Sponsored Links

Sim swap scam

dave.j

Casual Member
Hi, my mobile number has just been stolen!
Believe email accessed and scammers called my mobile phone provider Lebara to transfer number. I did get three PAC code texts in a minute but did not reply. Later, my phone had no service.
Callback, after live chat, Lebara offered to send replacement SIM.
Within the hour of PAC texts my number was being used by scammers.
New SIM did not work. Called Lebara who said that my number had been ported out to 02. Scammers had called for PAC code, probably said not get code so give it different way. ! Lebara passed case to retentions - 48/72hrs. Said they had a recording.

02 shop said number gone onto a PAYG and could do nothing.
Sim Swap - seems to be common !
 
That’s a fairly serious fraud with further security ramifications for banking and identity theft.

Have you escalated through Lebara?
 
Sponsored Links
That's awful. Sorry.

Lebara have a minimum duty of care, which they appear to have failed badly, to protect your number getting ported out by criminals.

You need to get them to escalate and to help you out. This is of their doing / poor due process.
 
scammers got into my barclaycard - changed address, email. Applied for paypal credit but refused
Its been stressful
Maybe worth speaking to ActionFraud.

Change your passwords on everything you can think of Dave. Use a password generator and a vault like Bitwarden if needs be with a rock solid password.

Setup 2FA or passkeys on absolutely everything you can.

If your bank uses your mobile for 2FA get onto them too.

I believe you can lock down your credit report with Experian too to prevent new credit applications. It’ll cost but worth the outlay.
 
Sponsored Links
Thanks for all replies - I've got a bit of learning to do !
I'm bit old school and used passwords I can hopefully remember even though all saved in browser, shorter and easier to guess
Will contact ActionFraud.
Lebara said 48-72 hrs to elevate , on Thurs evning, I will follow this through
I think scammers setup credit karma a/c 1st ??
Now realise that my number had already been ported out when lebara tried to diagnose my non working sim and then said they'd send a replacement , 2 days lead for the scammers
I think I had a too lazy attitude and 2FA was a pain because I mostly use a laptop hardly ever a mobile , however will have to change my ways about security
Oh , I've just ordered another Lebara sim - 50Gb , £1 mnth for 7 mnths - glutton !
 
Thanks for all replies - I've got a bit of learning to do !
I'm bit old school and used passwords I can hopefully remember even though all saved in browser, shorter and easier to guess
Will contact ActionFraud.
Lebara said 48-72 hrs to elevate , on Thurs evning, I will follow this through
I think scammers setup credit karma a/c 1st ??
Now realise that my number had already been ported out when lebara tried to diagnose my non working sim and then said they'd send a replacement , 2 days lead for the scammers
I think I had a too lazy attitude and 2FA was a pain because I mostly use a laptop hardly ever a mobile , however will have to change my ways about security
Oh , I've just ordered another Lebara sim - 50Gb , £1 mnth for 7 mnths - glutton !
Probably set the credit karma account up to see what other accounts you have under your credit profile.

I think it’s up to O2 to kill the sim now and issue a PAC.

Unfortunately / fortunately for the scammers they have PAC’d out to the worst network possible for communication.

Not sure if Action Fraud have internal links with O2, see what they say.

Failing that go straight to the exec office at O2 via email and explain the situation.
 
Probably set the credit karma account up to see what other accounts you have under your credit profile.

I think it’s up to O2 to kill the sim now and issue a PAC.

Unfortunately / fortunately for the scammers they have PAC’d out to the worst network possible for communication.

Not sure if Action Fraud have internal links with O2, see what they say.

Failing that go straight to the exec office at O2 via email and explain the situation.
Email the O2 CEO and copy in the exec email address (DM me if you want it) not sure we’re allowed to post email addresses on an open forum.
 
Sponsored Links
Maybe worth speaking to ActionFraud.

Change your passwords on everything you can think of Dave. Use a password generator and a vault like Bitwarden if needs be with a rock solid password.

Setup 2FA or passkeys on absolutely everything you can.

If your bank uses your mobile for 2FA get onto them too.

I believe you can lock down your credit report with Experian too to prevent new credit applications. It’ll cost but worth the outlay.

