Skip to main content
A scary good deal on trusted journalism
Get full digital access to globeandmail.com
$0.99
per week for 24 weeks SAVE OVER $140
OFFER ENDS OCTOBER 31
A scary good deal on trusted journalism
$0.99
per week
for 24 weeks
SAVE OVER $140
OFFER ENDS OCTOBER 31
// //

Canada saw a rash of phone number fraud attacks over a 10-month period spanning from mid-2019 to 2020, according to data obtained by The Globe and Mail.

The data, obtained through an access to information request, provide the first-ever glimpse into the prevalence of attacks known as SIM swaps and fraudulent customer ports in Canada. The fraud involves a scammer impersonating a customer in order to commandeer his or her phone number, and then using the phone number to reset passwords to the victim’s e-mail, banking and other online accounts.

According to the data, which were obtained from Canada’s telecom regulator, 24,627 unauthorized number ports and SIM swaps occurred between August, 2019, and May, 2020. (The figures may include instances where a customer’s phone number was ported to another carrier in error rather than because of fraud.)

Story continues below advertisement

The majority – 21,589 – of the incidents were fraudulent customer ports, which occur when, by impersonating a mobile customer, a scammer is able to transfer or “port” that customer’s phone number to the scammer’s account at a different wireless carrier. By gaining control of the victim’s phone number, the fraudster is able to reset the victim’s password on banking, e-mail and other applications that rely on text-message based, two-factor authentication. The attack takes advantage of rules meant to make it seamless for customers to switch wireless providers.

The remaining 3,038 attacks involved SIM swaps, where the scammer calls the customer’s mobile service provider, claiming their phone has been lost or stolen and requesting to link the victim’s phone number to a new SIM card that the scammer controls. (SIMs, or subscriber identity modules, are the tiny chip-containing cards that connect cellphones to wireless networks.)

A data analysis by The Globe found that nearly 1 per cent of customer transfers, or ports, during the 10-month period were unauthorized. The proportion of unauthorized ports hit a peak of 2.5 per cent in April, 2020.

The Canadian Radio-television and Telecommunications Commission started collecting statistics from wireless carriers on SIM swaps and fraudulent customer ports in 2020, but despite pressure from consumer advocates has repeatedly declined to release that data to the public. The CRTC initially redacted the figures when it responded to The Globe’s information request in August, 2020, but a year later agreed to release them after a complaint filed by The Globe with the Office of the Information Commissioner of Canada.

The Public Interest Advocacy Centre (PIAC), an Ottawa-based consumer group, has been calling for greater transparency around SIM swaps and port fraud in Canada, arguing in filings with the CRTC that the public interest of disclosing the data outweighs the potential harms to the telecom industry.

The telecoms, meanwhile, say releasing the figures and the steps that they have taken to tackle the problem would allow the scammers to find ways to get around the security measures.

The CRTC recently disclosed the total number of unauthorized ports and SIM swaps declined by 95 per cent from October, 2020, to May, 2021, owing to new security measures undertaken by the carriers. John Lawford, PIAC’s executive director, said the regulator should go further and disclose the monthly totals, as well as what the new security measures entail.

Story continues below advertisement

“We can’t tell consumers how to avoid the fraud because we don’t know exactly what steps [the telecoms] are taking – and saying ‘trust us’ is not good enough,” Mr. Lawford said in an interview.

Tara Howlett, a controller based in Brampton, Ont., was chatting on her cellphone one day in January, 2020, when suddenly her line went dead. She initially assumed it was a network outage, but when she reached her wireless provider she learned her number had been ported to a different carrier. (Ms. Howlett had received a text message from her carrier about the requested transfer the night before but had dismissed it, assuming it was a scam.)

As Ms. Howlett scrambled to regain control of her identity, the fraudster siphoned $10,000 out of her bank account through PayPal transactions and ordered items ranging from a Nintendo Switch to a dog bed using her Amazon credentials. The experience was “beyond” stressful, Ms. Howlett said.

“I was trying to prove who I am and I couldn’t because I didn’t have my phone number, my e-mail – I didn’t have access to these things,” she said. “I felt helpless.”

Although it took several weeks, Ms. Howlett was able to regain access to her accounts and reverse the financial transactions. Not all port fraud and SIM swap victims are so lucky, however.

“The consumer losses can be significant and life changing,” Mr. Lawford said.

Story continues below advertisement

In 2020, the Canadian Anti-Fraud Centre received 1,118 reports of SIM swaps and port frauds – a sharp increase from 37 reports the previous year. In 2021, the centre has received 155 reports so far.

The Canadian Wireless Telecommunications Association, an industry group, said in a statement that its members take issues relating to customers’ privacy and security seriously. “As fraudsters employ new techniques to try and take advantage of consumers, our members respond by implementing new security measures and procedures.”

Your time is valuable. Have the Top Business Headlines newsletter conveniently delivered to your inbox in the morning or evening. Sign up today.

Your Globe

Build your personal news feed

  1. Follow topics and authors relevant to your reading interests.
  2. Check your Following feed daily, and never miss an article. Access your Following feed from your account menu at the top right corner of every page.

Follow the author of this article:

Follow topics related to this article:

View more suggestions in Following Read more about following topics and authors
Report an error Editorial code of conduct
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

If you do not see your comment posted immediately, it is being reviewed by the moderation team and may appear shortly, generally within an hour.

We aim to have all comments reviewed in a timely manner.

Comments that violate our community guidelines will not be posted.

UPDATED: Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies