Facebook user Dave Wei shared the experience he had with a hacker on his Facebook page. The hacker managed to terminate his number without his consent and shortly after he was sent a service agreement email and SMS from Singtel.
Here was what he stated in his Facebook post.
“Our telcos have been compromised. Please be careful.
Today my number was terminated without my consent and shortly after I was sent a service agreement email and sms from the official Singtel email and number.
The hacker almost took over my number meaning he could use 2FA to reset my bank password, my email password and my Singpass as well. The hacker is able to do that when he obtains your personal information through one channel or another and poses as you to make a request to the telco.
Through my conversation with the hacker I learnt that:
– This is a scam called SimSwap where hackers try to take over your phone number and there is not much you can do to stop it. Please look it up and take the necessary precautions to limit your risk.
– The hacker is able to hack Singtel numbers but not other telcos. However there may be others who are targeting other telcos.
– The hacker can’t tell if my number was terminated, at least within the first day. Even though my number was terminated, I told the hacker it wasn’t and he believed me.
– The hacker seems to need the code on my end to complete the takeover? He was willing to pay me money for it haha.
– The hacker transacts via bitcoin so there’s probably no way to trace.
The only way to prevent it as far as I can tell from my call with Singtel’s hotline is to opt-in for No Phone (or something along these lines) meaning you can’t modify your contracts and plans over the phone and that you’ll have to go down to the shop to settle changes in your contract.
It’s scary how the scam exploits the 2FA security features and takes over your identity. Without my number I cannot even access Singpass or change any of my passwords.
What’s even scarier is that the a telco’s official communication channels can become part of a scammer’s tool.
The staff at singtel’s shop have not heard of this scam before and did not know how to react. And the police officer mentioned this was the first case he encountered. Singtel is currently investigating and told me that they could reactivate my number in 24 hours. However, it doesn’t change the fact that the number is still vulnerable to attacks.
I’m sharing the images from my chat with the hacker for more details. Please share so more people will be wary.
Update as of 13th July:
Singtel’s team contacted me and managed to reactivate my number successfully. They also offered to change my number and I’ll do so for better security.“