Sounds like you are under attack of your identity and accounts.
I’d be locking down bank accounts asap.
I am so frustrated. Not sure if anyone knows of this happening before but basically my phone provider has sent my PAC code to someone else which means they now have my number and mine is cancelled.
I phoned them up to ask what was going on and they said you requested the cancellation. I had to assure them that this wasn't the case.
Basically they have to now try and get my number (which I have had for 20 years) back from the other provider.
What's worse is any calls regarding work would come through this number so it is costing me money.
Today my email address password changed which is fishy enough but to change my email they sent a verification code to my phone.
It's been 6 days and they can't tell me how long it will be before I get my number back.
Anyone had any experience of this?
Sounds like you are under attack of your identity and accounts.
I’d be locking down bank accounts asap.
If they have your phone and email accounts, it seems nothing stops them changing passwords and accessing one-time passcodes and two factor authentication.
Seems like it would be wise to act fast until you can confirm you are not under threat.
Edit - there are many articles on this type of scam when you Google it.
I am glad I abandoned social media as it seems like this is where the scammers get most of their information.
Easy to work out your birthday, or your pets name for verification purposes when you post it all over social media.
https://www.which.co.uk/news/article...s-aEzeh1P6N6Z8
Last edited by noTAGlove; 4th May 2023 at 23:57.
Has your phone provider not got a fraud department? has your phone not got face or fingerprint if enabled?
Get 2FA/MFA on any accounts that support it ASAP.
Get and maintain an alternate phone # for a few months and update your personal details for all accounts ASAP (switch back as and when you can).
With only the PAC and phone number they may not know which services (banking etc.) you use yet, but they will slowly be figuring it out.
"Bite my shiny metal ass."
- Bender Bending Rodríguez
I might be making it up but I think Verv went through something similar a while back. There may be a thread with some good advice from then.
This is clearly targeted and they will want to use the 2FA SMS to log into bank accounts, take out loans, and drain you. Loans may even be with with lenders you don’t already have a relationship with.
I would contact all of your banks and see if they can limit withdrawals and stuff like that to in branch only or at least put additional markers on your accounts to ensure full fraud policies are followed.
Lost our home phone number thanks to a similar cock up - our neighbours were moving but somehow managed to cancel our phone.
Much less fraud risk than your situation obviously.
Hi
Who's your network provider & what's the process to get the PAC code released ? Presumably they knew enough about your account with them to successfully pass any security checks ?
Might want to keep a close watch on your credit report for now....
Best Neil
If you can (and PSA for everyone else) try and login to any sensitive websites that use your phone number for mult-factor authentication and try and change it to an app (i.e. Google Authenticator). This sort of thing is one of the main motivations behind hijacking peoples SIM's / Phone numbers, and a huge risk of banks, Amazon, etc, using SMS for security purposes.
This sounds so terrible and scary.
What i don’t understand is how one can change your password to your e-mail having a telephone number? You need the password in the first place to be able changing it??
Hi
I didn't know you could do this:
If you’re concerned someone may apply for credit in your name, you can add a password to your credit report to prevent fraudulent applications from being successful. This password will be seen by lenders or any organisations searching your credit report. They will then be required to ask the applicant for the password before accepting the application. If the password cannot be provided or is incorrect, the application will be unsuccessful.
See: https://help.creditkarma.co.uk/s/art...-credit-report
OP it might be worth doing this until things become a little clearer re whats happened to your PAC....
Best Neil
I put a CIFAS protective registration on my credit report when I had trouble with identity theft. It makes any application more difficult as extra information is required
Sent from my SM-A526B using TZ-UK mobile app
My GF had this problem - number got transferred from 3 to O2. Easiest way for her to get her number back was to take out a contract with O2 so maybe talk to the new provider to try to get your number back that way?
Been thinking about this. Ask for a copy of the PAC and then use it to go to a different network on PAYG. Once on that network request a PAC and move back.
Or just change network for a year and give another network a chance.
Have they been able to cancel the PAC? If they can't I would use it rather than the scammers.
Along these I suspect.
https://zsecurity.org/sms-spoofing/
Though I suspect that there is more going on in the background, on the surface it looks like a easy spoof so I tried to request a pac code from my phone & ran into this second layer of security, I’d be surprised if Vodafone were the only network asking for this.
My money would be on someone doing it in a shop.
I'm fairly sure they have to give it to you if you ask, they just prefer texting it.to you.
My GF got a text about it but ignored it as spam until she was cut off.
Her provider at the time couldn't help, but the provider it had been transferred to (O2 in her case) were able to help and yes it had been carried out in a shop and a new handset rolled in too.
She did get the number back within a few days, had to lock cards and bank account etc.
I’m surprised the code would be sent out without a message being sent to the phone first, pretty poor by the network provider.
I lost my mobile number about 10 years back when I was switching from a pay monthly to a PAYG deal with the same phone provider (vodaphone). They just screwed up and cancelled one number and created a new one. I was so annoyed, but despite hours of phone calls and escalations it ultimately came down to a ‘computer says no’ answer. Left them and would never go back.
Of course, much worse still when it’s a bad actor who has your number. Lots of good advise on this thread about notifying banks etc, moving 2FA to Microsoft/Google Authenticator apps where possible etc.
I have a friend who has an separate phone number on a cheap phone with a PAYG sim that he exclusively uses for 2FA on certain services (e.g. banks). I use to think that was overkill but am increasingly thinking it’s a good idea. As that number is only associated with his identify at trusted services like banks and gmail, it’s far less likely to come under any form of attack. The trouble is if a fraudster gets your name and number, you’re really reliant on some minimum wage shop assistant knowing better if a fraudster tries their luck in store.
I’ve always needed driving licence/passport for stuff like this in a shop. If not these the fraudsters could already have some sort of ID relating to OP.