Koodo Community
Question

Unauthorized Sim Swap on Koodo Prepaid

  • 30 October 2022
  • 49 replies
  • 2059 views

Userlevel 1

I need some help with a unauthorized Swim swap that keeps happening to my prepaid koodo account. This is the 2nd time it’s happened in 3 days. The first time it happened the koodo rep said “I” changed via my self serve. I kept trying to tell him this is impossible because A. I have a unique password for my koodo self serve login. b. Even if someone had this password in order for the hacker to change the sim he would need to 1. Send a text message to confirm the swim swap (Never got one and checked my usage history to confirm that). 2.  Or Send a email with a confirmation for the swim swap. I never received that email (Only the email after the swap that it happened). My email is also protected by google auth so there is no way anyone has access to my email (I also checked my secuirty logs to confirm this). Anyway I didn’t fight the koodo self serve rep who kept denying it wasn’t them. I changed all my passwords again just to be safe (even though it’s protected with 2fa and impossible to get in without that). I got my phone back yesterday and tonight it happens again!. Again just a email alert saying my sim has been swaped. This has to be done via someone calling in pretending to be me. But I keep hearing the same thing how it’s been done through my self serve account. This is impossible because yet again I didn’t receive a text before the sim swap or a email before the swim swap to authorize this sim change. So it has to have happened through them calling into koodo or their system somehow being hacked (unlikely). Koodo prepaid has no option to see security logs of who logged in either. But again even if they somehow got my new password they can’t change the sim without a confirmation code which they couldn’t have gotton ahead of time. I’m so frusterated at this experiance and I just want a solution. 


This topic has been closed for comments

49 replies

Userlevel 1

Also having to buy $10 sim cards each time it happens is even more frusterating. Is there no protection that I can have on koodo prepaid to stop this happening?

Userlevel 1
This is a screenshot of the email I get after the unauthorized sim swap happens. But I never get an email ahead of time to “authorize it”

 

Userlevel 1

Also to add yes I went into self serve and put my phone on lost and stolen mode for the time being. Also the scammer is trying to break into my email because if I check my usage log I see them getting a sms message from microsoft to try to reset my email password. They fail though because they also need my google auth and can confirm this in my microsoft security logs. This ip is the scammers but it’s just a VPN address so they can hide. 

 

Userlevel 1

If a koodo rep needs my phone number I can send it via private message too. Thanks

Userlevel 7
Badge +4

Best defensive move might be to set up one or more new email accounts. Reserve them for any 2-factor authentication... phone, banks, etc.

Start a new Koodo prepaid account. Might cost the price of a new SIM and some temporary inconvenience. The pre-paid SIMS are also available on eBay.ca (not eBay.com).

If you have issues outside of Koodo, it’s highly unlikely they are going to be able to help with those.

 

Userlevel 1

But the fact is their system either isn’t working for 2fa when a sim changed is request or a koodo rep made the change internally. It can’t be anything else. If no email was sent for authorization and no text was sent for authorization for the sim change then it has to have been manually done. I know your trying to help but a new koodo account won’t fix the problem of someone phoning in pretending to be and changing the sim again. I’m already on my 2nd new sim card because of this. 

Userlevel 7
Badge +4

Agree with Bob. A defensive move is needed as you have verified your accounts are being targeted. 

You may need to regain your account and port to a different provider if they have your info and are indeed able to call for a sim swap.

At this point your priority should be to lock down any and all your accounts like Bob said. New emails and maybe even a new temporary number for 2FA for key services. 

Userlevel 1

I finally got a koodo rep to beleive that I didn’t do this request and they are going to investigate over the next few days. The hacker/scammer can’t use the phone as it has been disabled for the time being. But yes if they can’t solve this I will have to port over to another company that offers proper port protection. 

Sent this as private message to you Martin, but I should post here for other to see in case they are also experiencing same issue:

 

Hi Martin,

Same thing happened to me last night around 9:45pm PST. I got 2 consecutive emails. One was a verification email at 9:44pm that contains a code to login followed by an email at 9:45pm saying that my SIM card was recently change to ****nnnn and if I didn't do the change to take some steps which I followed.

I have a fairly secure password on my email account and don't believe hacker had access so also strange how they were able to get into my Koodo account and enter in a new SIM number. I tried to enter my SIM number back in (via the iPhone ICCID number) but it says invalid. So I scheduled a call last night for 1:30pm today but not surprised haven't gotten a call. Tried the chat again and put in "call back" but get reply saying they are busy. Wonder if this is an attack on all or many accounts at once.

How did you manage to speak to a rep? Hope you get your issue sorted out.