Whilst it's more likely thesedays a password could have been stolen in a data breech (Epically if you use the same password in more than one place)

if you use a PC/Mac it would be worth scanning it with a reputable antivirus first just in case there's something nasty on it that could have allowed someone to obtain your password for the email. (Even if you just tell the inbuilt windows defender to do a full scan if it's a windows machine)

Android/iOS it's less of an issue assuming you've only been installing stuff from the respective app stores (Occasionally something nasty does make its way on the Play/App stores, but it usually gets caught fairly quick so it's less likely you'd have something nasty on your phone/tablet)
 
Lebara must have gone so far outside of their own procedures to take a PAC request over the phone from a number that wasn't the one on the account and then read it out to the caller
The Lebara situation is far from ideal although the criminal has access to the victims email account which will be a goldmine of information about the victim to help with any security questions and applying for any new accounts or receiving activation codes by email.

The criminal was able to open a Credit Karma account which asks questions when creating the account and they were successful.

Weak email security is a big problem and also the amount of data people leave in their email accounts.
I have seen people with scans/photos of passports, driving licences, bank statements etc in their email folders.
 
I would also do a DSAR to Lebara for the recording of the call where "you" requested the PAC.

I can't start accusing their staff of doing this on purpose but people (often offshored) working in a call centre with the ability to do a SIM swap are often very vulnerable to organised crime making very generous offers.
 
Last edited:
Sponsored Links
Thanks for all the very helpful comments.
Contacted O2 via FB and replied ok but it seems it's up to my provider to get it back.
Lebara have been totally useless so far with calls being dropped just after being answered. They asked for pics of original and replacemnt sims but did not read the email ! They say it's being escalated - 48-72 hours 3 times now but not one reply yet
 
Thanks for all the very helpful comments.
Contacted O2 via FB and replied ok but it seems it's up to my provider to get it back.
Lebara have been totally useless so far with calls being dropped just after being answered. They asked for pics of original and replacemnt sims but did not read the email ! They say it's being escalated - 48-72 hours 3 times now but not one reply yet
Leave a bad trust pilot review, that’ll get the attention of one of the social media team and/or email John-Paul Patten their CS Ops Manager who will look into it.
 
2FA is not foolproof either, if malware gets onto your PC and starts to pass your session cookies out to the scammers they can access your 2FA protected websites without needing to even login. Had this happen to me, but luckily I had my credit card set to send me notifications on my phone for all transactions.

Phone pinged a payment at 7.30am for a ebay purchase of a game pass code, I logged onto ebay and removed my credit card from the payments system, tried to reset password but got no emails with the required link. Then had to go into Gmail and remove the rule they had entered so all ebay emails went to the bin. Got onto credit card company and got the card stopped. Then went to amazon and removed all payment methods but this was never compromised.

Ebay refunded the purchase of the game card pass, they could see a signin not from UK.

Took the infected PC off line and used the bleeping computer set of anti virus tools. Reset a lot of passwords for all 2FA enabled sites.

Very lucky to have caught it so early and no loss incurred.
 
A lot of people/sites use their mobile for 2FA, which is one of the main reasons why sim swap attacks are performed - to get the second factor.

BTW if you haven't already, report this to the police and get a crime reference number. You will need it when you're trying to clean up the mess and regain access to accounts.
 
Top
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £24.00 - 26.00
150Mbps
Gift: None
NOW UK ISP Logo
NOW £24.00
100Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £25.99
145Mbps
Gift: £50 Reward Card
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
200Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £22.99
132Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Youfibre UK ISP Logo
Youfibre £23.99
150Mbps
Gift: None
Large Availability | View All
Sponsored Links
The Top 15 Category Tags
  1. FTTP (6024)
  2. BT (3638)
  3. Politics (2720)
  4. Business (2439)
  5. Openreach (2405)
  6. Building Digital UK (2330)
  7. Mobile Broadband (2143)
  8. FTTC (2083)
  9. Statistics (1899)
  10. 4G (1813)
  11. Virgin Media (1762)
  12. Ofcom Regulation (1582)
  13. Fibre Optic (1467)
  14. Wireless Internet (1462)
  15. 5G (1404)
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules