<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div class="">All this SIM swap protection is a good idea for all of us, but I don\u2019t think that you (Suzannah) were the victim of a SIM swap. </div><div class=""><br class=""></div><div class="">A SIM swap would have caused your phone to stop working almost immediately (\u201csubstantially immediately\u201d).</div><div class=""><br class=""></div><div class="">Since, as I understand it, your phone still works, you were not the victim of a SIM swap.</div><div class=""><br class=""></div><div class="">More likely, they have (or had) your email password to do the Amazon crap.</div><div class=""><br class=""></div><div class="">Even if you change your email password, make sure that they have not set an auto-forward rule on your email account. </div><div class=""><br class=""></div><div class=""><br class=""></div>Also, maybe this T-Mobile link was already shared, I have lost track:<div class=""><br class=""><div class=""><a href="https://www.t-mobile.com/support/plans-features/help-with-t-mobile-account-fraud" class="">https://www.t-mobile.com/support/plans-features/help-with-t-mobile-account-fraud</a></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><div><br class=""><blockquote type="cite" class=""><div class="">On Oct 2, 2025, at 9:07 PM, Rick Neifeld via Patentpractice <<a href="mailto:patentpractice@oppedahl-lists.com" class="">patentpractice@oppedahl-lists.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div dir="ltr" class=""><div class="">1. On T-Mobile login, I am presented with the options of using my local TOTP generator or receceving a text containing the TOTP. I guess your concern is that someone using T-Mobile's DIGITS service can get that texted TOTP. A texted TOTP is vulnerable to a SIM swap attack. (Where someone impersonates you and transfers your SIM to a new device.) The DIGITS app authentication process has the same fundamental flaw, vulnerable to a SIM swap attack. My review of the DIGITS app authentication process is that it relies exclusively on a text message to "your" phone (or the thief's phone if a thief succeded in porting your account to their phone) to complete its own authentication that you are who you say you are. Again, vulnerable to a SIM swap attack. </div><div class=""><br class=""></div><div class="">2. But T-mobile has a separate secret code process to prevent SIM swaps attack. See Under Account, settings, SIM protection. Here you can turn ON the SIM Protection. This feature requires the entity requesting a SIM swap to provide a unique 6 to 15 digit PIN to effect the SIM transfer. But I do not see a way to get a new PIN now, and I do not have a record of such a PIN. I hesitate to turn on this feature until after I know from T-mobile what my PIN is.</div><div class=""><br class=""></div><div class="">3. Other things you can do in T-mobile to limit the chance your user ID and pswd are compromises, and prevent other hassles:</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">In privacy settings, turn OFF the following:<br class=""><br class="">"Let us share your individual data with trusted third parties for public and scientific research purposes."<br class="">All "Advertising options"<br class="">All "Sharing certain financial information"<br class=""><br class="">In privacy setting, turn ON the following:<br class=""><br class="">"Share your data to help protect you against fraud and identity theft"<br class=""><br class="">In "Do not sell or share my personal information"<br class="">Turn OFF all options.'<br class=""><br class="">In "Mobile Advertising ID Opt Out" find your cell phone's advertising ID (32 or so digits long), enter it in the interface, and click Opt Out.<br class=""><br class="">In "Block calls and messages" enable "Block Scam Likely Calls"</div><div class=""><br class=""></div><div class=""><br class=""></div><br class=""></div><br class=""><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Thu, Oct 2, 2025 at 5:41\u202fPM Suzannah K. Sundby via Patentpractice <<a href="mailto:patentpractice@oppedahl-lists.com" class="">patentpractice@oppedahl-lists.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg2923038958626298606">
<div lang="EN-US" style="overflow-wrap: break-word;" class="">
<div class="m_2923038958626298606WordSection1"><p class="MsoNormal"><span class="">So, considering my issue with unauthorized accounts associated with my Amazon account.<u class=""></u><u class=""></u></span></p><p class="MsoNormal"><span class=""><u class=""></u> <u class=""></u></span></p><p class="MsoNormal"><span class="">I decided to <span class="m_2923038958626298606GramE">
look into</span> SIM card hacking, etc.<u class=""></u><u class=""></u></span></p><p class="MsoNormal"><span class=""><u class=""></u> <u class=""></u></span></p><p class="MsoNormal"><span style="background:yellow" class="">PSA: Check your cell phone and take measures to secure/lock your SIM card.<span class="">
</span>Read more here.<span class=""> </span><a href="https://securityscorecard.com/blog/sim-card-hacking-what-it-is-how-it-works-and-how-to-protect-yourself/" target="_blank" class="">https://securityscorecard.com/blog/sim-card-hacking-what-it-is-how-it-works-and-how-to-protect-yourself/</a></span><span class=""><u class=""></u><u class=""></u></span></p><p class="MsoNormal"><span class=""><u class=""></u> <u class=""></u></span></p><p class="MsoNormal"><span class="">I have T-Mobile.<span class="">
</span>After checking out the T-Mobile app, which I never did use before (I was previously Sprint).<span class="">
</span>I discovered that one can also set up <span class="m_2923038958626298606SpellE">2FA</span> for logging into T-Mobile\u2026 which I guess is essential to protect one\u2019s cell phone and SIM card.<u class=""></u><u class=""></u></span></p><p class="MsoNormal"><span class=""><u class=""></u> <u class=""></u></span></p><p class="MsoNormal"><span class="">It seems I already had SIM card protections toggled on.<span class="">
</span>Whew.<u class=""></u><u class=""></u></span></p><p class="MsoNormal"><span class=""><u class=""></u> <u class=""></u></span></p><p class="MsoNormal"><span class="">But, in reviewing security options\u2026 T-Mobile has something called DIGITS, which lets one use one phone number to talk and text on multiple devices.<span class="">
</span>WTF?!?!?!<u class=""></u><u class=""></u></span></p><p class="MsoNormal"><span class=""><u class=""></u> <u class=""></u></span></p><p class="MsoNormal"><span class="">I tried toggling this OFF, but then a
<span class="m_2923038958626298606GramE">warning pops</span> up saying if I disable then I can no longer receive texts and emails, etc.<span class="">
</span>WTF?!?!?!<u class=""></u><u class=""></u></span></p><p class="MsoNormal"><span class=""><u class=""></u> <u class=""></u></span></p><p class="MsoNormal"><span class="">Nevertheless, the app indicates that there are no additional devices using my account/phone number\u2026 Whew.<u class=""></u><u class=""></u></span></p><p class="MsoNormal"><span class=""><u class=""></u> <u class=""></u></span></p><p class="MsoNormal"><span class="">But still\u2026<span class="">
</span>Why does toggling off DIGITS (to prevent other devices from using my phone number) turn on \u2018Device Block\u2019 which per T-Mobile \u201cIf you select this service [Device Block], you will no longer be able to send or receive any type of message.\u201d<u class=""></u><u class=""></u></span></p><p class="MsoNormal"><span class=""><u class=""></u> <u class=""></u></span></p><p class="MsoNormal"><span class="">I mean\u2026 WTF\u2026 It\u2019s just like Amazon whereby others can create associated accounts using my cell
<span class="m_2923038958626298606GramE">number</span> but I can\u2019t remove my cell number from my account,
<span class="m_2923038958626298606SpellE">etc</span>\u2026<u class=""></u><u class=""></u></span></p><p class="MsoNormal"><span class=""><u class=""></u> <u class=""></u></span></p><p class="MsoNormal"><span style="background:yellow" class="">Anyway, PSA: Check your cell phone and take measures to secure/lock your SIM card.<span class="">
</span>Read more here.<span class=""> </span><a href="https://securityscorecard.com/blog/sim-card-hacking-what-it-is-how-it-works-and-how-to-protect-yourself/" target="_blank" class="">https://securityscorecard.com/blog/sim-card-hacking-what-it-is-how-it-works-and-how-to-protect-yourself/</a></span><span class=""><u class=""></u><u class=""></u></span></p><p class="MsoNormal"><span class=""><u class=""></u> <u class=""></u></span></p><p class="MsoNormal"><span style="font-size: 10pt; font-family: "Century Gothic", sans-serif;" class=""><a href="http://www.linkedin.com/in/ssundby/" target="_blank" class=""><span style="text-decoration: none;" class="">Suzannah
K. Sundby</span></a></span><span style="font-size:10pt;font-family:"Century Gothic",sans-serif" class="">
<b class=""><span style="color:rgb(0,0,204)" class="">|</span></b> Partner<u class=""></u><u class=""></u></span></p><p class="MsoNormal" style="margin-top:4pt"><span style="font-size:11pt;font-family:"Aptos",sans-serif;color:rgb(0,0,204)" class=""><a href="http://www.canadylortz.com/" target="_blank" class=""><u class=""><span style="font-size:10pt;font-family:"Century Gothic",sans-serif;text-decoration:none" class="">canady
+ lortz</span></u><u class=""><span style="font-size:8pt;font-family:"Century Gothic",sans-serif;text-decoration:none" class="">
<span style="font-variant:small-caps" class="">LLP</span></span></u></a></span><span style="font-size:11pt;font-family:"Century Gothic",sans-serif;color:rgb(0,0,204)" class=""><u class=""></u><u class=""></u></span></p><p class="MsoNormal"><span style="font-size:9pt;font-family:"Century Gothic",sans-serif" class="">1050 30th Street, NW<u class=""></u><u class=""></u></span></p><p class="MsoNormal"><span style="font-size:9pt;font-family:"Century Gothic",sans-serif" class="">Washington, DC 20007<u class=""></u><u class=""></u></span></p><p class="MsoNormal" style="margin-top:4pt"><span style="font-size:9pt;font-family:"Century Gothic",sans-serif" class="">T: 202.486.8020<u class=""></u><u class=""></u></span></p><p class="MsoNormal"><span style="font-size:9pt;font-family:"Century Gothic",sans-serif" class="">F: 202.540.8020<u class=""></u><u class=""></u></span></p><p class="MsoNormal" style="margin-top:4pt"><span style="font-size:11pt;font-family:"Aptos",sans-serif;color:rgb(0,0,204)" class=""><a href="mailto:suzannah@canadylortz.com" target="_blank" class=""><span style="font-size:9pt;font-family:"Century Gothic",sans-serif;text-decoration:none" class="">suzannah@canadylortz.com</span></a></span><span style="font-size:9pt;font-family:"Century Gothic",sans-serif;color:rgb(0,0,204)" class=""><u class=""></u><u class=""></u></span></p>
<div style="border-width:medium medium 1pt;border-style:none none solid;border-color:currentcolor currentcolor rgb(0,0,204);padding:0in 0in 6pt" class=""><p class="MsoNormal" style="border:medium;padding:0in">
<span style="font-size:11pt;font-family:"Aptos",sans-serif;color:rgb(0,0,204)" class=""><a href="http://www.canadylortz.com/" target="_blank" class=""><span style="font-size:9pt;font-family:"Century Gothic",sans-serif;text-decoration:none" class="">www.canadylortz.com</span></a></span><span style="font-size:9pt;font-family:"Century Gothic",sans-serif;color:rgb(0,0,204)" class=""><u class=""></u><u class=""></u></span></p>
</div><p class="MsoNormal" style="text-align:justify"><span style="font-size:7pt;font-family:"Century Gothic",sans-serif;color:rgb(127,127,127)" class="">Confidentiality Notice:
<span class=""> </span>This message is being sent by or on behalf of a lawyer.
<span class=""> </span>It is intended exclusively for the individual or entity to which it is addressed.
<span class=""> </span>This communication may contain information that is proprietary, privileged or confidential, or otherwise legally exempt from disclosure.
<span class=""> </span>If you are not the named addressee, you may not read, print, retain, copy, or disseminate this message or any part.
<span class=""> </span>If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message.<u class=""></u><u class=""></u></span></p><p class="MsoNormal"><u class=""></u> <u class=""></u></p>
</div>
</div>
-- <br class="">
Patentpractice mailing list<br class="">
<a href="mailto:Patentpractice@oppedahl-lists.com" target="_blank" class="">Patentpractice@oppedahl-lists.com</a><br class="">
<a href="http://oppedahl-lists.com/mailman/listinfo/patentpractice_oppedahl-lists.com" rel="noreferrer" target="_blank" class="">http://oppedahl-lists.com/mailman/listinfo/patentpractice_oppedahl-lists.com</a><br class="">
</div></blockquote></div><div class=""><br clear="all" class=""></div><br class=""><span class="gmail_signature_prefix">-- </span><br class=""><div dir="ltr" class="gmail_signature"><div dir="ltr" class=""><div class="">Best regards</div><div class="">Rick Neifeld, J.D., Ph.D. <br class=""></div><div class="">Neifeld IP Law PLLC<br class=""></div><div class="">9112 Shearman Street, Fairfax VA 22032</div><div class="">Mobile: 7034470727<br class=""></div><div class="">Email: <a href="mailto:RichardNeifeld@gmail.com" target="_blank" class="">RichardNeifeld@gmail.com</a>; <br class=""></div><div class=""><br class=""></div></div></div></div>
-- <br class="">Patentpractice mailing list<br class=""><a href="mailto:Patentpractice@oppedahl-lists.com" class="">Patentpractice@oppedahl-lists.com</a><br class="">http://oppedahl-lists.com/mailman/listinfo/patentpractice_oppedahl-lists.com<br class=""></div></blockquote></div><br class=""></div></div></body></html>