A High River woman counts herself lucky to have caught a mobile hijacker before her personal information was completely compromised.
Amanda Doherty received a text message around 6:40 p.m. on Feb. 3 that read, “Rogers has received a request to transfer your telephone number to another Service Provider. If you did not authorize, contact Rogers urgently.”
Assuming it was a spam message, she did not click on or call the attached phone number.
“With all the scams going around I wasn’t just randomly calling some number I received through text,” said Doherty.
She and her husband began researching the 1-877 phone number in the message to see if it was legitimate, and finally Doherty decided to call Rogers’ customer service line to ensure her account was safe.
Ten minutes later, while on hold, the call was disconnected and when she checked her phone said “No Service.”
They used her husband’s phone to call Rogers.
“When we finally got through to them they said, ‘Your number is no longer with us, it’s been transferred to Bell,’” said Doherty.
Her phone number had been hijacked, and ported to a different carrier. Rogers told Doherty it could attempt to retrieve the phone number but in the meantime she would have to visit a Rogers location and set up a temporary number so they would have somewhere to transfer her digits.
The account had been closed, meaning her bill would be hit with cancellation charges for backing out of her contract before it was up – even though she hadn’t authorized the switch.
Rogers assured her those fines would be reversed, but the nightmare wouldn’t end there.
“While we were dealing with them I looked at my phone and got an email that said my email address password had now been changed,” said Doherty. “So they had hacked into my email.”
The hijacker had been able to reset the password using the cellphone number she had attached as part of the two-factor authentication process many servers recommend or require for security, she said.
“I immediately ran to my computer and got online with my bank and froze all of my accounts and went on PayPal and closed everything out and shut everything down,” said Doherty.
She was one of the lucky ones.
A woman in Toronto fell victim on Jan. 18 when she also ignored the text message, presuming it was spam. Her number was ported two hours later and the hijacker broke into her email account, where it was possible to access her Amazon account, signing up for Prime and spending $800 on PlayStation systems, according to a CityNews article.
Her husband said there has been reports of someone in Okotoks also being a victim on Feb. 2, though their identity and the full impact on their personal information is unknown.
“It does seem like I caught it fast enough,” said Doherty. “I didn’t have any money missing, I haven’t had any sort of thing except I know they got into my personal email address because they changed my password.”
Her parents contacted Rogers as they also use the carrier and were told the scam has been around since 2014, though it waned for a few years and seems to be returning in full force.
She said the biggest issue seems to be the lack of time to react. Though she hadn’t called the number provided via text, she was on the line with Rogers when her phone service was cut off.
“I had 10 minutes from the time I got the text message until the time my phone got disconnected,” said Doherty. “The law has to change about porting numbers. Just sending a text message – what if I was in the shower, or what if I was travelling and out of the country?
“I feel like something has to change somewhere, I just don’t know how to go about doing it.”
She said the impact could have been far worse for her, if she hadn’t noticed the change in email password right away. All her business accounts have two-factor authentication with her cellphone number as well.
Her mind was spinning Monday night as she considered everything that could be compromised, and Doherty said she hopes hearing about her situation might help someone else avoid a similar attack.
“I know what it’s like to go through one day of this and I feel like I didn’t even get it that bad, she said. “I couldn’t imagine if they had gotten deeper and further into my stuff what it would entail to go through.
“I basically lost a whole day of work, a whole night of sleep. So any way I can help to prevent anyone else from going through it I’m happy to do so.”
She did report the incident to High River RCMP, and Sgt. Jason Cann said Doherty did the right thing by ignoring the text message phone number, because it’s difficult to know whether those texts are legitimate.
“Go to the original source, is what we suggest,” said Cann. “If you have concerns, don’t always call the number that’s provided to you through a text or email.”
He said it’s best to check a company’s website and contact the provider through its customer service line, like Doherty did. Otherwise the victim is rendered helpless, he said.
It’s also wise to get in touch with your bank and other services immediately, he said.
“Hopefully in dealing with some of the companies directly they can tell you they’ve seen this, here’s what you could expect,” said Cann. “It’s hard to know. There are so many new scams coming out daily and it’s difficult to tell what steps to take first.
“I think she did the right thing.”