A netizen shared his horrific experience about a new modus where someone pretends to be him went to a Globe Store and requested to replace his SIM card. From there, the culprit managed to get access to the victim’s email accounts and eventually to his bank account. Read the rest of the story below:
On the night of July 2, 2015, Thursday, I noticed that my phone’s GLOBE SIM just went dead. I called GLOBE’s hotline and was then informed that a SIM replacement order was processed at their SM North EDSA branch a few hours before my call. I then told the GLOBE rep that I am concerned about the possible security risks it may cause, i.e. whoever has my number would have access to my incoming messages. We ended up cancelling the active SIM. I never really thought it could be any worse than what I am about to share with you. I thought it was just a simple processing error such as the North Edsa GLOBE store ran a SIM replacement order on the wrong account – mine!
Then I went on to check my emails in Outlook at home where all my GMail and Yahoo accounts are setup. Outlook was unable to access all of them and then Facebook booted me out of my phone’s app – someone has taken over my accounts and that’s why they were all inaccessible!
For the less technical folks, this is what happened…
An impostor (granting that this was not an inside job though what bugs me was how I got picked as a viable target because surely that will require access to my information to determine that something can be stolen from me) went to GLOBE’s North Edsa store and pretended to be me, and requested for a SIM replacement.My cell phone number is associated with multiple email accounts, my facebook, and a few others. It is also set up as a recovery method for these accounts because I thought that this was indeed an extra security layer. What that means is if, for some reason, I forgot my password to any of these accounts, that I would then have the ability to restore access through my mobile number. For instance, GMail would send me a temporary password to my mobile number and voila, I can access my email again. This is how the perp managed to reset the passwords of my online accounts since my SIM died and he had the activated one in his hands already.
Unfortunately for me, my main email was one of those accounts he managed to break. This email account is what I use mainly for online banking, purchases and such. And to address other people’s assumptions, no I don’t share personal information publicly. I don’t even share my phone number that easy, let alone my email. I used to work for HSBC for 3 years and I do know the ABCs of taking care of one’s information. Save for this post which I felt the public should know that’s why it’s set to public, my FB profile is private with a pretty restrictive security setting.
I was just fortunate that I took notice of the problem at an earlier point because whoever stole my accounts forgot to unset my recovery options. One of them is an alternate email that is not associated to any mobile number so that remained untouched. I managed to reset all of my accounts using this method and performed a successful recovery. I then immediately removed my old cell phone number as a recovery option to block any attempts to reset my email accounts’ password that way and then did another round of password changes for all of them.
After regaining my hold on those accounts, emails started to come into Outlook and then I got the standard emails saying that my passwords were changed around the same time the GLOBE rep said that a SIM replacement request was processed. What threw me off and literally shook my core was an email from BDO saying that a Fund Transfer was completed, going out to Security Bank for 48,000.00. It’s a considerable amount and that scared the living crap out of me.
The victim is already working with Globe to catch the culprit. He asked for a copy of the CCTV footage and the ID presented by the thief. He was also able to screenshot an email notification from BDO where his funds where transferred. While the name in print might not be the one involved on this modus, it won’t change the fact that he was the recipient of the missing money.
Note: To respect the privacy of the people involved, the names and other personal details were purposely removed.
This modus of pretending to be the account holder and doing transactions on the victim’s behalf is not new though. In the previous months, a post circulating in the social media about someone applying a second line using his account went viral too. The good thing about that incident though is that the telecom company was able to verify the account details and called the account holder directly for confirmation.
Another angle that we could look into is the possibility of this being an inside job for which the victimized netizen is also considering.
We’ll keep you posted for any update on this case. Stay tuned!
- Phishing Email Analysis Landing Page - September 19, 2024
- BPI to hold Cybersecurity Conference to ‘Fortify Cyber-Resilience in an AI World’ - July 25, 2024
- New Smishing Campaign makes use of Globe SMS Sender ID - May 27, 2024