Globe subscriber falls victim to SIM swap scam

Globe subscriber Ian Caballero almost lost P48,000 from his savings after he fell victim to a new modus operandi dubbed as SIM swap scam.

Caballero narrated his story in a lengthy post on Facebook, along with updates and developments regarding his case. We're publishing it as is:

WARNING TO THE PUBLIC: SMS as a Recovery Option for Any of Your Online Account is a BAD IDEA!!!

Let everyone be warned of this new modus that I myself became a victim of.

NOTE: I am updating this post as of July 4 to make it easier to understand as I see comments from shares where FB users got confused with how this ballooned into a crisis.

On the night of July 2, 2015, Thursday, I noticed that my phone's GLOBE SIM just went dead. I called GLOBE's hotline and was then informed that a SIM replacement order was processed at their SM North EDSA branch a few hours before my call. I then told the GLOBE rep that I am concerned about the possible security risks it may cause, i.e. whoever has my number would have access to my incoming messages. We ended up cancelling the active SIM. I never really thought it could be any worse than what I am about to share with you. I thought it was just a simple processing error such as the North Edsa GLOBE store ran a SIM replacement order on the wrong account - mine!

Then I went on to check my emails in Outlook at home where all my GMail and Yahoo accounts are setup. Outlook was unable to access all of them and then Facebook booted me out of my phone's app - someone has taken over my accounts and that's why they were all inaccessible!

For the less technical folks, this is what happened...

An impostor (granting that this was not an inside job though what bugs me was how I got picked as a viable target because surely that will require access to my information to determine that something can be stolen from me) went to GLOBE's North Edsa store and pretended to be me, and requested for a SIM replacement.

My cell phone number is associated with multiple email accounts, my facebook, and a few others. It is also set up as a recovery method for these accounts because I thought that this was indeed an extra security layer. What that means is if, for some reason, I forgot my password to any of these accounts, that I would then have the ability to restore access through my mobile number. For instance, GMail would send me a temporary password to my mobile number and voila, I can access my email again. This is how the perp managed to reset the passwords of my online accounts since my SIM died and he had the activated one in his hands already.

Unfortunately for me, my main email was one of those accounts he managed to break. This email account is what I use mainly for online banking, purchases and such. And to address other people's assumptions, no I don't share personal information publicly. I don't even share my phone number that easy, let alone my email. I used to work for HSBC for 3 years and I do know the ABCs of taking care of one's information. Save for this post which I felt the public should know that's why it's set to public, my FB profile is private with a pretty restrictive security setting.

I was just fortunate that I took notice of the problem at an earlier point because whoever stole my accounts forgot to unset my recovery options. One of them is an alternate email that is not associated to any mobile number so that remained untouched. I managed to reset all of my accounts using this method and performed a successful recovery. I then immediately removed my old cell phone number as a recovery option to block any attempts to reset my email accounts' password that way and then did another round of password changes for all of them.

After regaining my hold on those accounts, emails started to come into Outlook and then I got the standard emails saying that my passwords were changed around the same time the GLOBE rep said that a SIM replacement request was processed. What threw me off and literally shook my core was an email from BDO saying that a Fund Transfer was completed, going out to Security Bank for 48,000.00. It's a considerable amount and that scared the living crap out of me.

I made multiple calls to my banks and ensured that my mobile number is removed from their systems.

I spent my whole Friday getting my SIM replaced and number changed at a nearby GLOBE store and then I went to SM North Edsa to get a copy of the CCTV footage and the ID presented by the person who stole my identity. I initially spoke to Kara (Customer Service Officer) and was later received in a private room by the Asst. Retail Manager, Mhel. They said that the request will be processed in 24 hours and I should hear from them anytime later, this Saturday. Coincidentally, the Globe personnel who processed the SIM replacement order did not come to work when we were there.

Hmmm. Red flag!!!

Attached is the screen grab of the email I got from BDO and while I am not saying that the person should immediately be assumed as the crook, it doesn't change the fact that his name is the recipient of the funds coming out of my BDO account. The money that they took was what's left of our business that did not do well and had to be closed out. Yes, the stealing part was already adding insult to injury.

So here's a few tip for you guys:

1. When you're on a post paid line, do not (I repeat) do not add SMS as a recovery option for any of your accounts. When someone has access to your mobile number (so this should also be applicable to prepaid mobile numbers) without your knowledge and would do the same, just like what was done to me, it's game over for you!

2. Setup another email account just for the sole purpose of recovery and nothing else. Keep the account to yourself and use this email address as your recovery option for all your other accounts. Again, no mobile numbers!!!

3. Use a password manager like 1Password. Apps like this enables you to generate hard-to decipher passwords and they do the job of remembering them for you. It will be difficult when you start using a service like this but it becomes easier as you get used to it. Do away with passwords like your birthday - guilty here!

