An international student in Cape Breton says that a recent transfer of his cell phone number, without his consent, highlights the potential safety risks for all mobile phone users in Canada.
On the morning of December 30, 2024, Huijun Long received a notification in the Virgin Plus application that its telephone number with the company had been canceled. It turns out that his number had been “error” to a Bell mobility account.
“I was really anxious because all my bank information and the information of other accounts are connected to the phone number,” Long said.
Like millions of other customers, she regularly uses her mobile phone number as a two -factor authentication, a safety method that requires two forms of identification to access websites, software or data.
Long said he felt insecure without knowing who had access to his number during the six -day period that he did not have his phone number.
She said she repeatedly requested that the number be suspended, what was done after coming and going with multiple customer service agents on the first day.
“I asked them: ‘Why do you ask me about my personal information, you are very cautious about it, but transfers my phone number so easily without any notification?” Long said.
The company confirms that its number was transferred into a Bell retail location in Halifax. Virgin Plus is owned by Bell.
“Bell apologizes for any inconvenience that this situation caused to the client,” said spokesman Geoff Higdon in a statement.
According to Bell, Long’s phone number was removed from the other Bell Mobility account the same afternoon.
Bell said the experience “is not typical” and that the company found no evidence that it suggests that Mrs. Long’s information was compromised. “
In a statement, Higdon said that this incident is rare and, although “people can transfer or ‘carry their number between bearers, and despite the mechanisms to prevent fraud and errors during that process, the service of this client It was interrupted due to a human error.
Ali Dehghantanha, President of the Research of Canada in cybersecurity and intelligence of threats at the University of Guelph, said that although Long’s case was determined as a human error and not fraud, he had every right to worry about someone more than potentially won the control of your mobile. number.
“If you are at the hands of wrong people, they can misuse significantly. And if it becomes a case of identity theft, recovering that would be very difficult,” said De Hghantanha.
“It could cause serious and serious damage.”
Claudiu Popa, founder of Knowledgeflow Cybersecury Foundation in Toronto, agrees that it is a valid concern, especially because the data can be transferred in a matter of minutes, or even seconds.
“Every time your phone number is assigned to another person, it not only means that your phone calls will pass through another person’s phone,” Popa said.
“It means that all their communications, their unique passwords that are sent to their device, their communications with their chat groups and their personal networks on social networks will also be kidnapped.”
SIM exchange
The exchange of illegitimate SIM cards has become a growing concern in the telecommunications industry in recent years and the industry regulator is closely monitored, the Canadian Telecommunications Commission Radio-Television (CRTC).
In a letter to CRTC in 2020, the Canadian Telecommunications Association described how the mobile transfer process has been attacked by scammers.
“Once scammers have customer personal information, they can run a SIM-SWAP or wireless port, and roll all text messages and telephone calls to their own device,” the letter said.
“In the case of two factors authentication, these new codes are sent to the scammer device and then obtain control of the victim’s accounts.”
Last summer, Toronto Police intercepted a SIM-Swap scheme That directed 1,500 cell accounts throughout Canada and resulted in 10 arrests.
Geoff White, executive director of the Public Interest Defense Center, which is a non -profit national organization, said the case of Nueva Scotia indicates the broadest risks for consumers.
“What highlights me is the vulnerability of a customer’s personal information,” White said. “The electronic SIM card is similar to your personal identity at this time.”
Cybersecurity experts Popa and Dehghantanha told CBC News that retail telecommunications stores and call centers are particularly vulnerable to SIM exchange scams because employees can be manipulated.
In the follow -up statements, Bell said that retail employees receive “all necessary training, regular coaching and supervision to ensure that policies and procedures are followed” by accessing customer accounts.
“Bell and its subsidiary brands follow the standard industry procedures when numbers of other Canadian operators are carried, which includes the authentication of SMS of two factors where the client whose number is being carried out accepts the transfer before the process is completed “Higdon said.
“Transfers between the various brands of an operator (Virgin Plus to Lucky Mobile, for example) are carried out through a safe internal process, since our systems allow us to verify the client.”
The Canadian Telecommunications Association said that while protecting consumers is a “priority”, it does not reveal details about security measures.
The reason is to “prevent criminals from obtaining knowledge of how our industry continues to evolve protections to stay ahead of threats,” said spokesman Nick Kyonka in a statement.
“At the same time, these safeguards must balance safety with accessibility, ensuring that all customers, including those who do not have a telephone number or alternative email, can access their accounts when necessary.”
The association said that service providers implemented new security measures in 2020, and as a result, the CRTC reported a 95 percent decrease in transfers of unauthorized mobile numbers and fraud related to SIM for a period of six months.
But CRTC will not release public statistics related to transfers of unauthorized mobile numbers, citing confidentiality.
“The CRTC continues to depend on the Canadian Telecommunications Association (CTA) and telecommunications service providers to find solutions for Canadians to address transfers of unauthorized numbers, known as SIM exchange,” said CRTC spokesman Megan Maclean in A written statement.
“His efforts to prevent fraudulent activities have helped reduce these cases.”
The Public Interest Defense Center is not satisfied with the lack of public dissemination on this issue. White says his group has been asking for a public investigation.
“The problem is that information about this problem has been presented confidentially, so we really do not have a sense of the scale of the problem, although we know it is significant,” White said.
Last year, the Committee for Complaints for Telecom-Television Services said it tracked 40 problems related to unauthorized wireless transfers in Canada. This month, Long added his complaint to the list.
As a newcomer to Canada less than two years ago, Long did not know where to resort to verifying that his personal accounts were safe.
He is not satisfied, despite an apology from the company.
“My personal information was at risk and I’m not sure if there was an information leak,” he said.
“I still don’t know how the transfer happened, who is responsible for it or how Virgin plans to avoid this type of error in the future.”
