West Kelowna enterprise proprietor’s telephone was hacked by way of SIM swap with stolen Telus worker credentials – West Kelowna Information

Photo: Contributed

A West Kelowna business owner warns the public of a new scam that has breached Telus’ security.

Jan, who refused to use his last name for fear of repercussions as a business owner, lost hundreds of dollars in bitcoins after his phone number was stolen.

About a week ago, Jan’s phone suddenly lost connection to the network. He didn’t realize it until the next morning when he got to a construction site in Penticton and found he was missing calls. His phone didn’t work until he restarted it.

The next day, his email account was hacked. Jan says the hackers managed to hijack his phone number and use it to confirm a code to change his email password.

When Jan got access to his email account again, he found that someone had accessed the account he used to buy bitcoins and stole them all.

After talking to Telus about the incident, Jan said things had not become clearer. Phone calls and emails to him did not work or were also viewed as fraudulent. Eventually he received confirmation of the hacking and learned that others were also affected.

“[The Telus representative] admitted on the phone that I wasn’t the only one, “said Jan.

In an email from Telus to Jan received from Castanet, the company confirmed that someone had broken into Jan’s phone at the end of Telus.

“We are writing to inform you of an incident that may affect your personal information. Telus recently discovered a security breach that affected your account when a SIM swap was performed on your account by an unauthorized person. Our investigation found that a scammer who logged in with stolen Telus employee credentials did not properly access your account, ”the email stated.

“I’m mad that a phone company has no security rights and someone can take over your phone number,” said Jan. “If they take over your phone number, they can take over your email account.”

Jan said he found out that his phone number was specifically for his Bitcoin account.

“It is worrying to me that I am a target because of my bitcoins. How do you know? “He said.” I didn’t even tell people I had bitcoins, none of my friends knew. “

“Now you have your phone number, your email account, you can reset your passwords, all of your security is gone.”

Jan added that he was surprised because he used “pretty difficult passwords” and had never given out any information.

“I’m just shocked … I think people need to know about this, they can take over your phone, you lose control, lose your money,” said Jan. “It’s my business phone, I lost money because I did lost company.

“They have billions in one company and their security is bad and if something happens they don’t really take responsibility for it … They offered me a one year discount for $ 30 and one year renewal protection through an identity theft company . “

Telus made the following comment via email:

“Telus has robust protocols in place to protect the privacy and security of our customers. Unfortunately, one of our team members was deceived by a criminal into providing information that shouldn’t have been made to be helpful. Our policies and procedures are specifically designed to protect developed before this type of fraud. This is a targeted measure to gain control of a customer’s phone number to access financial accounts, but in this case they have not been properly followed by the team member and have contacted the small number of affected customers, to apologize and inform them of the steps we have taken to secure their accounts. We take this matter very seriously, which is why we have reported the incident to law enforcement agencies and the Office of the Data Protection Officer of Canada. “