So with the onset of SIM swap attacks as well as numerous links over the year I wanted to start a discussion to talk about things that we as consumers can do to better protect ourselves. As well as I hope to share information and ideas to T-mobile to improve their security when it comes to our accouts.
For those of you who don’t know about the scam that has been going on a attacker will pretend to be you to get T-mobile to assign them a sim card with your number. It is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification in which the second factor or step is a text message or call placed to a mobile telephone. Think whenever a bank for example sends you the little 6 digit code to your phone to reset a password as a example.
I believe T-mobile should have measures in place that allow for a customer to require a instore visit as a pre-requiste before any kind of change like that can occur. T-mobile should also be sending updated alerts before any kind of change happens on the account to both the cell numbers on the account as well as the email address on file. These alerts should require approval before the change itself can actually go through. This would be far more full proof than just having a pin on the account and would prevent this scam from working as easily as it does.
Thankfully, this has not happened to me but it is concerning as T-mobile is really lacking in providing tools for consumers to secure themselves.