4. Call your Telcos and request that for any SIM Replacement orders in the future that they call you first through an alternate number to confirm that it was in fact you before doing anything further. Right now, GLOBE now has a flash (I think that's what they call it) on my account that tells anyone who views my record in their database to first contact another number to validate any SIM replacement request before processing the job order. If this still happens to me despite the above changes, then Globe has a rotting tomato in its basket.

5. Sue your Telco for making a living hell out of your already miserable life - thanks to traffic, pollution, and the multiple levels of joke in our political landscape that collectively made our already third-world pathetic lives beyond horrific.

Sorry for the long post but please be mindful of your stuff online. I am still sticking my middle finger up to Globe Telecom for making this snowball into my personal avalanche.

If you think this helps, please share and make the next person do a bit of extra step to secure their identity.

UPDATE #1: July 4, 2015, 9:00 PM
GLOBE's Asst. Retail Manager, Mhel, promised me a 24-hour resolution (max) delivered through a phone call by her and when I left the North Edsa store, it was around 3:00 PM last Thursday, July 3, 2015. So I did expect that I would hear from Mhel herself on or sooner than 3:00 PM the following day. I did not hear from anyone until in the evening. Actually, when it was around 4-ish and nobody still contacted me, I was planning to drive back to the store to let them know that I am done playing the nice card on them. My patience just went through the roof. But because of the rain, I decided against it until I got a text message from Kara late at night. She's the Customer Service Officer who initially assisted me before I was introduced to Mhel. Yes, a text message! Not a call from Mhel, but a text message from her staff! Such a wonderful day with GLOBE treating my case with less importance.

Basically, in Kara's text message she said that they cannot grant my request for access to the CCTV footage because it was "internal" and that the request needs to go through legal. Please know that I was made to sign a request letter addressed to GLOBE for the CCTV recording retrieval last Thursday. Whether it should go through another department or not, the request was addressed to GLOBE so that should mean it can be catered by any of its departments. And why deprive me of this information? It's not like I am requesting for the whole day's footage. I am only interested in getting the portion where someone pretended to be me and completed a SIM replacement request at their store.

Another thing that I noticed was that the North Edsa store takes a picture of their clients to go with their ticket numbers because the center is setup like an open cafe. There is no central customer service desk anywhere. What happens is when it's your turn to be assisted, a Service Officer will approach you and help you from there. The reason why they know what you look like is because they have a picture of you on their tablet to match the ticket number you are assigned with. Surely, if someone obtained my SIM by pretending to be me then they should have captured a picture of him. They can then cross reference the timestamp of when the service started and ended and review their CCTV recording during that period.

I fear what a good friend, Johanna, told me that it is highly possible that GLOBE cannot produce a footage simply because nobody was an impostor in this case. That I wasn't some random victim. That it was an inside job. What's scary ladies and gentlemen is that if it was true, then this grand plan just to get to my bank account surely involved studying my information. That's scary. That's bloody disturbing.

I will be at the North Edsa store this morning. Hell to pay GLOBE. Hell to pay!!! (To quote a colleague of mine, Meg)

UPDATE #2: July 5, 2015, 11:10 AM

I received a call from Jonie Chanco, GLOBE's Retail Area Head for North GMA 1 and have decided not to go to North Edsa anymore after our conversation.

She displayed more empathy than any of the people I spoke with at GLOBE prior to her. Why do senior officers sound and act more human than their minions?

Anyway, according to her she'll be meeting with the management tomorrow and will provide me an update on how they will handle this for me.

UPDATE #3: July 5, 10:00 PM
I have just read a couple of messages that was sent to me last Saturday by a guy and his GF who said that they were also victims in this. As the recipient of the money taken out of my account, they said that they were also used. I have further inquired on how this came to be and will be waiting for their response. At this point, I would like to ask the public to refrain from being hasty in jumping to conclusions, as I have, until we put a face to the CCTV footage that I have requested GLOBE to produce for me.

Thanks for sharing my plight to your friends and families. This story has already gained attention and I hope that with this, our Telcos will take this matter seriously. As their subscribers, it is their duty to protect us and the data we entrust them of us.

Caballero also posted details of the transaction including the name and bank account of the receiver. In a separate comment, he also attached a screenshot of his conversation with a Globe employee.

Mainstream media has picked up Caballero's story and he has been interviewed by ABS-CBN News. Here's a video of the report:

For their part, Globe has warned subscribers against oversharing of personal information after the scammer almost got away with P48,000 had the bank cleared the request for fund transfer.

Anton Bonifacio, the telco's chief information security officer, told ABS-CBN News that this is their first time to encounter the scheme.

The company executive assured the subscriber that they are willing to show him the CCTV footage at the time when the scammer requested for a new SIM.

However, Caballero's legal counsel said Thursday in an interview with TV Patrol that they have yet to receive a copy of the CCTV footage. His lawyer also expressed dismay over the telco's lack of coordination with the victim's camp.