-Mobile store and changed the SIM without sending a verification text to the thief.
As shared by PhoneArena, these attacks usually succeed when they have an insider who works for the carrier. The SIM swap process goes smoothly since changing a SIM in-store doesn’t require a confirmation text. If only the carrier continued to send a confirmation message to the customer, this scam could have been avoided in the first place.
Although we can’t really assume that a T-Mobile employee is involved in this, it’s really best that the Un-carrier changes its policy on sending out a confirmation text whenever a SIM swap is requested. I mean, that’s the least they can do for their customers, right?