Idea to simple for complex unchecked levels at corporate

@@tombucannon because, like every other company in this country, they don't care. All they want is that bill paid each month and screw your and you security conserns.

as someone who works in phone retail, this could never work because we so often have people who lost our broke their device and don’t have a secondary security number/family member to call to verify

So that the one who stole your phone can cancel the swap?

It is not a stupid question

No. I don't care what they do, you will NEVER be safe from a SIM swap. As long as your security key is controlled by a 3rd party you are vulnerable. The fault is ANY company that forces use of SMS a a factor for MFA. It's insane that SMS is used for this. The only secure way of dealing with things is hardware keys, auth apps or passkeys. SMS should be thrown in the rubbish bin for any form of security. It was meant to send quick personal messages between people who know each other, that's what it should remain doin.

Or call your banker. Nevermind, most of my employees love no banking personalization.

How can u avoid getting scammed by sim swap? DO NOT MAKE BANK BUSINESS THROUGH PHONE APP!!!! I do my bank business on my lap top at home through bank internet page and bank codes. There is nothing that can not wait to get paid until u get home and nobody can access my bank account without my pin number and bank codes, even thou i receive an sms to confirm transactions.

@@bambinaforever1402 Sure. Now, how about most banks in my country that only offer SMS as a 2FA? There are no 'bank codes', it's SMS or nothing. And no, this has nothing to do with using a phone app, logging in on the web is exactly the same process. Yes, our banks are stupid bad for security.

@@repatch43 Bank of America uses SMS text as 2FA, which is the ONLY 2FA that they support. A major bank... and that's their ONLY option....

In my case, my exboyfriend did just that. He physically went into the store in another state claiming he wanted to port his number to his new phone, but it was my phone number. Fortunately, for me, we had the same carrier who pulled up the number he gave them, saw a female name on the account and called me and left a message on my voicemail. I, of course, called them back immediately and told them I had ended our relationship because I caught him steaming open all my mail while I was out of the country for 6 weeks going to school abroad in Paris. He offered to take care of my dog while I was out of the country (so he could go through all my mail and computers while I was away). Seriously. This was a man who treated me so well, was kind to my dog, and who never showed any signs of jealousy, rage, or violence toward me (or anyone). It just goes to show you that some people are extremely accomplished at being two-faced to the point of it being nearly undetectable. This was a highly intelligent man, who was moving to Cambridge, MA to attend MIT b-school, and it was there that he tried to port my number to his new phone AFTER I had caught him steaming open my mail and cut all contact with him and told him to never contact me via any form of communication again ever. He was such a seemingly nice, kind, generous man you would never suspect of anything like this, but that was just who he pretended to be when he was with me. He was living a kind of double persona around his friend group. His last words to me as I was escorting him out of my apartment building were, "I've never know anyone who is as honest as you are." I told him to remember that when someone else betrays him, how he treated the most honest person he had ever known in his lifetime." He hung his head and left quietly. Two months later, he tried to port my phone number and sim card to his phone on the other side of the US. Only the carrier calling my voicemail and leaving me a message saved him from being successful at it.

The don't require it to vote. Also they won't require it to transfer because people are lazy.

The guy at the store is in on it. He is buddies with the thief and orchestrating everything.

That is how it is done here. Finland. The country with the first operational GSM network.

@@fdllicks Yes, and next the person, who issued the change, faces some interesting questions. Simple.

Usually, the guy at the store is in on it.

Bottom line I have a cheap prepaid phone. I was already scammed.

@@Maria-fz1muu do not need to have a cheap phone to have a prepaid sim card. I have an expensive iphone with prepaid UNREGISTERED card

How would it have the same number if your phone still work?

@@fdllicksYep and it is groups and clubs. Need to go a little deeper with police work and really see who these people are working for. It’s not hard and I will not say it here. Groups and Clubs have changed. Not so much the burly dude anymore. Now it’s sending out people in the Suburbs to steal. Should be charged with Domestic Terrorism. I wouldn’t trust anyone especially in or near your home or phone . Turn Numbers Lock on and get off WIFI. Be careful at the Bits By store and the Tweak Squad . It is Rampant. (Not all but more than you think and can imagine).

You can still increase protection by removing sms 2fa from sensitive accounts, instead relying on 2fa authentication apps on a biometrically secured phone.

Until security is tightened on the SS7 protocols your data is open to interception anyway. Just don't use SMS for 2FA.

I wish they were.

Phone companies are not providing secure services to those paying the monthly talk and text bill and should be held accountable as they know from the get-go the consumer is NOT secure!!!!! The end users are not technically savvy and expected to figure this stuff out is ridiculous!!

This!!!

As it should be!!!

EU is always lightyears ahead of US/Can in these things.

That is a bummer. If your phone is stolen or got destroyed together with sim card how is that possible

​@@bambinaforever1402no problem...ur id is stored at the company ..its easy to check if you are you ( passport, loss report from.police,puk code ) and all in person...

I was called by a tmobile store in brooklyn ny bcz a 19 yr old walked in with a completely legit looking drivers license with my name on it. They were suspicious bcz he was 19 and i am 51. also, their buddy works at the store and is orchestrating everything. Their buddy at the store is in on it.

My carrier tracfone doesn't require a security word . Confusing

Video is useless with the level fairly cheap AI can produce. It might work for a few month but soon AI will be able to produce on demand responses in real time. In person or bust imo.

2FA via SMS can be intercepted anyway. Don't use SMS for 2FA.

​@@fdllicks I thought this was the case. Inside job.

I have a hard enough time remembering the real answers let alone made up ones.

That’s a good idea

Yes, because lots of information about you is available on public records. One common question is, in what city were you married. They can find the answer but if you give the wrong city as your answer, even if they know the right answer it will be wrong.

Been doing that since the first time lol. I treat them as passwords and whatever the question is I just enter a 20 digit hard af password.

I started doing this after yahoo email was hacked, and I couldn't remember which security questions I'd answered (yahoo required them), and stupid yahoo gave no record of that.. At least there seems to be little use of security questions anymore.

Doesn't help. Inside jobs that are hard to trace. One employee steals another's credentials etc. Can also easily infect some store location with malware.

@@Fatman305 It would help because SIM scams are not always an inside job. Scammers want to avoid security cameras and avoid leaving evidence (DNA).

Then that's easy. You can sue the carrier directly if that happens.

@@dodgek5270 Happens all the time already, and a guy lost millions in crypto and *lost* a lawsuit against att for this exact scenario. Carriers aren't responsible for sophisticated criminal employees that strike without warning...

100% Our phones aren't toys. It should be harder to swap sims than to get a passport ffs! Hell you should have to bring a witness, who has ID as well, that is pre listed on your phone account.

That’s y scammers use an rdp server and link it to ur ip so it looks like the mobile call is coming from the residence u stay in

​@@EMERBRUHare you brain dead? He said PHYSICAL. What's that got to do with an RDP server?

In America, our representatives do not work for us. This is why were the only 1st world power without national health and so much more.

You are not bright. Maybe rewatch video 10x to understand how it works

hint: no sim = no sim swap. i bank all over the world without a phone number tied to a sim.

It is not "training". The guy working at the store is in on it.

@@fdllicks Not talking about the store, talking about customer service. The vid talked about them being the weakest link and insufficient training.

But they're also low paid (and relatively numerous) and thus, low in quality. And quality costs money. We all want vast numbers of top quality people on the job until we realize how much that'll cost us. Large numbers of highly trained, high quality employees are not cheap, and you have to recruit and retain them, too. Millions in advertising is actually quite cheap, by comparison, and unlike customer service, ads generate revenue- which in turn could be used to improve customer service.

@@BologneyT yep, when your paycheck doesnt cover the bills, and you start thinking. And your buddy comes to you and asks you to help him with a sim card swap for$100. You look at your tiny paycheck, and tmobile says "we arent paying you for lunch anymore", and "come in at 11 instead of 9", it is tempting.

Good thinking !

Ok so I presume that for Sim swapping you at least need to give them your number?

That is good advice. My wife's phone has space for two SIM cards. So, she could do that with just one physical phone.

yup

@@CzechShooter nope. the real solution is a phone number not tied to a sim.

lolz try a phone number not tied to sim....much safer.

you can get a phone number not tied to a sim.

The weakest link is the 1970s protocols that underpin mobile signals data. SS7 was outed to the world nearly ten years ago, and security is no tighter than it was, other than the employees with access being less open to bribes, and perhaps their access more tightly monitored when using certain parts of the system.

have a second SIM for just the 2FA ... easy

Interesting idea. Thanks for sharing.