Thanks,
Bill

Userlevel 7
Badge +4

I finally got a koodo rep to beleive that I didn’t do this request and they are going to investigate over the next few days. The hacker/scammer can’t use the phone as it has been disabled for the time being. But yes if they can’t solve this I will have to port over to another company that offers proper port protection. 

Koodo does offer port protection to their postpaid customers. Since you are currently on a prepaid plan, have you considered switching over to postpaid instead? https://www.koodomobile.com/en/help/port-fraud-protection

To prevent any further successful attempts, I would suggest you to change your passwords, particularly on your Self-Serve, email, and online banking accounts. You may also report this to the Anti-Fraud Centre. https://www.antifraudcentre-centreantifraude.ca/report-signalez-eng.htm

Userlevel 1

Hey @choctubes , yes the same thing happened to me around the same time but 10pm PST so this makes me think there is a hack of their system. The only thing different with mine is I only got the email saying my sim was swaped not the email before so it makes my case even more strange. Make sure you put something like google authenticator to your email address or check in the recently logins under security of your email account to see if someone did a password reset like the tried to do with mine (But failed because in my case they needed google auth too thank god). 

@MilkyWay I use to be on postpaid but since I hardly used any data I went on their $25 3g plan with unlimited calls and 1gb data. I might have to go back at this rate or change my phone number (which is very anoying as I use the number for a ton of things). I did change all my passwords after the first time it happened 4 days ago but then it happened again yesterday and that was after chaning passwords everywhere. I doubt they have access to my koodo self serve as I put my phone in lost and stolen mode and if they had access they could hop on their and click to remove it. Almost seems like a automatic attack as they did the same thing both times. You would think if it was targeted just to me they would have known “Hey I couldn’t get into his email because I don’t have the 2fa google”. But yes good idea to change passwords and yes I should send in a fruad report. 

Userlevel 1

@choctubes Sorry I forgot to add I did setup a call back with the koodo automated system and received a call back in my case. Did you make sure to set the call back to another number you can be reached at as your current phone will be disabled because of the swim swap and impossible to call you.  If you do get ahold of them maybe let them know this has happened to other users too now. More then one report will start making it look suspisous. It’s too strange this happened to us both in almost the same timeframe. 

@Martin Weiss Thanks for the info. I gave them my voip number but I put in an anti-robo caller feature that forces the caller to press a specific number before a call goes through. Great feature but not good when Koodo was probably using a robo dialer to call for their support staff.  I switched to use someone else’s phone number and got a call back fairly soon. 

They were quite helpful and offered me a $20 credit for me to buy a new SIM as my original SIM wasn’t accepted when I tried to swap it back to my SIM number. I’m a programmer and am technical so was providing the correct SIM number from my iPhones ICCID and even verified the number on the physical SIM. Not a mobile device programmer so don’t know the ins and outs of SIM numbers and if my original SIM number is now somehow compromised? I wouldn’t think so as the hacker just put in his SIM number in place of mine.

Via a Google, I saw that there was a Koodo data breach back in 2020 and that the info was being sold on the dark web. So perhaps someone purchased them recently and targeted a bunch of numbers this week. To be honest, I wasn’t using the most secure password for my Koodo account, it is not “password” :) but it uses the same root word with different numbers at end that I use for sites I don’t consider need high security. I started using KeePass recently to generate random and secure passwords but a pain to have to load it and grab and copy/paste password into my browser so I only use that for financial accounts.

I was aware of SIM swap hacks and know they are very common but this really drives it home and makes me realize that 2FA using your phone is probably not a good idea period. I do use 2FA app as well but use Authy but I don’t use it for all my accounts and not all support it. 

I went and spent the entire day today changing all my passwords on all accounts that used my cell phone as 2FA. If given choice of a single password and cell phone 2FA, I think I will now opt for just using a very secure password for accounts don’t have another option for App 2FA.

 

 

@Martin Weiss yes, interesting that you didn’t get a verification email first and I did. When I got my new SIM card and was able to enter the new number in the system to swap it back, I got an email informing me the SIM card number changed but no verification code. Since you didn’t get a verification email code but the change notification email, it appears someone had access to your Koodo account password. Whereas for me, they had my email account password.

I think mine is mostly resolved and hope you are ok too.

Also makes sense why some major financial institutions don’t use cell phone 2FA. It is just too vulnerable. Social engineer hacks apparently quite easy and common as it is not that hard to find the information to get access to phone provider accounts. For me, they just asked my name, address and last 4 digits of my credit card. 

