Troubleshoot your device issues
CoastRanger's profile

Tutor

 • 

11 Messages

Monday, June 17th, 2019 8:30 PM

Closed

Protection against unauthorized SIM SWAPPING (Sim Swap Attack)

I have NOT yet been a victim of a SIM SWAP attack but the ramifications are HUGE.  As I understand it, my phone number can be hijacked to a device in the possession of the hijacker EVEN THOUGH I HAVE THE SIM IN MY PHONE IN MY HAND!   Any 2FA text message authentication, text msgs, phone calls, etc. would then be sent to the hijacker's phone.

 

I wouldn't be able to place phone calls.  Any interactions that I have with businesses, banks, etc. would not be able to verify my identity because I would not be able to phone in using MY phone number.  My banking, etc would not let me log in because I would not be able to receive the text messages with the login codes that are required.  etc etc. 

 

In other words, if my phone is my identity and that identity is controlled by the SIM card in my phone and someone is able to use that SIM information for their own purposes, I am toast!

 

I do NOT understand exactly how anyone could hijack my number (SIM SWAP) unless ATT permitted it.  

 

What mechanisms are in place to prevent this from happening?  Is there some option in my account that I can set which will prevent this??

 

ACE - Expert

 • 

23.9K Messages

5 years ago


@joeldf wrote:

I had originally set up a Google account right as they went public with Gmail, but they had not yet tried to tie them together. That came later. And for a while, if you had an android phone, you were forced to have a gmail address to set up the phone with a Google account. This happened when we bought a Galaxy S2 for my son. I tried to use my account and it flat wouldn't accept it. My wife also had a Google account that wasn't a gmail address and that didn't work either. The error specifically said it had to be a gmail address. So my wife created a dummy gmail and related Google account just to get the phone to finish the initial setup.

 

Luckily, that requirement is no longer enforced. By the time I got my S8, I setup my gmail-less Google account on it and had no problems.


@joeldf 

 

Me personally I think google has some of the best protection right now for email accounts IF you use it right.  I have to have my device NOT sim card device to authorize a login.  I beta tested it for almost 6 months before google went public with it.  2FA is great if its device based and NOT sim based.  Using the device as a key is better as you have said key.

New Member

 • 

2 Messages

1 year ago

This just happened to me. Att fraud says they're looking into it :-/

They managed to swap it back to my phone somehow. Problem was they need to send a one time pin and you have no service. Back on after about 9 hours. After 2 hours of back and forth.

The thief managed with that to change my passwords for my main email and two investment account. All with 2FA. Luckily I was at home and had access to another phone and my laptop to contact ATT and banks to freeze accounts. If you're out and only have your phone it can be a big problem!

All I know is it happened at a store in Dallas and says no phone call was recorded for it. Could someone of bypassed the employee info via hack. Not sure, but I didn't receive one notification of any account changes from ATT.

Careful out there with what you have on your phone and secure apps when possible.

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.