Sefton Fincham was travelling between Anaheim and West Hollywood when he first noticed something wasn’t right.
Fincham, a Vancouver entrepreneur and film producer, was in the US on a work trip recently, and was using the GPS on his phone for directions while travelling with his business partner.
All of a sudden, there was a “signal change” on his phone, he said.
Then, the device “started lagging and all of a sudden, it said there was no service.”
Fincham told Daily Hive the situation was made even more odd by the fact that his business partner’s phone seemed to be absolutely fine at the exact same time. However, the pair speculated that it might be because they were on different carriers, and didn’t think much more of it – that is, until they arrived at their destination, and he reconnected to WiFi.
“All of these emails started coming up …telling me things like my Hotmail account had been successfully changed, my Google information had changed, numerous emails warning me of suspicious activity,” he said.
Fincham estimated that in total, “there were probably at least 15 emails that came in, and I thought ‘wow, this is kind of weird.'”
He thought the first email might just be a mistake, “but then I noticed that they were all coming in at once, and all looked really legit.”
At that point, he “realized something was up.”
He spoke with another person who told Fincham they had seen something similar happen before, and advised him to get on the phone with his cell phone provider, Rogers, to get it sorted out, “because it was a really big deal.”
So that’s what Fincham did. And that’s when things got even stranger.
Unable to use his own phone, Fincham used his business partner’s phone to call Rogers.
“I gave them my phone number, and the first rep told me the phone number had been transferred and the one I gave him was cancelled,” he said.
Fincham, an eight-year client of Rogers, knew this couldn’t be the case.
Still, he recalled that the sales rep insisted that his number had been ported out to Bell earlier that day, and told Fincham he’d ultimately have to phone Bell to sort the problem out.
Hoping for a solution, Fincham contacted Bell.
However, rather than clarification, the whole situation became fuzzier.
Fincham said Bell told him the company didn’t require identification to port out a number, “but they told me the move had been authorized by me.”
After further back-and-forth the Bell rep told him to call Rogers again and link him on the call – which he did.
However, “as soon as the went to link them, the call failed, because there’s a system in place where they actually can’t talk to each other,” said Fincham.
At this point, he called Bell back, who put a lock on his number, and following this move, Fincham called Rogers again.
“I explained that all my info had been compromised, and a person I talked to told me he had actually heard of this happening before and told me it was going to get figured out,” he said.
But now, there was another worrying factor in the situation.
“The person I talked to told me that she could see there had been calls made with my number multiple times to try and gain access to my account, and they finally came up with the right verification information and spoke to a rep,” he said.
He questioned the rep as to why no one thought it was suspicious that someone claiming to be him called multiple times trying to access his account. He says the rep responded that the company would never give up information.
After arriving back in Canada, Fincham said he was able to get his number back from Rogers, and the company’s management team has since apologized for incident.
As for the question as to how access to his account could have been gained, he says Rogers told him that of the numerous times the hackers had called trying to gain access to his account, it appears that some of these attempts were made using phone-mimicking software, which would have shown a legitimate connection to the number – especially since some of the attempts were made using the Rogers online help portal.
Still, Fincham said Rogers isn’t trying to excuse what happened, or let the situation slide.
“They told me they’re taking it extremely seriously, they don’t take fraud lightly, and that they are going to investigate how this all happened,” said Fincham.
In a statement to Daily Hive, Rogers said it takes the privacy and security of its customers very seriously.
“As fraudsters use constantly evolving techniques to try and take advantage of consumers across the wireless industry, we continually strengthen our security measures and verification procedures to protect our customers against fraudulent activity,” the company said.
“We reinforce this with our ongoing training in authentication best practices for our frontline team members, supported by our dedicated cyber security and anti-fraud teams who monitor for potential threats.”
At the end of the day, Fincham said the situation highlights the importance of keeping personal information secure, and hopes the story serves as a warning to others.
“I think people need to realize how vulnerable you can be – especially because it shouldn’t have to be this way,” he said.