 

Userlevel 1

@choctubes Well in my case I changed my koodo password after the first time it happened but a day later it happened again after restoring it to a new sim I got. But even if they got into my koodo account I should still have received a confirmation text or email as it won’t let them change it without that. Hopefully it doesn’t happen to you in a few days again like it did with me. Also I recently signed up with koodo prepaid as of like 5 months ago so I shouldn’t have been in a data breach there but never know if there has a been a new one. Anyway I’m still waiting on their team to get back to me on this as they are invesigating my case. I will update when that happens in the next few days. 

I was also hit by a sim swap at 1am PT on Nov1. Given there are no customer service representatives around at this time of day, and the attacker did not have 2FA in order to change my sim via my account online, I suspect a Koodo breach or an internal bad actor.

 

I was just on the phone with a representative a few minutes ago, and they claim a memo has been shared this morning and an internal investigation has been started. So there are other cases of this.

This exact thing has just happened to me today Nov 4. At 2:00am exactly my phone displayed a message saying that it’s sim card has been changed/swapped. This was completely unauthorized and without my consent. Someone is trying to get access to my accounts I think. There was no confirmation email or anything saying to verify, it just happened automatically. I received the same email from koodo prepaid as a user above already posted:

First thing I did was change my koodo prepaid account password and set it to stolen/lost.

I tried using the koodo digital assistant but I can’t get in touch with anyone since the phone effected is my primary phone. I don’t have any other means to get in touch with a rep unless it’s an online call such as skype/ms teams and I don’t think they support that. If anyone knows how I can get this fixed and restore my original sim card, it would be great. Is the really only solution is to buy a replacement sim card?

I’ve created another post/thread in the hopes for better visibility:
 

Please help, thanks!

At Nov 4 2:00am exactly my phone displayed a message saying that it’s sim card has been changed/swapped. This was completely unauthorized and without my consent. Someone is trying to get access to my accounts I think. There was no confirmation email or anything saying to verify, it just happened automatically. I received this email message:

First thing I did was change my koodo prepaid account password and set it to stolen/lost.

I tried using the koodo digital assistant but I can’t get in touch with anyone since the phone effected is my primary phone. I don’t have any other means to get in touch with a rep unless it’s an online call such as skype/ms teams and I don’t think they support that. If anyone knows how I can get this fixed and restore my original sim card, it would be great. Is the really only solution is to buy a replacement sim card?

This is the exact same experience from this other post/user:
 

Please help, thanks!

Userlevel 7
Badge +4

If you have access to Wi-Fi in your home, download the Fongo Mobile app. The app is available for iOS and Android devices and works over Wi-Fi or mobile data. You will get a free local phone number that you can use when scheduling a callback through Koodo Assist (virtual assistant). In the chat box, type “schedule a callback” and follow the prompts.

Fongo Mobile app

Koodo Assist | Prepaid

If you have access to Wi-Fi in your home, download the Fongo Mobile app. The app is available for iOS and Android devices and works over Wi-Fi or mobile data. You will get a free local phone number that you can use when scheduling a callback through Koodo Assist (virtual assistant). In the chat box, type “schedule a callback” and follow the prompts.

Fongo Mobile app

Koodo Assist | Prepaid

Thanks for the recommendation! I downloaded the Fondo Mobile app and was able to get in touch with the reps there. I was able to revert back to my existing sim but yea, this is very scary fraud/hacking stuff going on. No one on their support teams had any idea how this was being done and or what system is bugging out or failing. Their fraud investigation team is looking into it and apparently cases like this all of a sudden happened recently. Hope they can figure it out.

My email was hacked yesterday and my prepaid Koodo account accessed and had the SIM card changed. They used this to log into my Newton crypto account with the phone number 2FA and sell my crypto and transfer it all as Bitcoin to an external wallet. I have the IP address used as well as the wallet address.. is there anything to do to try to track them down? The crypto wallet has received in excess of 3 billion USD of bitcoin, I’m assuming from stealing from others as well

Userlevel 7
Badge +4

Oof I'm sorry to hear that. The wallet address won't do anything to track down location. You can try various ip geolocation tools or sites to get an approximate location. It won't be exact. They might have used a VPN to mask their IP or just masked their own directly. This is likely on an international scale. You can file a police report and maybe Interpol or something could use it for a larger investigation but I'd assume your crypto is gone forever.

Userlevel 7
Badge +4

Lesson: don't ever use your cell number for 2FA. Use an app like Authy or better still, a hardware token such as Yubikey.

Considering you just had three billion stolen, you seem pretty calm under that.

I turned on Authy yesterday.. and last night my sim was again changed twice, they added a second (desktop) access to Authy.

 

I only had $2000 stolen, but the wallet address has received that amount I’m assuming from doing this over and over to people 

Userlevel 7
Badge +4

I see, I misread. If you use CloudFlare they currently have a good deal on Yubikeys... I would highly recommend them because I don't think those are hackable (yet).