VANCOUVER -- A West Vancouver police officer is warning the public about a new SIM card scam that nearly cost him thousands of dollars after he was recently targeted.
Const. Kevin Goodmurphy said he received a text message from his cellphone carrier last Tuesday, which said his phone number was in the process of being moved to another provider. It also advised him to contact his carrier immediately if he wasn't the person who was attempting to make the change. His service had been disconnected, so he couldn't even use his own phone to place the call.
"I knew right away that my phone had likely been compromised," he said.
Goodmurphy then opened his online banking app and noticed that tens of thousands of dollars had been moved out of his accounts in both cash and credit. He was able to phone his bank and freeze the transaction, so fortunately he did not lose any money.
"I can tell you this is the first time I've been targeted in something like this and it's a very helpless feeling to begin with," he said. "And until you can figure out what exactly is happening, it's quite frightening when you open up your banking app and you see a bunch of zeroes in your account balance."
The scam is known as "SIM swapping," and it involves fraudsters moving or "porting" your phone number to a new device and then gaining access to your personal information through apps and other data. The scammers download various apps for social media, email or online banking and exploit the two-factor authentication setting by hitting the "forgot password" button. The fraudsters can reset your password for the apps using the verification code that's sent to them on the new device and not you.
"Unfortunately I think in this case, they’re sort of exploiting a vulnerable area," said Goodmurphy. "It’s not really that sophisticated."
West Vancouver police said there are ways to protect yourself from the scam, including keeping personal information off of social media, not answering phishing emails or text messages that ask you to confirm a password or update account information, and using an offline password manager.
"We encourage people to take an extra few minutes to make those phone calls, whether it’s to your cellphone provider to have those conversations about extra port protection or perhaps looking into the security settings on the apps that you do use," said Goodmurphy. "If you don’t want to use that two-factor authentication on your apps, then perhaps it’s maybe looking into changing how that’s done and maybe removing your phone number from those apps or websites that you’re using."
Police also suggest contacting your provider about additional security protections that might be available and calling your cellphone carrier immediately if you lose mobile service on your device.