SIM Swap Attack - Are they Hacking Your Phone?

i have a question about my recent sim swap. How was this possible? and what info do they have on me? makes no sense. i got a text from my official carrier number 611 telling me a security code. i didnt request it so i figured someone tried to log into my phone account online (u need the number and a 4 digit pin). i went to log in and changed the pin immediately. i got an email 5 minutes later saying my phone number was changed to another sim, and service dropped. how did they get through that 2 factor at the beginning and use the security text before my sim was swapped? how could they log in without seeing that text? and still make changes without my new pin? i never gave out my first pin to anyone ever, and changed the pin before they swapped it, and they still managed to swap it. how is it possible for that to happen? luckily nothing else was compromised as you need authenticator apps to get in. even if someone knew my details how could they get both pins? the phone carrier asks for account pin when u call on the phone.

Listen: YOU are awesome, but PLEASE, stop showing LOOSLY related videos from the internet, this is SO distracting!- just show your face - please! : ) ❤

And a yubikey where u can

Plus PIN code that provider needs can be set up

In person with ID only instruction for any sim swap at your carrier is a defense

Your videos are infomative but your face is ugly, we don't need to see it all the time.

This is just carrier problem to not do enough to verify your identity..

they'll sort this shit out at some point..... after amps magic and harley lost the blackmail indulgence ride back in 11' it just takes societal turmoil and wars to get back flesh fed to the machine like it was before.... either society wakes up and toughens up or we go back to being offerings again. this shit started out as numbers stations on possibly as far back as MTS in the 50s it was called bakery goods or bakers dozen...... its how they harvest and ride the morel orels. if i live again i want to be part of the problem next time, they get laid alot more under these scams.

No problems...NAMES NUMBERS ...NO INTERCEPT EVERYONE IS REGISTERED IP ADDRESS..NO GOVERNMENT MANAGEMENT...

Fortunately in Finland that does not work with banks. You need your customer ID, you pin code, a single use code and an SMS verification. If you have the app then you can use it to read a QR code instead. If you forget your codes, you must physically go to the bank with an ID (driver's license is not accepted)

Though SIM swapping has been use here at least once. The full details have not been reveled but it has to be part of some combined attack involving things like fake Internet banks where the SIM swamping broke the last barrier.

🤔🧐🤓✌️✌🏽

Easy solution, don’t use regular phone carriers and stop buying smartphones (shhh…next level ghost training from yours truly, amir)

I don’t think I’ve seen any website or online service that lets you reset your password with just an SMS… Pretty much all platforms send you the password reset link to your email, no?

Can someone give me some examples of websites where they allow you to reset the password with just your phone number?

Besides, even if such platform existed, I don’t see how this has anything to do with the use of SMS as 2FA - 2FA is literally that - the second factor besides your password during the ordinary login process. If a platform has been designed in such a way that the phone number is the only thing that’s required to reset the password, this has nothing to do with SMS/phone-based 2FA, because even a platform that does not offer other better 2FA methods (like TOTP or FIDO based hardware key) instead of SMS based 2FA can still be designed to send any password reset link to the email registered on the account. An attacker who managed to SIM swap or somehow got access to my phone alone will not be able to lock me out of that platform. Of course if your email account got breached, you have a way way bigger problem at hand, but that’s an entirely separate story…

Thank you for some great advice in detail. Can I ask does enabling a Sim lock pin on a phone help in any way, thanks

For 2FA I only use a small cheap phone that never leaves my home. No one knows the number accept the bank and the government websites that wants the 2FA authetication.

I think I stumbled upon the carrier services)app in the play store and since I deleted and downgraded the app. That problem seemed to go away also I call my provider and told them which by saying something shines a light on nefarious activities. Don't be afraid to talk to these corporations with Authority. Your only in charge if you know it and stand in it.

Best and fastest explanation of actual swim swap attack. Allot of BS out there with 5 min videos or over 1 hour videos getting folks lost in the sauce.

My google account and Amazon account got hacked and they put call forwarding on my phone so when I call any customer service the hackers call center always answers my calls and pretend to be my bank and ask questions they already know and have on my account

TAKE NOTICE

HOW THE BANKSTERS GOT INTO YOUR BANK ACCOUNT WITHOUT YOU NOTICING.

THE WAR IN UKRAINE IS UNLAWFUL FOR THE FOLLOWING REASONS

The vast majority of people in the UK voted Brexit, the UK is nolonger part of the EU.

To understand the law for the reasons you must start at the Magana Carta. It give total autonomy to "We the people".. Even the king and Royal Assent was and is subordinate to the law.

"We the people" is the "Ultimate Sovereignty" which belongs to "We the people." "We the people are the fee simple absolute owners of the Ultimate Sovereignty for ever. Ultimate Sovereignty is not a commodity to be traded, it is sacrosanct and is the foundation upon all democracy is built. Any one who would try to undermine the Ultimate Sovereignty commits treason.

Parlimentary Sovereignty on the other hand at all times is subordinate to the will of the "Ultimate Sovereignty" of "We the people.

THE PROBLEMS ARE:

The banking systems are unregulated.
After the financial crisis of the 1920
Senator Glass Steagall had the common sense to introduce the Glass Steagall Act of strict banking regulations which placed a firewall between Depositor banking and Investment banking to prevent abuse of the banking system.

Depositor banking is where your savings, mortgages and pensions are kept safe.

Investment banking better known as casino banking gamble on Wall Street

President Bill Clinton repealed the Glass Stegall Act. He took away the firewall which left the banking system unregulated. The Banksters had a field day. They took mortgages used them to raise Collateral to gamble on Wall Street Subprime volitile property market, when it all went belly up caused the 2007 2008 financial crisis. At the same time Gordon Brown UK chancellor of the Exchequer deregulated the pre 1997 strict banking regulations in Britain. The whole system unregulated The TAXPAYER was forced to bail out the banks to the tune of hundreds of billions. The Banksters kept the profits and socialised their losses. Not one of them were put in jail.The deficit they created and austerity spilled over to the now 2022 financial crisis

According to Rishi Sunak PM Liz Trust the cause of the sudden tumultuous increase in interest rates and the cost of living is the war in Ukraine. The war in Ukraine is not about the suffering of the people in Ukraine it is all about money, power and control

2015 the UK trained 100 000 Ukraine soldiers.

Biden and Hunter have multiple billions investments in the North Ukraine. Biden proxy war of attrision is to protect his multi billions investment in Ukraine. The war is all about money and power as it has always been.

But you are financing his war through the increase hike in interest rates, in particular your monthly mortgage payments. The extra money you pay is being used to finance the war in Ukraine over which you have no control. The Government has placed an unlawful unfettered wind fall raid upon your mortgage to pay for Biden's proxy war which no body voted for.

What homeowners must focus on is once the Government can take money out of your bank account through the back door without your permission is unlawful.There is no legal authority to extract money from your bank account in such a manner.

The majority of homeowners don't realise how the Conservatives could get unfettered access to plunder your bank account.

The solution to the Conservatives rampant abuse of the people mortgages is to reinstate strict banking regulations to prevent such rampant abuse the Banksters caused. Also an injunction against the orders and decisions made to stop further rampant abuse.

When their Ponzi scheme went belly up Gordon Brown and Alastair Darling rushed an application through Parliament to shift the blame onto a Global crisis. But Bill Clinton was the architect who instigated the crisis in the first place.

You cannot simply repeal strict banking regulations.legistlation. Why would one want to do that, unless of course they are up to no good?

There is overwhelming unequivocable evidence to show reasones why they tried to cover up their wrong doings. Had they not departed from the well-established Glass Steagall Act and Pre-1997 strict banking regulations which are Intrinsic Mandatory Banksters could not got away with their abuse. The Banksters were in possession of a Constructive NOTICE of strict banking regulations still on the statute book.

If Banksters want to gamble on Wall Street please use your own money but not with homeowners family homes in volatile markets. It is not your money you are putting at risk it is the homeowners homes you put at risk of repossession and homelessness.

When the USA and UK could.bailout the Banksters to the tune of hundreds of billions why not bail out the homeowners mortgage?

After all the Banksters caused the mess in the first place

You are being governed by financial terrorists CRIMINALS.

Look we don't know anything about the technology. Yes we know how create awareness program

A good documentary on yt to watch is called "The honors student who stole $7.5 million".

It's about a hacker team who stole Bitcoin with MILLIONS through sim swap & got CAUGHT.

I use Google Authenticator

easy to fix, but you will never get a phone company to go along with it

I would like you to make a shorter, simpler version of this video intended for older people (my parents!), so I could have them watch the video to educate them about this stuff.

First name: Do
Last name: Not
Address line 1: Share
Address line 2: Your
Phone number: Private
Email: Information
Mother's maiden name: Online

I have made certain that I am on so many watch lists and know enough people with direct access to government secrets/programs such that anyone who actually tries to disrupt the monitoring net around me will get a knock on their door.

My cage may not be golden, but I made sure it could be made big on a budget.

Humor aside, I have generally been suspicious of 2fa and I'm not the biggest fan of it. I've made use of it out of practicality a few times, but I have noticed that a lack of a desktop persistence in my life has made me far more likely to opt for convenience over security. I don't remember passwords nearly like I used to and the possibility of being somewhere completely different on a radically different set of hardware, needing access to the same systems... the phone number is, rationally, the common denominator that makes it easier to just reset passwords.

Consequences of a combination of military life, family financial/medical obliteration, and bouncing around at the bottom of the socioeconomic space for a decade or so.

What you think about using google voice for 2FA only or should I get a sim base for a second line for 2FA only

Maybe it is different in the U.S. but in Canada a number port which is what we call it when your number is moved to a new carrier requires confirmation and has security in place. If same carrier then that is just a sim swap. The swap with same carrier is easier to possible hack but porting requires account number or phone imei and most send a code to the phone in a text message asking to confirm swap from original sim card. So original sim in a phone is required normally it's just asking you to reply yes. So in less someone physically has your phone or at least your original sim in an other phone they are not going to be able to port in most cases. Maybe they could use social hacking which is just talking staff into overriding on their end but this is not likely.

