Results 1 to 10 of 10

Thread: Question about visible sim card swap attack prevention

  1. #1
    Join Date
    Jul 2010
    Posts
    1,222
    Feedback Score
    0

    Question about visible sim card swap attack prevention

    I am worried about a SIM card swap attack where through no fault of your own someone can steal your phone number and get access to your bank accounts.

    I don't know if I am at risk or not from a SIM card swap attack. If someone stole my phone number I am not sure if they can get access to my bank accounts because I think it varies between different banks as to the security that they have in place. I never signed up for 2FA (two factor authentication) but I think some banks like Schwab require it even if you did not signup for it.

    My understanding that the SIM card swap attack is a problem because of the carriers poor security and because many banks require you to use 2FA.

    A SIM card swap attack means someone takes control of your phone number by contacting your carrier and telling them they are you and that you lost your phone so you need your phone number assigned to a new SIM. Once they get that SIM card they can take over your phone number and your phone then stops working.

    I heard all they need to know is your phone number and some basic info about you such as your name and birthday and they can steal your phone number.

    I think many videos I find on this subject are not very helpful and don't seem to fully understand the issue. For example, some videos say to put a PIN on your phone which will not protect against if someone steals your phone number.

    I also heard the FCC is going to have some new rules to try and prevent this problem but I don't think they are implemented yet. There is no standard that all the carriers have to follow so they all do it different right now.

    So I want to know how to prevent a SIM card swap attack.

    I heard there is a PIN that you can ask for from your carrier so no one can swap out your SIM without giving them the PIN. Has anyone else done this with visible and how does it work?
    Last edited by brad4cell; 01-29-2024 at 04:00 PM.

  2. #2
    Join Date
    Oct 2014
    Posts
    14,291
    Device(s)
    Samsung S22, Samsung A51, Samsung A54
    Carrier(s)
    TF/Verizon, Walmart Freedompop, Qlink
    Feedback Score
    0
    Quote Originally Posted by brad4cell View Post
    A SIM card swap attack means someone takes control of your phone number by contacting your carrier and telling them they are you and that you lost your phone so you need your phone number assigned to a new SIM. Once they get that SIM card they can take over your phone number and your phone then stops working.

    I heard all they need to know is your phone number and some basic info about you such as your name and birthday and they can steal your phone number.
    I don't know how Visible operates. I use Tracfone. To transfer service from one phone to another, the TF rep will text a security code to the old phone and you have to provide that code. If the old phone is lost, broken, and you can't receive the code, the rep can send the code to the email of the account, or text the code to another phone in the same account. If none of those options can be used, the rep will resort to the "challenge questions" that you set up for your account (what's your best friend's name, what's your pet's name, what's the name of your 1st grade teacher, etc).

  3. #3
    Join Date
    Jul 2010
    Posts
    1,222
    Feedback Score
    0
    Quote Originally Posted by hpham View Post
    I don't know how Visible operates. I use Tracfone. To transfer service from one phone to another, the TF rep will text a security code to the old phone and you have to provide that code. If the old phone is lost, broken, and you can't receive the code, the rep can send the code to the email of the account, or text the code to another phone in the same account. If none of those options can be used, the rep will resort to the "challenge questions" that you set up for your account (what's your best friend's name, what's your pet's name, what's the name of your 1st grade teacher, etc).
    Thanks, that info is very helpful.

    I did give visible an email so if they require a text to the phone or to the email I think I would be safe without any additional changes.

    However, I don't think visible ever asked me any security questions so if the scammer says they lost the phone and can't access the email I am not sure what visible would do in that case but hopefully they would refuse to swap the number. However, if they just ask for birthday that would cause the problem since the scammers usually find out the victims birthday.

  4. #4
    Join Date
    Oct 2014
    Posts
    14,291
    Device(s)
    Samsung S22, Samsung A51, Samsung A54
    Carrier(s)
    TF/Verizon, Walmart Freedompop, Qlink
    Feedback Score
    0
    Quote Originally Posted by brad4cell View Post
    However, I don't think visible ever asked me any security questions...
    With Tracfone, you set up the questions and answers when you create your Tracfone account. Some people don't create a Tracfone account and their service is more vulnerable to scams.

  5. #5
    Join Date
    Jul 2010
    Posts
    1,222
    Feedback Score
    0
    Quote Originally Posted by hpham View Post
    With Tracfone, you set up the questions and answers when you create your Tracfone account. Some people don't create a Tracfone account and their service is more vulnerable to scams.
    I did create a visible account.

