SIM swap scams are probably the scariest thing that can happen to anyone, where fraudsters trick a wireless carrier into transferring a victim’s number to a SIM card they control, usually at a different wireless carrier. This allows unauthorized access to a victim’s entire life including control of bank accounts, for example.
This is exactly what happened to Wayne and Diana Stork of the Greater Toronto Area, when they fell victim to a SIM swap scam and lost $140,000. The couple are Freedom Mobile customers and fraudsters were able to trick employees at a retail location to take control of Wayne’s number, changing it to a new SIM card last fall.
Speaking to Global News, Diana said, “We’re doing this, in part, to get the word out,” noting the whole process so far has been a “nightmare.”
Last September, Wayne’s phone suddenly stopped working, went into SOS mode and was deactivated he said. He was unable to use his phone as someone else had the personal info tied to his device.
“He (Wayne) was watching his accounts drain of money, that’s when the panic set in,” Diana said. Over the next 24 hours, fraudsters had access to Wayne’s brokerage trading account and more, including one crypto account at Coinbase with Bitcoin from an inheritance—which was emptied.
“The Bitcoin was worth $140,000, and we lost that,” Diana said. “That’s our retirement, that’s our money,” said Wayne.
After reaching out to Freedom Mobile, customer service said someone claiming to be Wayne got a new SIM card at a retail store in Toronto. Stork said the employee asked, “weren’t you in the store yesterday to get a new SIM card?”
The worst part about SIM swap scams are the fact fraudsters have full access to your phone number to receive 2-factor security codes. This extra layer of security is meant to protect your email and bank accounts for example. But when scammers get the codes now that they have full control of your number? Game over.
Stork reported the fraud to police and once Freedom Mobile took action, the damage was done. He lost $5,500 from a CIBC trading account, along with a TFSA account with $15,100. Shares in a Canadian Western bank were lost worth over $6,000.
Wealthsimple ended up reimbursing Stork for funds lost as the company said he was not at fault.
In the six months since he was victim to SIM swap, Freedom Mobile has not provided compensation, said Wayne.
Freedom Mobile told Global News, “we can confirm that we have been in contact with the customer to resolve the issue.”
The Canadian Telecommunications Association says from October 2020 to May 2021, after carriers added new security measures, there was a 95% drop in the “total number of unauthorized number transfers and SIM swaps.” But it’s clear something wasn’t in place for Wayne’s case.
Executive director of the Ottawa-based Public Interest Advocacy Centre, John Lawford, said there should be penalties in the regulatory system when SIM swaps happen. “In Australia it’s the equivalent of (a penalty of) $200,000 per incident of SIM swapping,” said Lawford. Maybe Canada and the CRTC should really step up here and follow suit. That’s when wireless carriers will really lock down SIM swaps when they are penalized each time it happens.
Lawford also says telecoms won’t divulge how many customers were victims of fraud in the last year, despite claiming to the CRTC cases of scams are down.
SIM swap scams have been happening for years now, dating back over five years at least when they were surging out of control. It’s incredible that it can still happen today.
How to prevent being a victim of a SIM swap? For starters, don’t share your entire life on social media such as your birthday and other personal info. CBC News was able to bypass Rogers security in their own test just by using information on a staffer found online back in 2019.
Fraudsters use your personal info to trick retail employees, claiming to be you. Never share 2-factor codes to anyone on the phone or text message, if they are reaching out to you pretending to be from a company. Just hang up and call back to confirm if they are actually trying to reach you. Also, use an app to get 2-factor codes and not text messages.
