T-Mobile: Spurious Account Takeover Warning

post by jefftk (jkaufman) · 2021-10-23T15:30:06.030Z · LW · GW · 7 comments

This morning, reading in bed, I got a very worrying notification:

This is the notification you would receive if someone was in the process of taking control of your phone number, which could then give them access to other accounts where you had used that phone number as a backup or for two-factor authentication. So I was very concerned!

In case this was a different sort of scam, however, I wasn't about to call the phone number (which could be anyone) but I visited the website and talked to someone over chat. They confirmed that my pin had been changed, but also said that since I have a prepaid account they couldn't tell me more than that. They told me to call T-Mobile customer support at 611.

When I called 611, they looked into it, and said that this was an automatic message sent as part of migrating my account to a new billing system. They confirmed no one had reset my pin other than their automated system.

I'm disappointed in T-Mobile for either not realizing their migration would trigger this message, or deciding to go ahead with it despite the user impact.


Comments sorted by top scores.

comment by Gunnar_Zarncke · 2021-10-24T11:38:36.106Z · LW(p) · GW(p)

I have  30 years of experience in IT as a user and developer and often integrating with external systems - sometimes with big corporations. The pattern that I see is that all companies, big and small are mostly cooking with water. Often lukewarm water. This is especially true if the interfacing is in areas that are not the core product/business of the company. Things look shiny on the outside. But under the hood a lot of compromises are made. Tech in financial processes are often far behind. I can evaluate this only in tech but Gell-Mann Amnesia tells me that it is probably the same elsewhere. Inadequate Equilibra everywhere. Society has just grown big very fast. It is just growing pains. On th other hand, Paul Graham would probably say it is a great potential for startups.

comment by walkers · 2021-11-10T04:50:34.567Z · LW(p) · GW(p)

Why do you have a prepaid T-Mobile account?

Replies from: jkaufman
comment by jefftk (jkaufman) · 2021-11-11T13:10:04.947Z · LW(p) · GW(p)

5GB for $30/m is quite good for the US

Replies from: walkers
comment by walkers · 2021-11-11T16:28:37.479Z · LW(p) · GW(p)

Have you heard of Tello (a T-Mobile MVNO)? I pay $7/m for 1GB, but they have 6GB plans for $24/m

comment by Pattern · 2021-10-23T16:43:05.335Z · LW(p) · GW(p)

It almost sounds like they just found out which customers are vulnerable to a phishing attack.

comment by aphyer · 2021-11-11T13:15:57.384Z · LW(p) · GW(p)

When you say you visited 'the website', did you visit the site from the link, or did you independently find the T-mobile webpage? If the former, are you certain you went to the real T-mobile site?

Replies from: jkaufman
comment by jefftk (jkaufman) · 2021-11-12T02:53:13.229Z · LW(p) · GW(p)

The latter.