A High River woman counts herself lucky to have caught a mobile hijacker before her personal information was completely compromised.
Amanda Doherty received a text message around 6:40 p.m. on Feb. 3 that read, “Rogers has received a request to transfer your telephone number to another Service Provider. If you did not authorize, contact Rogers urgently.”
Assuming it was a spam message, she did not click on or call the attached phone number.
“With all the scams going around I wasn’t just randomly calling some number I received through text,” said Doherty.
She and her husband began researching the 1-877 phone number in the message to see if it was legitimate, and finally Doherty decided to call Rogers’ customer service line to ensure her account was safe.
Ten minutes later, while on hold, the call was disconnected and when she checked her phone said “No Service.”
They used her husband’s phone to call Rogers.
“When we finally got through to them they said, ‘Your number is no longer with us, it’s been transferred to Bell,’” said Doherty.
Her phone number had been hijacked, and ported to a different carrier. Rogers told Doherty it could attempt to retrieve the phone number but in the meantime she would have to visit a Rogers location and set up a temporary number so they would have somewhere to transfer her digits.
The account had been closed, meaning her bill would be hit with cancellation charges for backing out of her contract before it was up – even though she hadn’t authorized the switch.
Rogers assured her those fines would be reversed, but the nightmare wouldn’t end there.
“While we were dealing with them I looked at my phone and got an email that said my email address password had now been changed,” said Doherty. “So they had hacked into my email.”
The hijacker had been able to reset the password using the cellphone number she had attached as part of the two-factor authentication process many servers recommend or require for security, she said.
“I immediately ran to my computer and got online with my bank and froze all of my accounts and went on PayPal and closed everything out and shut everything down,” said Doherty."“It does seem like I caught it fast enough. I didn’t have any money missing, I haven’t had any sort of thing except I know they got into my personal email address because they changed my password.”
She was one of the lucky ones.
A woman in Toronto fell victim on Jan. 18 when she also ignored the text message, presuming it was spam. Her number was ported two hours later and the hijacker broke into her email account, where it was possible to access her Amazon account, signing up for Prime and spending $800 on PlayStation systems, according to a CityNews article.
Doherty's husband said there has been reports of someone in Okotoks also being a victim on Feb. 2, though their identity and the full impact on their personal information is unknown.
In Calgary, Jay Ringland, who read about Doherty's story on Okotoks Today, said reading the words was like déjà vu. He'd received the same text message on Feb. 5 and used his landline to call Rogers, but was on hold for an hour and 10 minutes.
"Within 20 minutes I started getting notifications from PayPal about unusual activity," said Ringland. "I went into my PayPal account and whoever the hijacker was had bought an Air Canada plane ticket from my account for $1,761.16."
The amount will be refunded to him, but Ringland said it takes five to 10 business days, which meant rearranging mortgage payments to account for the unexpected withdrawal. In addition, he cancelled all of his bank cards and, like Doherty, got a temporary phone number so that Rogers could retrieve his.
"I had never even heard of hijacking a cellphone number," said Ringland.
He now has port protection on his phone, which is a series of PIN codes and passwords on his Rogers account that anyone trying to make changes will have to produce in the future.
Doherty said the biggest issue seems to be the lack of time to react. Though she hadn’t called the number provided via text, she was on the line with Rogers when her phone service was cut off and had been on hold.
“I had 10 minutes from the time I got the text message until the time my phone got disconnected,” said Doherty. “The law has to change about porting numbers. Just sending a text message – what if I was in the shower, or what if I was travelling and out of the country?
“I feel like something has to change somewhere, I just don’t know how to go about doing it.”
Rogers Communications was unable to comment directly to the number porting incidents.
However, the Canadian Wireless Telecommunications Association (CWTA), which is an authority on wireless issues and trends, said porting number is a Canadian Radio-television and Telecommunications Commission (CRTC) requirement to allow wireless subscribers to keep their telephone number when switching providers, making it easier for consumers to have open access to mobile services.
In a written statement, the CWTA said unauthorized phone number transfers are just one more way criminals have discovered to commit identity theft and the industry is looking at ways to increase security for customers of all providers.
"As with any matter pertaining to customers' privacy and security, our members take the issue of number porting fraud very seriously," said CWTA statement reads. "Individual service providers have made modifications to their own internal processes and the industry is in the midst of making changes to the number porting system that will add new levels of verification while continuing to meet the CRTC's requirements."
Doherty said the impact could have been far worse for her, if she hadn’t noticed the change in email password right away. All her business accounts have two-factor authentication with her cellphone number as well.Her mind was spinning Monday night as she considered everything that could be compromised, and Doherty said she hopes hearing about her situation might help someone else avoid a similar attack.
“I know what it’s like to go through one day of this and I feel like I didn’t even get it that bad, she said. “I couldn’t imagine if they had gotten deeper and further into my stuff what it would entail to go through.
“I basically lost a whole day of work, a whole night of sleep. So any way I can help to prevent anyone else from going through it I’m happy to do so.”
She did report the incident to High River RCMP, and Sgt. Jason Cann said Doherty did the right thing by ignoring the text message phone number, because it’s difficult to know whether those texts are legitimate.
“Go to the original source, is what we suggest,” said Cann. “If you have concerns, don’t always call the number that’s provided to you through a text or email.”
He said it’s best to check a company’s website and contact the provider through its customer service line, like Doherty did. Otherwise the victim is rendered helpless, he said.
It’s also wise to get in touch with your bank and other services immediately, he said.
“Hopefully in dealing with some of the companies directly they can tell you they’ve seen this, here’s what you could expect,” said Cann. “It’s hard to know. There are so many new scams coming out daily and it’s difficult to tell what steps to take first.
“I think she did the right thing.”