    I logged in and don't see any security questions. I always put any security questions in my password manager and I don't have any in there so pretty sure they never asked for any.

    I do see they have my Name, Address, Email but all that might be found out by a scammer so I hope they don't use that for security.

    I have a voice mail PIN but don't know if they would use that for security.

    I thought they asked for birthday but I don't see that anywhere in the account info so I am not sure if they asked for birthday or not.

  6. #6
    Join Date
    Oct 2022
    Posts
    2,695
    Feedback Score
    0
    Talk to CS, tell them you are concerned about identity theft, and that you want to add more security to your account.

    Please post their response back here.

  7. #7
    Join Date
    Jul 2010
    Posts
    1,222
    Feedback Score
    0
    Quote Originally Posted by PaulCrawhorne View Post
    Talk to CS, tell them you are concerned about identity theft, and that you want to add more security to your account.

    Please post their response back here.
    I might end up doing that; however, that is the point of this post.

    I wanted to get more information from others that might know more than I do about the situation because I am not a security expert.

    I might not even have a security problem at all but I sure don't want anyone to get access to my bank account and take all my money.

    There also might be different ways to improve security and someone might know which ones are best.

    On one video a security expert said he uses a separate phone just for 2 factor authentication and nothing else and that phone number he never gives out and he also changes the phone number from time to time. This might be a good way to do it but that requires keeping another phone just for that purpose which cost extra.

    I see two problems.
    1. The carrier might give your number to a scammer.
    2. Can the scammer once they have control of your phone break into your bank accounts.
    All you have to do is prevent one of the 2 problems to fix the entire problem.
    Last edited by brad4cell; 01-31-2024 at 01:00 AM.

  8. #8
    Join Date
    Jul 2010
    Posts
    1,222
    Feedback Score
    0
    Another thing I wanted to add.

    I think banks originally did not have two factor authentication.

    I think all banks added 2FA and they forced you to use it with your phone number because they had your phone number.

    I think 2FA using your phone number is the main reason that your bank is not safe if a scammer gains access to your phone.

    So, I think this problem of the sim card swap attack was created by the banks requiring using your phone for 2FA. In other words, the banks security is making you less secure.

    The user should not have to be scared someone might gain access to their bank account if they give out their phone number to someone. A phone number is not supposed to be secret.

  9. #9
    Join Date
    Jun 2020
    Posts
    1,696
    Feedback Score
    0
    I know someone who has Visible so I asked him about your question.
    He said when he contacts Visible Chat, they verify his identity by sending a verification link to the email address they have on file for him. He has to click on that link, otherwise they don't chat with him.
    Hope this helps.
    Will happily share referral code for Red Pocket (gives you up to $25 off first month), and Tracfone referral code (gives you $35 in rewards points) - please PM me if you'd like to use my codes. You’ll also get great karma for helping out this starving student! Thank you!

  10. #10
    Join Date
    Jul 2010
    Posts
    1,222
    Feedback Score
    0
    Quote Originally Posted by sillyette View Post
    I know someone who has Visible so I asked him about your question.
    He said when he contacts Visible Chat, they verify his identity by sending a verification link to the email address they have on file for him. He has to click on that link, otherwise they don't chat with him.
    Hope this helps.
    If they require verification over the email on my account that would be safe and secure. The problem is a scammer will say they got locked out of that email. Then the question is what would visible do in that situation to verify the user is authentic. There are no standards that the carriers have to follow so they probably all do things different.

Similar Threads

  1. Help! Question about Rogers sim card and ESN change??
    By shadowfighta in forum Rogers/Fido/Chat-r
    Replies: 7
    Last Post: 04-13-2003, 12:55 AM
  2. Question about Rogers sim cards
    By umbh in forum Rogers/Fido/Chat-r
    Replies: 7
    Last Post: 03-28-2003, 02:31 AM
  3. Question about Fido Sim card
    By mide in forum Fido
    Replies: 2
    Last Post: 12-26-2002, 12:14 AM
  4. Question about insurance/SIM cards... dealers/reps please inform (nextel66?)
    By statik1337 in forum General Nextel Discussion
    Replies: 1
    Last Post: 12-09-2002, 08:14 PM
  5. Question about Phone & Sim Card.
    By Paulie312 in forum General Nextel Discussion
    Replies: 6
    Last Post: 08-28-2002, 03:43 PM

Bookmarks