Re: Sim Swap Fraud

Well thank goodness for that. Only took 2 years of complaining!

Shame they only implemented the weakest possible form of 2FA, I.e. sms message, which is of course itself vulnerable to sim swap and other hacks. Would it have been too much to ask after all this time for them to support authenticator codes, webauthn with e.g. Yubikey, or even Passkeys? It is 2024 after all.

But no, crappy old SMS.  

---

@RonlWeasley wrote:

But no, crappy old SMS.  

---

One person's "crappy" SMS is another's "trusty" SMS.

SMS is a fairly standard method, accepted by financial institutions.

SIM-swap fraud is the very reason EE & other operators have very strict processes for replacement SIMs. There's several posts a week on here from users bemoaning the security attached to SIM replacements. I often wonder how much more vocal those users would be, if those processes were not adhered to & SIM-swaps were more open to abuse.

Your post is somewhat ironic in a thread where the original posters are sim swap victims!

The fact that some banks also have pitiful security measures, provides zero comfort. It’s just so lazy. I am not saying EE should mandate the use of an authenticator app for 2FA or passkeys or whatever. But to have the option would be nice, wouldn’t it.

The plain, objective fact is that as far as security methods go, 2FA with SMS is the least secure of any 2FA methods, and much less secure than passwordless with WebAuthn or Passkeys. I don’t know why anyone is so keen to defend what is a poor situation.

---

@RonlWeasley wrote:

Your post is somewhat ironic in a thread where the original posters are sim swap victims!

---

Your post was the first in this thread.

There is a balance to be struck between security & ease of access. I'm yet to see a reasoned argument as to why SMS is insecure, but am always open to persuasion.

Strict processes in place??  I am the victim of a swim swap fraud by EE.  I received an SMS from EE asking if I was speaking to an adviser.  I immediately rang them from my phone and informed them I was not, they noted this on my account, however, the scammer rang again around 30 minutes later obviously from a different number claiming the phone I had just rung from wasn't working and they issued them with a PAC code immediately over the phone.   The following day, some 16 hours later, I received an SMS saying my PAC code had been issued as requested (I never received the actual PAC code).  This 16 hour gap in sending an SMS to the actual number on the account gave the scammer time to activate the sim swap.  It's been a total nightmare for me.  I am in my 70s and not in the best of health with a husband undergoing cancer treatment.  Did EE care?  Not in the slightest, apparently, it was all my fault.  Can someone please explain this to me??

Please read my response above.   It appears from what I was told by EE security that, despite my ringing to warn them there might be someone trying to access my account and it being noted on my account, if that person rings again and manages to pass security, my warning has no bearing on anything, this is despite the scammer claiming the phone wasn't working yet I'd called EE from that very phone 30 minutes earlier.  You can't win with EE, they take no responsibility whatsoever for their actions.  If SMS worked, the scammer would never have been issued with a PAC code.  I cannot stress the impact that EE's actions have had on myself and my husband.  The only thing we got from EE was an offer of £50 compensation which, if we accepted, would mean we couldn't take any further action.  I'm sure I don't need to elaborate on what my response to this was!

Hi there @angryoap 

I am very sorry to hear you have been a victim of fraud at such a difficult time, and I understand what a stressful experience this can be.

When you called did our fraud team investigate the SIM swap and reverse this for you to get your number reinstated on EE? 

Did you open a complaint with our mobile guides or online and speak to our complaints team? 

You can view information on account takeover and advice on our Fighting Fraud, Help page.

Leanne. 

I reported it immediately and opened a complaint.  Yes I eventually got my number reinstated a few days later but not before the sim swap had been activated, therefore, allowing the scammer to take over my number.  It took EE some 16 hours to send me an SMS message saying a PAC code had been issued.   Had I been notified immediately, the sim swap could have been stopped before the scammer gained access to my number.   As mentioned in my previous posts I had notified EE that there may be fraudulent activity on my account some 30-40 minutes before they issued a PAC code to the scammer over the phone.  The scammer was obviously ringing from a completely different number.  I was put through to your 'Executive' Claims Department who were of little help.  Just offered me £50 compensation.  When I turned this down they issued me with a Deadlock Letter and, as far as they were concerned, that was the end of it.  Bearing in mind, as I've said, I am in my 70s and not in the best of health and my husband, whose phone was also on my account is, and was at the time, undergoing gruelling cancer treatment I felt we were treated appallingly by EE.