A New Kind Of Hack
Its relatively new – and someone from our Blue Heron family had it happen to them.
It’s called port hacking or sim spoofing. Literally all they need is your account number with your mobile provider to take over your phone number. Then if they have/can find your email address they can do a 2-factor authentication to reset that password to takeover your email, and then use that to takeover your other accounts.
This is the incident in their own words: “I missed the port notification text when it first came in but I was on the phone with Telus security within 30 minutes. By then the port had already gone through ON TWO PHONES on my account and they had already done password resets on my paypal, ebay, amazon, Airbnb and credit karma accounts…”
They are still waiting for a call-back from TELUS’s security team as they have only ever managed my account through the Telus app - so they are interested to hear their explanation for how someone might have gotten the account number.
Importantly - There IS a way to prevent this - you have to contact your provider and ASK them to put a port block on each line of your account. It prevents your number from being ported unless you call in and identify yourself to authorize the transfer, please do this if you haven’t already as this will prevent it happening.
Here are some links to a couple of news stories about this: