When Ian Caballero lost his cellphone signal on Thursday, July 2, he called up his network service provider, Globe Telecom, to inquire about what happened. He was told by the customer service representative that he asked for a SIM replacement in the North Edsa branch a few hours before he called, but he replied that that was impossible, because he was home, sleeping.
By the time Ian activated a new SIM card the next day, he realized that he couldn’t access his MS Outlook, three Gmail accounts, and Facebook account. He also lost P48,000 from his BDO bank account.
Watch Ian's full interview here:
So how did this happen? Here’s how the scammer probably did it: The cyber criminal accessed Ian’s email using his mobile number, which also served as a password reset or recovery option. You know that SMS code you get when you have forgotten your password on Facebook and Gmail? That one.
Once inside Ian's Gmail, the thief saw his victim's online banking transactions, and with that information, an online money transfer was processed from Ian’s BDO account to a Security Bank account. It was as easy as clicking “Forgot password” in Ian’s online BDO account and providing his mobile number to verify his identity.
According to Globe Telecom, the person who filed for a replacement SIM had an authorization letter and a copy of Ian’s ID. Globe has yet to provide CCTV footage.
Fortunately, BDO was able to return his money, since Ian alerted them before the transfer was processed.
Lesson learned: That supposedly ~*genius*~ mobile recovery password system using your mobile phone is flawed in so many ways. It’s better to use a secure password that isn’t linked to your phone.
Globe Telecom will issue a statement within the week.
Follow Jillian on Instagram.