This poor woman was out $17,300 for three months before the bank finally admitted their procedures need improvement. This happened despite the fact that she was using 2FA and they don’t say which, but I think it’s pretty clear she used SMS rather than an OTP tool like Authy or Duo.

OK, so what do I always say? It goes something like this:

You should treat a post paid carrier phone number just like your driver’s license or social security number.

And that’s really all there is to say regarding the justification. Here is what I suggest you do immediately if you’ve got a post paid phone number:

• Get a Google Voice number using the Gmail account that you treat as your digital identity.

• Start transitioning all your family and friends to that number.

• Consider forwarding your post paid number to the Google Voice.

• Brace yourself, you will need to retire your post paid number.

This was already on my mind today, as I happened to pick up prepaid cards for a couple of phones. I stopped to look at TracFone, as it’s the best carrier for high security/rare use phone numbers. You can get a smart phone for $40 and a minimal one year plan for $100. I haven’t taken this step yet but the next big project I complete I’m gonna sink $240 into a setup like this for the things that demand a carrier number rather than Google Voice, but which I don’t need to use on the phone on a regular basis.

What are the things that demand a carrier number and need to be with you?

• Ride share apps like Lyft and Uber.

• Any online thing that handles cryptocurrency or fiat.

• Some bank apps demand this.

Bank wise, in the unlikely case I ever have any money again, you do not need to have your main accounts on a device in your pocket or purse. There are a couple things on my phone that have a money aspect to them but the total value is only about $300. Losing this would annoy me, not destroy me.

About Those Housing Scams:

If you read San Francisco Studio Simulacra you know I went as far as arranging a showing of a studio near the Dragon Gate, despite our suspicions of the “landlord”. The last step was receiving a background check form, which asked for …

• Full Name

• Mother’s Maiden Name

• Phone Number

• Email

• Street Address

• Employer

• Bank Account

• And On And On And On

Most of it seemed reasonable for a background check from a legitimate landlord. But that’s just about everything a fraudster would need for a quick identity theft to SIM swap crime. My friend in the Bay Area is in a similar situation to me - professional, but with challenges, and seeking an inexpensive place.

I have not seen anything about this theory, but I bet there are some high end rental scams run by native speakers who are here in the area, and I wonder how many of the 2,000 victims mentioned in this piece were trying to rent or buy something as the first step in their trouble.

And pay attention to the blond woman in the second video. $200,000 lost, sounds like only some of it recovered, and they’ve never caught the perp. I will say this again: I know it’s a hassle but the device that you have on you should not be the keys to your entire kingdom. Having no more than you can afford to lose accessible on your mobile just seems like common sense to me.