Phone Port out scam? Is this a problem in Canada?

**ExtraSlow** · 03-05-2020, 04:23 PM

seeing breathless facebook posts about this, don't know if it's a legit concern. How big a deal are phone port out scams, and if they are real, how do you govern yourself accordingly?

**roopi** · 03-05-2020, 04:25 PM

https://www.cbc.ca/news/canada/saska...scam-1.5443580

**AndyL** · 03-05-2020, 04:41 PM

Unless you have a particularly valuable social media account... It's unlikely to be an issue.

The only one I know who's mentioned issues with it has a ridiculous number of FB, IG, YouTube and twitter followers. Chinese manufacturers are regularly trying to buy his pages - I don't think that applies to most of us.

**colsankey** · 03-05-2020, 04:44 PM

Lots of people have apps and services tied to a basic 2 factor authentication like a text message to your phone. I think this can affect a lot more people than just insta-celebs.

**shadowz** · 03-05-2020, 04:51 PM

Originally Posted by colsankey

This quote is hidden because you are ignoring this member. Show Quote

Lots of people have apps and services tied to a basic 2 factor authentication like a text message to your phone. I think this can affect a lot more people than just insta-celebs.

Yup happened to my buddy, and then they used his phone number for MFA to send a bunch of money to another account through Paypal

**Thaco** · 03-05-2020, 05:07 PM

don't use text MFA, use an authenticator app or a physical authenticator fob, problem solved.

**pheoxs** · 03-05-2020, 05:08 PM

They would need to have already compromised your actual account though in addition to this.

From the article they got access to the families email as well. So with that then you could easily garner personal info (addresses, phone numbers, etc from receipts) and then they did the port out.

At the end of the day .... use different passwords for everything and never use your password on phishing or sketchy sites.

Originally Posted by Thaco

This quote is hidden because you are ignoring this member. Show Quote

don't use text MFA, use an authenticator app or a physical authenticator fob, problem solved.

Yup ^

**ExtraSlow** · 03-05-2020, 06:03 PM

Funny, text MFA is used by some supposedly high security systems, like the department of homeland security trusted traveller system, for instance.

**MR2-3SGTE** · 03-06-2020, 08:59 AM

All the port out scams I've read about have been with Roger's. I believe with telus you can lock the account so that it requires you to go in person to a telus store to swap a SIM. You can also set a 4 digit pin on the account that needs to be said to the phone representative before theyll help you

**Thaco** · 03-06-2020, 09:59 AM

Originally Posted by MR2-3SGTE

This quote is hidden because you are ignoring this member. Show Quote

All the port out scams I've read about have been with Roger's. I believe with telus you can lock the account so that it requires you to go in person to a telus store to swap a SIM. You can also set a 4 digit pin on the account that needs to be said to the phone representative before theyll help you

yeah the problem with a lot of these (not necessarily Canada) but if you don't have the pin or whatever, they will ask other verification questions, each one easier, until you finally get something right and that's good enough

**Xtrema** · 03-06-2020, 10:48 AM

Originally Posted by MR2-3SGTE

This quote is hidden because you are ignoring this member. Show Quote

All the port out scams I've read about have been with Roger's. I believe with telus you can lock the account so that it requires you to go in person to a telus store to swap a SIM. You can also set a 4 digit pin on the account that needs to be said to the phone representative before theyll help you

The problem isn't security isn't in place. It's that it can be by-passed by resellers/staff who hopes to get commission on a new line or new phone. I'm not sure if more work was in place to combat this now. But I remember I could get a new sim with just an ID to prove I'm owner of the account in the past. Now it seems I need an idea AND an text from provider on my existing line in order to get a new SIM.

If you life is tied around you Google account, you can apply for Advanced Protection Program. But not all apps or device will work with it.
https://support.google.com/accounts/...DAndroid&hl=en

But that way, someone will have to steal the physical key from you before they can access your account from an untrusted device.

**rage2** · 03-06-2020, 10:58 AM

Originally Posted by ExtraSlow

This quote is hidden because you are ignoring this member. Show Quote

Funny, text MFA is used by some supposedly high security systems, like the department of homeland security trusted traveller system, for instance.

This. Standalone authenticators just aren't available for so many systems with the most sensitive data. TXT only.

