Solved

Fraudulent activity by a TMobile employee switching my SIM # to a new device to steal funds

  • 22 January 2020
  • 8 replies
  • 2715 views

Hello,

Sorry for the long post to follow.

Here is what happened to me recently. On Sunday 1/19/2020 around 2:30pm, I noticed that I lost T-Mobile network connection. Everybody around me, including those with T-Mobile network were fine, with 4-5 signal bars. I assumed it was a phone/setting issue, rebooted the phone, reset the network setting, but nothing. Removing the SIM and re-entering did nothing either. I decided to turn off my phone for a little bit then an hour later, when I turned it on, I still had the same issue, WIFI was working though. I decided to try my friend’s SIM to see if it was a phone issue or SIM and network connection came back so it was a SIM issue. I decided to call TMobile with my friend’s phone that evening and they were able to reactivate my phone. I asked them what happened and they said that they were not sure, most likely a glitch.

Fast forward to Tuesday morning 1/21/2020 at 4am (I wake up early), I checked my bank account and see that there was a unauthorized transfer from my bank to my coinbase (a site where you trade cryptocurrency). I immediately tried to logon to coinbase but my logon and pw were not working. I set up a 2steps verification for coinbase where you also need to receive a text to your phone and enter the code before you can successfully login to the site.

It was at that point that I realized what happened. Someone had taken over my SIM that Sunday so that they could receive the text verification. After I called my bank to dispute the charge, after I called coinbase to lock my account, I started to do some research online which confirmed that the SIM hacking was a real thing but they said that someone would have to call the phone company and impersonate me, and know my 6 digit password in order to make any change to the account. I immediately called Tmobile to find out if that was the case. The rep told me that she only saw my calls requesting to reactivate my phone and that no one else called. She then said that there was only a “Follow-up” showing on my account that day. I asked what a “Follow-up” was and she said it was when the customer opens a case and that a rep goes back into the account later to follow-up. It was at that point that she realized that the rep switch my SIM to another device. She immediately raised the issue of fraud, asked me to hold then went to talk to a supervisor. She came back saying that a fraud case has been opened and that they will investigate. As for me, I had nothing to worry about and that they added some extra protection on my account so that it never happens again. But that that was it and I would have to deal with the banks to get my money back.

I spend the rest of the day checking my credit, changing all my passwords, adding a red flag to my 3 credit reports, then this morning, found out that another $2500 has been transferred out of one of my account. The banks were fine to deal with and said they will dispute the charges but I have to wait for the inquiry and a determination will be made after. On the other hand, the crypto website coinbase, told me that I was on my own and that they only insured the lost money if their entire site was hacked and said that I should have protected my account better.

I called TMobile right after to inquire if they had a fraud team or legal team I could talk to but the only thing I received was the following address: Tmobile wireless legal department

12920 South East 38th street

Bellevue Washington  98006

It has been a nightmare for the last 2 days, the level of stress is out of control and all I get from T-Mobile is a sorry but that’s all we can do.

So the question is, isn’t T-Mobile responsible for this given that it was an employee who did this?

Note: I am assuming only an employee would have access to their system unless their whole system got hacked and that would be a bigger issue…

I only know it was someone with access to the Tmobile system because the rep on the phone told me.

But even if it was someone impersonating me without my 6 digit code (unique password that I use for TMobile by the way, not written down anywhere and that nobody knows), how would they be able to request to move my SIM info to a new device without a misstep from someone given that they don’t have the password to the account?

Sorry for the long post. Hopefully someone from Tmobile will read this and can provide me assistance.

Thanks,

Khoi

Note: If your phone suddenly loses cellular network and everybody around you on the same network are fine, remember to call your cell phone provided immediately to avoid what happened to me.

icon

Best answer by tmo_amanda 27 January 2020, 16:47

Gosh, that's a nightmare of a situation especially considering you may not be able to get those funds back from coinbase. I know that with every day passing you need more answers. Unfortunately, this is a situation that only our fraud team can handle. I hate to repeat the same info you've been given multiple times, but we have to allow the fraud department to research what exactly happened which will determine the outcome.

View original

8 replies

Update:

I also posted on the Tmobile facebook page and received a response. I responded as well (edited to remove the rep last name. Not sure if he would want me to post his name).

TMobile rep:

"Hello. Thanks for reaching out to T-Force. You depend on your cellphone to stay connected to all that is important to you. At T-Mobile we take account security and privacy very seriously. You did all the right things by contacting your bank, credit agencies, and us to let tell us what happened. When this type of thing happens with a T-Mobile account there are a number of possibilities or causes. The good thing is that a fraud case has been opened with your account. Our fraud team will be able to investigate the changes made on your account to determine exactly what happened and take the necessary steps for anyone involved. We're not able to discuss the exact details like names or locations found on the account as it's an internal process. Our fraud team will contact you if they need any additional information directly. From here you'll want to continue working with your bank and other accounts to get things back to normal and keep them secured. If you would like to speak with someone in our fraud team or have more questions I would encourage you to send a written response to the address you were given. Be sure to include your full name, phone number and any relevant account details so they can respond correctly. Here in T-Force we're your total one stop shop for all things Magenta. We have access to the same information and details as our Customer Care team does, but you can work with us at your own pace instead of having to be on the phone. Give me a holler if you have any other questions we can assist with. T-Force is always standing by! "

Me:

"The problem is Nathan is I barely slept for the last 2 days, my coinbase asset are most likely gone since they are not insured. All I got from tmobile was what you just said. "Sorry and work with your bank".Given that it was an internal issue and that my account was compromised because of tmobile, I would hope that tmobile would step up and help me retrieve the funds that I lost."