I like this idea

Who do you buy your pre-paid SIM from?

They use "e-sims". Most phones the last few years have both types.

Without sim card is also a thing. The slot stays empty and phone runs on wifi. America runs on Dunkin and my smartphone runs on wifi

@@ElaineGarcia-uo8qj lolz you are the only person that gets it. no sim = no sim swap. People always overlook the simple for the complex. I travel the world with no sim and log in with vpn. never a problem.

Exactly. I feel the same about antivirus software.

Oooh, The Net is one of my favorite movies! Not one of my security question answers. lol

Yeah, ok . They invented sim swapping. Right, smart guy

That's a great way to do it, Michael. Most major banks I know don't allow for a 2FA key, but there are smaller online banks (such as Mercury) that do offer the option to secure with a Yubikey.

@@AllThingsSecured Thank you so much ❤

I was SIM swapped last week by a person physically in the store with a fake ID. T Mobile didn't require a pin or anything since they had a fake ID. You're not safe with that plan.

@@mattshaul5670 that is what just happened to me today, it was super scary!

@@AllThingsSecured Excuse me, what do you mean by 'DON'T ALLOW'? In Europe, 2FA is a minimum requirement meanwhile for log in as well as for transactions.

you have to give them PIN number before they can give you new SiM card - and only the owner would know PIN to his own SIM

Haha I get that! It's one less thing to remember. But if you really want one, go SMH less. Buy just the device, do not install the pesky card 💳 (sometimes they come without. Hooray!) Then just use the phone like a mobile computer with wifi Source: that's what I do+

my banks are tied to my devices. i have no sim and use vpn. I sleep just fine at night and never have a problem logging in.

I’m glad it was useful!

How does SIM Pin prevent the swap? The explanation I read on forums is that it only prevents the physical SIM from being used on a different device

​@@alejandragonzalezguel900False sense of security is a wonderful thing... In real life, the risk is from an insider at the cell carrier, or malware infected store computers... Neither of those is likely to happen to a bank. Hence: use a secret sim only with banks...and realize that whenever a human looks at your account, your secret # is less a secret - so do everything on mobile app, secured by biometrics and an extra security app that adds PIN to that, in case phone is stolen. That's what I do...

Too late. They already drained your accounts by the time you figure it out. Also, the guy at the store is in on it.

@@fdllicks yes- the guy in the store that you RANDOMLY picked is 'in on it'. ??? Also- I'm saying to make it a REQUIREMENT that all sim swaps need to be done at the brick & mortar to begin with- not after the fact.

@@lynskyrd This happened 4x to me. Each time the store the fake sim card was sold in was in another state. Twice, it was in Brooklyn NY, where i have never been. Did this happen to you? If not, shut up. Talk about things you have experience with.

@@fdllicks okay- first off, the fact that you got scammed 4x doesn’t make you an authority on the subject- if anything, it just proves you’re either stupid or careless- take your pick. So with that said- let me try this ONE more time: in order to fall victim to this SIM swap- a few things have to ‘line-up’-- the victim would have to have somehow divulged specific information about one’s self- this is usually done through social engineering scams such as “you received a UPS package- please click this link to verify address” - that type of thing. The other piece that has to be in place is - sure- there might be an ‘inside man’ at the Verizon or AT&T store; but that’s traceable provided due diligence is followed. What I’m suggesting is that unilaterally, Verizon, AT&T, T-Mobile, etc enact an across the board policy that only permits SIM swaps at the brick & mortar in which, positive proof of ID must be demonstrated. This includes picture ID, utility bills and past cell phone bills. There is NO WAY a SIM can be stolen this way. OK - I’ll ‘shut-up’ now because I’m done with this- listen-don’t listen- I don't care.

and the old sim... if possible

this clown is a shill selling useless garbage that is not needed.

1000 bucks a year ! Who can afford that in today's world with prices of basics like food etc getting more and more unaffordable ?!

I agree. I have a hard time remembering the real answer let alone the fake one I came up with two years ago.

@@SurfCityBill Same here. I have a hard time even remembering if I capitalized the first word or not.