I open a link I thought it's from a friend, I put my phone number. Now I cannot use my fb messenger normally anymore. Should I change my #?

You mentioned hacked databases. One way they try to do it is SQL injection. You would think that this would be impossible but the fact is many websites have vulnerable login pages. Don't try it though!! They may be watching for it and you may even get a friendly visit from a three letter agency and it won't be AAA coming to perform roadside assistance either!! I won't go into how it works since I am not only not going to help anyone do these things but I don't remember all of how it is done. Just know that if it is not your database or you don't have permission you are committing a crime that you can be prosecuted for. If you do try it I hope they throw the key away!!

Banking with emails... Forgotten passwords...🤔🤔

Since around 2000 banks in Finland has sent these laminated lists of one time codes.. usually ~100-200 at the time.. and automatically sent a new one.. whenever around 10-20 codes left

you could use those for money transfers, paying bills etc.. with your phone, way before smart phones was a thing..

Now days bank provides Small battery or solar powered device often with single button for one time codes...
i only need to remember 8+4 numbers.. numbers haven't changed in 25+ yrs

. i can use that device for identifying myself to app of bank..
Which I can use to accept payments and money transfers, do safe communication with banks more easily...

Also nowadays I can use that bank app or those one time codes..
to log in/identify myself, in all.. most official services....healthcare, education, postal services, pentions, welfare, courts,police, phone company, utilities,or wherever they would need to ID me "in real world"

Next year or one after... you can even vote online with it..
and since beginning of this year,
you can "download" official digital ID card to your phone for real world use (if you already have valid ID card)

2FA is issue only whenever I'm using services not hosted in Finland/ by Finnish company ...

At the moment I'm mostly doing my 2FA with prepaid mobile number, you can't have another sim card even if you want one.... Earliest someone may get same phone number.. is 1 year after i stop using it...
That sim is in a dummy phone without internet access.. and forced to stay in 3 or 4g network.. (which is safer what comes man in the middle attack,what comes to listening phone calls, not sure about effects on sms messages 🤔🤔)

I'm assume it's pretty safe option?🤔 Or should I still go for physical keys..🤔

From someone that has been hacked since covid I thank you for all this knowledge. I'm sharing to educate others. Thanks again!!

SS7

Wew where I'm living you must come in person though and bring valid identifications to request a sim card replacement along with police report if its missing. If its broken we must bring along the original sim card 😁
How can its so easy like that to acquire replacement?

My mobile service provider leaked my phone number and SIM card serial number. Does this increase the risk of SIM swapping? Any insight would be appreciated. Thank you!

HOW HILARIOUS - NOBODY EVER GOT HACKED ON A LANDLINE. We haven't advanced at all "they" have. This sucks, technology was a great idea. But for whom. Jeez.

I would like to know how much a brax phone costs and how to puchase it?

Awesome man
Keep it👍🏼

Great as usual! As you already know there are many more, some open sourced, 2fa apps!
I bought 3 different Yubi keys 4 years ago, and 2 were directly from Yubkey, and none of them worked! It's a great idea, if they work! Authy was TRASH, even tho I've used a Password manager, locked in a valult, Authy was junk!
There is Aegis Authenticator, so do you know about it's security? It does have... backup-restore features, for going to other devices!
There is an "open sourced" app FreeOTP that can be had without going to Googirl Play, but get it off of F-Droid which has a PGP Signature, to check the download before install!
But all that suggested. there is Bitwarden for all devices that has built in TOTP functionality, and BACK up for lost phones, laptops etc!
I be running ASOP... on my phone! And MintOS on my laptop, no more winders! LOL!

Again thank you ROB.. for your expert security vids!

👍👍

starts shopping for 2sim slot phones :)

Hang in there Rob I am listening and I am learning thank you keep up your good works sir

Golly they can get to us in so many ways. I never click on links in emails either. This holiday there have been a glut of 'postal' notification emails in the vein of parcel/package on its way...payment needed to release it from customs.. ETC this must be a goldmine for the scammers at Christmas because who knows what might have been sent as a gift from overseas...amd in the UK we do have to pay for release of some objects through customs. Luckily the email senders real address pops up on my computer if pointed at and shows either a string of nonsense or a gmail address or similar..

Can you give me a $ charge for an Annual Membership,
As I don't have any monthly payments ?
Thanks 👍

you forgot to have your carrier sim lock your phone number. Never do 2fa with text reset passwords

Verizon Tech Support has been pulling this stunt on people for many months now. Oh you qualify for a special promotion Offer to offset the inconvenience of your issue. All you have to do is except. You accept and guess what your phone stops working and your bank account gets strained thanks Verizon

I get knocked offline and reconnected immediately, and this happens quite often.. so I’m guessing my sim had been hacked-what should I do to fix this?

This happened in india , they don't check anything with identity, that's y this sim swap only will give missed call

In india bro this scam is going on