Best Telco for Protection against Sim Swap Hack Attacks?

SpaceNinja on 09/09/2021 - 01:09
Last edited 09/09/2021 - 14:04 by 1 other user

Increasingly concerned about sim swap and lack of security features offered by telcos.

What is Sim Swap attack?
With you DoB, Name & Address anyone can steal your phone number through number porting or sim replacement.
Once the hackers have your number obviously the hackers will try to get access to your bank accounts etc.

Our telcos are pretty careless about this, their focus is as usual absurd amounts of data and other useless features like free video apps etc.
Not all banks offer app or token based 2FA which makes matter worse.

Which one is the most secure telco against sim swap attacks?
Do you follow any other practice to safeguard i.e. probably having a non-public second mobile for banking etc.?

Update: Thanks everyone for your inputs.
So far it seems like post paid services with a decent provider Telstra/Vodafone might be worth it after all, considering they can provide additional layer of security as compared to el-cheapo prepaid providers. I might decide to move myself soon.

Mobile

Comments

  • [Deactivated] on 09/09/2021 - 02:35
    +1

    most telcos now have a pre-port authorisation message where, when a port request is received by the "losing" company they will send a text message to the mobile number in question with an authorisation code that the user must reply back with to authorise the transfer. this was introduced early last year

    • JoeBogan on 09/09/2021 - 07:22
      +1

      This is porting out mate. He's talking about Sim swapping where you don't get a message because you are moving your number within the same telco to a different Sim card.

      • [Deactivated] on 09/09/2021 - 10:36
        +1

        op does say "number porting or sim replacement", so he's talking about both. not sure about other companies but vodafone only allows sim swaps to happen in store after the account holder has shown their primary id

    • JIMB0 on 09/09/2021 - 08:00

      They get around that by saying that the sim card is lost.

      • wasdw246 on 09/09/2021 - 09:20
        +2

        It should be possible for the telco to see if the sim-card is in active use (& also by it's regular mobile device).
        Seems like poor verification procedures

        • abb on 09/09/2021 - 10:40

          Yeah, we could do something, but isn't it easier to do nothing?

          • Everyone ever
  • Platinumtelecom on 09/09/2021 - 06:01

    I just ported recently from Optus to Telstra. No authorisation code. However Optus sent an SMS and email saying the number was being ported and to call if I didn’t make the request.

    The funny thing though, is that the number was ported like 3 mins later, so I wouldn’t have had enough time to call Optus anyways.

    But from memory you also need to know the account number is the service is on the post-paid account. So it seems it is easier for hackers to do this on prepaid.

    • solidussnake on 09/09/2021 - 06:05

      Same for me when I ported last eofy, great security lol

  • avoidfullprice on 09/09/2021 - 07:11

    Is there a difference in verification process between postpaid or prepaid number being ported (edit: or sim swapped)?

    • SpaceNinja on 09/09/2021 - 08:48

      I think the postpaid services require your account number for porting instesd of DoB & address. So might provide better protection if you can hide your account number well.

  • falcine on 09/09/2021 - 08:50
    +1

    Don't know about others but Aldimobile is one to avoid. No checks, no verifications, ridiculously easy to port out your number onto another sim card. All you need is the target mobile phone number, and the aldimobile password for that account. Came to this realisation when I lost my aldimobile sim card overseas and was shocked at how easy it was to transfer number onto replacement sim.

  • nedski on 09/09/2021 - 09:23
    +2

    I was also worried about this and spoke to Telstra on the live chat. Before a Sim Swap occurs now, a confirmation email and text will be sent first.

    • SpaceNinja on 09/09/2021 - 09:33

      Is this like a approval (go-ahead required to proceed) of just confirmation like "we are porting your number"?

      • nedski on 09/09/2021 - 09:44

        Notified.

      • 87percent on 09/09/2021 - 09:48

        the sms is sent before any porting of the number is initiated.. if you don't respond to the sms, the port will not proceed

        • nedski on 09/09/2021 - 11:06

          Yes that is an established process for porting, not swim swapping though.

    • abb on 09/09/2021 - 10:41

      is that for all customers or is that a special extra lock they added to your account?

      • nedski on 09/09/2021 - 11:06
        +1

        It seemed to be something you had to turn on.

  • Unorthodox on 09/09/2021 - 09:36
    +3

    Worked in all the majors in store and corporate operations

    Honestly, SIM swaps are going to be a major issue until the e-SIM is rolled out properly with the right security added to the customer portals for self service.

    SIM swaps used to be very harmless for big telcos because people didn't wait for the blank SIM replacement to be delivered so they would go to a store to get a blank replacement where you'd have to have the requisite logins and IDs.

    Note: security was more lax back then because the SIM sizes were still changing to nano SIM or micro depending on people's upgrades or losing their phone etc so you would have those SIM cutters for those who couldn't remember.

    I actually liked the idea of having a blank SIM in case I lost or had my phone stolen whilst travelling so I could simply transfer to the blank. You'll underestimate how often people lose their phones or need a SIM swap from user error.

    Things that could be done by yourself:
    - visit a major telco or call up and ask for a note on your account that SIM swaps or ports can only be done in person. Make sure that this note is not an interaction note but account level.
    When you verify instore, you'd need your photo ID and security PIN.

    Honestly it's a lot harder now due to online transfers.

    Things the telcos could do:
    - enable another check leveraging something similar to a PUK code or a replacement key that must be input
    - most notify you of any replacement SIM send outs
    - prevent replacement number requests unless verified

  • [Deactivated] on 09/09/2021 - 10:44
    +3

    I work for vodafone. We are only allowed to do sim swaps after seeing a customer's ID, and I'd say about a quarter of the time we get someone complaining that they shouldn't have to show us ID if they give us other details like Vodafone PIN number, DOB, address.

  • kmwa on 02/05/2023 - 17:06
    +1

    I've just come across something which is a game-changer for Australian telecoms.
    Cmobile is the first Australian mobile service provider to introduce a “porting PIN” to combat SIM porting.
    "A porting PIN is a six digit secret number you can set when you open your Cmobile account. We set it up on your account, and to port your number, your porting PIN needs to be quoted, not your account number or date of birth.
    Your porting PIN, like your ATM PIN, is not given out to anyone but you, and will not appear on any of your accounts or correspondence from Cmobile. You need to keep it in a safe place, just like your ATM PIN. It will make it much harder for a cyber thief to port your number away without your knowledge."
    https://www.cmobile.com.au/support-faq/what-is-a-porting-pin…
    They also seem to offer protection against SIM swapping.
    "I’ve lost my handset. What do I do?
    Contact Cmobile immediately. We will bar your SIM, and send you need a new one if required."
    So if someone tries a SIM swap, you will find out straightaway because your phone will go to SOS only, and you will have a few days to sort things out before a new SIM can be posted to the bad dudes.
    Cmobile said “To sim swap, they will need to know your porting pin. This is why we introduced this. If someone gains access to your email and can see your account number, however with a porting pin it is not included on any documentation. Is similar to your ATM.
    We saw a need for this a few years ago, and were the first Telco - we may even be the only Telco that offers this.”

  • Mulumulu on 28/09/2023 - 22:32

    Came to say two things

    Wollies allows you to set up a secret phrase /word (not sure if it only works for porting and not swapping)

    My mate had this happen and they got him 20k from CommBank (daily limit).

    Still chasing the efffing bank and telco about it, both denying responsability (apparently you need 2fa gaming apps but not for your bank or mobile… Geez, I wish the government put on their big boy pants and really set up some minimum security standards)

Login or Join to leave a comment
Login Join