Caballero is a postpaid subscriber whose account was allegedly compromised. On the night of July 2, 2015, Thursday, his phone suddenly went dead not knowing what has happened so he called Globe’s customer service. It was confirmed to Caballero that a SIM replacement was done in SM North Branch earlier.
According to Caballero his cell phone number is associated with multiple email accounts, like Facebook, and few others. It is also set up as a recovery method for those accounts because he thought that it was indeed an extra security layer. For instance, he forgot the password to any of his accounts; it would then have the ability to restore access through his mobile number. This is how the perp managed to reset the passwords in online accounts.
However, whoever who stole his accounts forgot to unset the recovery options. One of them is an alternate email that is not associated to any mobile number so it remained untouched. He managed to reset all of his accounts using this method and performed a successful recovery. He then, immediately removed his old cell phone number as a recovery option to block any attempts to reset his email accounts’ password and then did another round of password changes for all of them.
After regaining those accounts, emails started to come into Outlook and then he got the standard emails saying that his passwords were changed around the same time the GLOBE representative said that a SIM replacement request was processed.
Unfortunately, what shook him off was an email from BDO, saying that a Fund Transfer was completed going out to Security Bank for 48,000.00.
Attached is the screen grab of his email got from BDO.
Caballero has stated in his post that he has approached the involved branch to report this alleged SIM Replacement Modus. He has requested for CCTV footage, but to his dismay was not accommodated. As of his last update, no concrete explanation has been provided to him by the telco representatives.
So here’s a few tip from caballero
1. When you’re on a postpaid line, do not (I repeat) do not add SMS as a recovery option for any of your accounts. When someone has access to your mobile number (so this should also be applicable to prepaid mobile numbers) without your knowledge and would do the same, just like what was done to me, it’s game over for you!
2. Setup another email account just for the sole purpose of recovery and nothing else. Keep the account to yourself and use this email address as your recovery option for all your other accounts. Again, no mobile numbers!!!
3. Use a password manager like 1Password. Apps like this enables you to generate hard-to decipher passwords and they do the job of remembering them for you. It will be difficult when you start using a service like this but it becomes easier as you get used to it. Do away with passwords like your birthday – guilty here!
4. Call your Telcos and request that for any SIM Replacement orders in the future that they call you first through an alternate number to confirm that it was in fact you before doing anything further. Right now, GLOBE now has a flash (I think that’s what they call it) on my account that tells anyone who views my record in their database to first contact another number to validate any SIM replacement request before processing the job order. If this still happens to me despite the above changes, then Globe has a rotting tomato in its basket.
5. Sue your Telco for making a living hell out of your already miserable life – thanks to traffic, pollution, and the multiple levels of joke in our political landscape that collectively made our already third-world pathetic lives beyond horrific.
Source : https://www.facebook.com/photo.php