@@SurfCityBill Another variation of this that could work is, your answer to those questions is a random phrase or word that you use, which has nothing to do with the question. "Name of favorite pet?" = whatchamcallitphrase. "Name of favorite teacher?" = whatchamacallitphrase, etc...

Or just answer with the 2nd of whatever instead of the first. First street you lived on? Give the 2nd or 3rd or something you will remember. If your memory sucks so bad you can't do that. Work on your memory. If you are unwilling or too lazy to yo do that; get a digital password vault that you keep at home. But really, just spend less time scrolling and more time working on your memory. You will be way better off developing your brain, rather than rotting it away on social media.

@@borrago answering the second question is a good idea, but I don't know where you get the idea that I spend all my time on social media. Some people have short term memory problems that are not self-inflicted.

Oh goodness. If you’re balking at $99/mo, then the service definitely isn’t designed for you.

I had just subscribed...then I saw his rude snarky reply. Notice he didn't answer the question. This is a thinly veiled infomercial. During times of exponential inflation and the tail end of a pandemic that devastated the economy, $100 is DEFINITELY something to balk at. This guy's disgusting.

@@SpecsAppeal agreed. If they were t going to answer the question they could of left out the rude response. Let’s not forget everyone isn’t as fortunate as this guy. $100 might be nothing to you but to some that’s money that goes toward rent.

@@Ricoxsuav3hh he’s def getting like $10 per haha, but def agree man’s was just asking a question after being surprised at the cost of the service, no need to be rude Man’s acting like he was working at a restaurant, saw young people ask why the steak is over $50 and told them that’s why cheap people need to eat at cheaper places

@@AllThingsSecuredso you don't want more subscribers. Nice.

Thank you for that. I feel a little better about this, after reading what you said. It makes sense to me.

That sounds terrible. I'm sorry.

Authy is only sim based when you set it up the first time. Set up Authy on multiple devices, and then turn off multi device. No one can use Authy on a new device unless you enable multi device for setting up a new device.

@@mementomori29231interesting…need more info on multi-auth

You can put a 4 digit lock code on your SIM which prevents it being used in another phone or indeed your own phone until you've entered it on turning on the phone but it wouldn't prevent the SIM swap fraud being discussed because the fraudster gets hold of another SIM which replaces yours

The really hilarious part in all of this. Most all countries not in the western world have better banking security. A price to pay for having prehistoric politicans running the country.

Sounds like y'all are really ahead of the game there

Yes change it

Feel free. I will caution people that it’s very easy to get locked out of your SIM if you do it wrong, though.

@@AllThingsSecured yes absolutely.

@@AllThingsSecuredCould you recommend a similar phone product that people reside in Canada can use?

Not true. Many accounts use phone numbers as a bailout if you forget your password. They send you a code and give you access.

@@AllThingsSecured Yes, but It is still the same question... they do not have your phone to get the account number. They only have your new sim which gives them your phone number. So the first data breach had to happen another way.

@@rtel123wonder if the cloud backup gives them access to usernames?

My pleasure!

If the SIM swap attacker pretends to be you and says they forgot their password, they can potentially reset your password if they know whatever basic personal info the bank also demands (username, account number, SSN, etc.). SMS 2FA can actually be worse than no 2FA, because they would never be able to do this with an account protected only by your password. The easiest solution is to keep a VoIP number on file at your bank instead of your real phone number. However, not all banks accept VoIP numbers, so this can narrow your options. It would be great if they allowed TOTP 2FA with an authenticator app (while also allowing SMS to be disabled as an option), but I don't know of a bank in the US that does.

That’s what I’ve been saying…the victim will appreciate the due diligence. The criminal won’t.

wrong info to get you to buy something would be more accurate.

This video explained "shitt" haha

lock your google account behind a physical key. google advanced security is most secure way to go. Google voice, physical key, vpn and now you are locked down. no sim = no sim swap and your passwords are locked behind a physical key. Never associate a sim phone number to a financial account again.

lolwut? you can pay all bills online overseas.

With AI voice cloning, that's not very good security.. Also what happens if the person calls while they're sick and their voice sounds different?

why would you have a lot of money tied up in foreign currency? you running a business?

@@islandhopper100 Not quite sure where that came from grasshopper, unless watching too many movies

@@JohnDeat-w8h i seem to have developed a knack for replying to the wrong comments.