TMobile rep:

"I completely understand where you're coming from. These types of situations can take up a lot of your time getting everything straightened out. T-Mobile does everything possible to keep your account and connection secured. We also recommend setting up 2-step authentication with your account and using a strong My T-Mobile password that is different from any of your other accounts. I hear you that this has caused stress and caused you to lose money from your bank accounts. I'm truly sorry that this happened and I hope that none of our customers have to go through this. To be transparent, T-Mobile would not be able to help you retrieve or replace the funds that were lost. We can only recommend that you continue working with your bank to file this as a fraud claim and have them investigate. If you have any additional questions or concerns about your fraud case I would strongly encourage you to make a submission in writing to the fraud address you were provided. They will be better able to explain any details and provide you guidance on next steps or information."

I am just hoping to read some opinion/advice because I really don't know what else to do at this point.

Userlevel 5

Gosh, that's a nightmare of a situation especially considering you may not be able to get those funds back from coinbase. I know that with every day passing you need more answers. Unfortunately, this is a situation that only our fraud team can handle. I hate to repeat the same info you've been given multiple times, but we have to allow the fraud department to research what exactly happened which will determine the outcome.

Hey Aznfrenchboyca, this just happen to me 2 days ago. I lost network for about 10-15 minutes and got my signal back. I didn't know what happen till the next day after I did some more searching. Look in your deleted emails and restore any deleted emails. You will find all the details password being changed and transactions from CoinBase. They hacked by switching SIM and getting the text to reset your email account. Once the got in, they were able to reset your password for CoinBase and get pass the 2FA when they had your cellphone number.

I also called Tmobile to verify my SIM was switched and was switched back after 10-15minutes. They also told me it was a glitch. I have a PIN Setup too but they were able to bypass that somehow. I asked how did they switch it and they said it was in store and a tech may have accidently switched it. Seems like this is very well coordinated scheme by a Tmobile employee or someone with Tmobile account access. It took them less than 15minutes to switch SIM, reset/change my email password with phone number, reset/change CoinBase password. Then get money out from CoinBase. I removed my banking info from CoinBase. It is not secure enough to keep it on there.

the IP address logged to change my password is 141.98.25.168 and it's from the United Kingdom. I wonder if it's the same people since I got hacked only a few weeks from yours.

Hi K-T,

Sorry it happened to you too. I tracked the IP down and mine was from Toronto Canada. I'm sure they used a VPN to reroute and hide their IP though. The case is still open with my bank. They temporarily credited my account the $2500 I lost but have not made a final determination yet. As for the money I lost from coinbase, coinbase told me I was out of luck, that they did not get hacked so the money would not be insured. I hope you didn't lose too much from coinbase.

I spoke to some FBI cybercrime office and the guy told me straight forward that nobody would do anything unless I lost thousands of dollars.

Luckily I kept most of my crypot assets elswhere and only lost a few hundreds from coinbase. T-Mobile eventually covered that lost for me.

Same happened  to me last night but i was able to stop the attack before they got the funds. this is really bad for tmobile since I just traded my phone for a new one and this happened. this is an inside job for sure since have access to change the sim.

Thanks,

AM

dragon1562 is trying to keep up the discussion, via the link posted below.. There’s several different threads regarding SIM swap attacks.. I feel it’s kind of clear that scammers are either taking advantage of the pandemic or taking the risks because of it. 
https://community.t-mobile.com/accounts-services-4/sim-swap-vulnerabilities-2fa-risks-31971

I’m thinking of starting a kind of survey where users could share their experiences and perhaps see if there’s a bigger picture or more common denominators. I’m a web developer so form applications and charts are my thing.

 

Hello,

I am one of the employees at T-mobile (joined last month on 12/7/2020), Today (1/19/2021) while I was working in the store I got a call from a guy who claimed that He is speaking from the T-Mobile service department and that they are just checking if the system is working properly, The guy knew everything about T-Mobile systems (REMO, Tapestry, Quikview, etc) and so I thought that he’s really someone who is calling from T-Mobile, He told me to go to Tapestry and gave me some numbers and asked me to swap the sim number on those accounts, I did around 4 accounts (he gave me the sim numbers) and after that when I told the manager about it He told me that it was a fraud call and asked me to hang up. We have already reported to higher officials at T-Mobile but now I am scared that I might get fired for this mistake. I know we are not supposed to do any changes to the account over the phone but the guy on the phone knew everything about T-Mobile and I really thought that he is someone calling from the T-Mobile service department when I searched it on Google I found out that many employees have been fooled by this team of scammers and today I also became their victim, also costumers who got affected or whose sim was swapped it was not done intentionally but because new employees like me were tricked into doing this.

I just wanted to deal with T-Mobile and they already gave me hard time before I start! a guy his name John , who I couldn’t understand his accent! got all of my information including social security, we talked 2 days before trying to activate prepaid esim on Apple Watch but it didn’t work out then he advised me to switch to postpaid and to create Apple Watch account for me and pay monthly $20 I accepted that, then he started to ask about my information and when we got to the social security number I told him I don’t feel comfortable to do so online, let me think about it and you can call me in 2 days, he called today and I gave him all the information and the credit card information then for some reason we got disconnected, he never called back And I tried 10 times so far with customer service to know what happened or at least to transfer me to any supervisor but it likes talking in well, you hear yourself and the other side doesn’t understand you and you don’t understand him, I believe the customer service is not on USA it’s in India and communication sometimes goes to dead end, ending up for the customer service representative to pretend that he is not online and them disconnect you, it’s very frustrating! all what they know is to keep transferring you from one to one and no one can help 

really sad !!!!!

Reply