**Swank** · 03-06-2020, 11:19 AM

Originally Posted by Thaco

This quote is hidden because you are ignoring this member. Show Quote

don't use text MFA, use an authenticator app or a physical authenticator fob, problem solved.

This is good to know, got some important stuff changed over to the app, as usual banks are still way behind and some only allow text only (or nothing at all)

**Thaco** · 03-06-2020, 11:43 AM

Originally Posted by Swank

This quote is hidden because you are ignoring this member. Show Quote

This is good to know, got some important stuff changed over to the app, as usual banks are still way behind and some only allow text only (or nothing at all)

as long as you use unique passwords it's not really a huge deal, especially for your sensitive stuff, i use Lastpass, i dont even know what my password is for 90% of things, it's just a randomly generated string that is provided by lastpass... i'd say this is arguably more secure than MFA anyway

**ExtraSlow** · 03-06-2020, 11:54 AM

Originally Posted by Thaco

This quote is hidden because you are ignoring this member. Show Quote

as long as you use unique passwords it's not really a huge deal, especially for your sensitive stuff, i use Lastpass, i dont even know what my password is for 90% of things, it's just a randomly generated string that is provided by lastpass... i'd say this is arguably more secure than MFA anyway

I use Lastpass for most things, but I'm paranoid, so I have memorized a strong password for my banking that isn't saved to Lastpass.

**Swank** · 03-06-2020, 12:44 PM

I definitely use strong unique passwords on everything so I'm not overly concerned. One thing I don't get about password managers is aren't they an 'all eggs in one basket' risk? If you lose your access for any reason or someone compromises it wouldn't you be extremely screwed, like more so than if you kept different passwords in a few places? Sorry if this is a bit off-topic OP ES.

**Thaco** · 03-06-2020, 02:34 PM

Originally Posted by Swank

This quote is hidden because you are ignoring this member. Show Quote

I definitely use strong unique passwords on everything so I'm not overly concerned. One thing I don't get about password managers is aren't they an 'all eggs in one basket' risk? If you lose your access for any reason or someone compromises it wouldn't you be extremely screwed, like more so than if you kept different passwords in a few places? Sorry if this is a bit off-topic OP ES.

well your password manager password definitely should be the most secure password you have,

Also the password managers have alternative means for unlocking your account if you somehow forget the password or have some other issue, but it cant be comprmised by human error, even their customer service cant reset the password, you have to jump through a bunch of hoops like logging in from a previously known computer/browser/device, and using sms MFA or secondary email MFA that you should have previously set up.

if you cant do those things, you could easily lose access to your account and lose everything, but there is an export feature that should be used on occasion and put on an encryped hard drive for exactly this reason

**Swank** · 03-06-2020, 02:53 PM

^ great explanation and much appreciated, I've been putting off moving to a PW manager for too long, this info is the kick in the ass I might need.

**ExtraSlow** · 03-11-2020, 12:36 PM

Regarding Public Mobile, this is thier policy for this issue. I don't know if this is better or worse than anywhere else. If anyone requests to port out your number, they automatically and instantly send a text to that number with the following message:

"Hey, it’s Public Mobile. We received a request to cancel your account and transfer your phone number to another carrier. If you requested the transfer, no action is required. If you did not make this request, please immediately open our chatbot via this link bit.ly/2GF1pHW and type in “unauthorized port”. This will put you in touch with our moderator team. "

**roopi** · 03-11-2020, 12:50 PM

Originally Posted by ExtraSlow

This quote is hidden because you are ignoring this member. Show Quote

Regarding Public Mobile, this is thier policy for this issue. I don't know if this is better or worse than anywhere else. If anyone requests to port out your number, they automatically and instantly send a text to that number with the following message:

Yes other carriers do this as well but people assume it is a spam message because it actually does look like one.

Thread: Phone Port out scam? Is this a problem in Canada?

Thread Tools

Search Thread

Phone Port out scam? Is this a problem in Canada?

Similar Threads

Purchase used car in Europe, drive it to Port & then Import to Canada | Anyone?

FS: D-Link 16-port and 24-port Gigabit Switches

Idle problem, starting problem. KA24DE problem.

WTB: 2 Port or 4 Port SATA II PCI Card

The Canadian Por'Volks Festival, August 19 & 20th 2006, Port Hope, Ontario, Canada

Posting Permissions