Is Boost Mobile REALLY safe?

Pablo · Mar 24, 2025

I will come right out and say I am not blaming Boost for an outright ID theft attempt and I have no idea how it was initiated, but Boost was involved.

My closest neighbor knocked on my door 8:30 Sat night, needed to use my phone. Both their phones were shut off by Boost at the request of, well dunno, hackers. Lady neighbor calls Boost, verbally on my phone and has their phones switched back on with very little information. Then guy tells me the story of battle with hackers on both their Boost service phones for 4-5 days now!! Hackers accessed some of their accounts and stuff.

I don't know much more than that. But I ask HOW?

Owen Lucas · Mar 24, 2025

Sounds like a SIM attack. Either an inside job at the store or some type of leak where their online credentials were hacked and they gained login access to Boost's website or called in impersonating the owners to have service transferred to their own devices. This way they can gain access to 2FA and login to bank accounts. Just an idea.

Pew · Mar 24, 2025

The thieves probably have their email login and other personal information as well; there's very little information needed to activate/deactivate/suspend service.

Pablo · Mar 24, 2025

Owen Lucas said:
Sounds like a SIM attack. Either an inside job at the store or some type of leak where their online credentials were hacked and they gained login access to Boost's website or called in impersonating the owners to have service transferred to their own devices. This way they can gain access to 2FA and login to bank accounts. Just an idea.

That's along the lines of what I was thinking to get BOTH phone numbers

Pablo · Mar 24, 2025

He got a burner phone for back up

I told him to get new phones, new phone numbers and change all logins, and passwords. Didn't want that hassle. Oh well, but I did see him changing his Ring settings.

rijndael · Mar 24, 2025

Make sure he changes that number any place he has SMS for a 2nd Factor Auth.

ripcord · Mar 24, 2025

At the very least they need to go change all their passwords for financial stuff.

Pablo · Mar 24, 2025

ripcord said:
At the very least they need to go change all their passwords for financial stuff.

Yea he did that while I was waiting in his living room with his wife on my phone. I trust them but was paranoid

slacktide_bitog · Mar 24, 2025

What network does Boost run on? Any sort of text message or email that he responded to?

Maybe he clicked on some phishing email, or tapped a link from a scammer's text message. Also, Boost has been hacked a few times

Pablo · Mar 24, 2025

slacktide_bitog said:
What network does Boost run on? Any sort of text message or email that he responded to?

Maybe he clicked on some phishing email, or tapped a link from a scammer's text message. Also, Boost has been hacked a few times

I saw that and they were with them during those times

SC Maintenance · Mar 24, 2025

Owen Lucas said:
This way they can gain access to 2FA and login to bank accounts. Just an idea.

^^ This. I have seen this posted multiple times - on all carriers. Get access to someone's phone - makes it easy to access someone's bank accounts, etc.

2FA is no more secure than prior methods. Your only as secure as your weakest link.

Pablo · Mar 24, 2025

SC Maintenance said:
^^ This. I have seen this posted multiple times - on all carriers. Get access to someone's phone - makes it easy to access someone's bank accounts, etc.

2FA is no more secure than prior methods. Your only as secure as your weakest link.

Two weak links.........access to phone - how?
Phone carrier porting over on a simple verbal request.

Hall · Mar 24, 2025

Owen Lucas said:
Sounds like a SIM attack. Either an inside job at the store or some type of leak where their online credentials were hacked and they gained login access to Boost's website or called in impersonating the owners to have service transferred to their own devices. This way they can gain access to 2FA and login to bank accounts. Just an idea.

Most of the mobile carriers in the US have had issues with this, some much worse than others (T-Mobile). If the carrier is lax in their procedures, policies, security, etc, it's an ingenious method with so much (bad) potential.

PandaBear · Mar 24, 2025

slacktide_bitog said:
What network does Boost run on? Any sort of text message or email that he responded to?

Maybe he clicked on some phishing email, or tapped a link from a scammer's text message. Also, Boost has been hacked a few times

They are MVNO using T-Mobile I think.

However regardless of which network, it is Boost's own security that they need to deal with and not the network they lease from.

SC Maintenance · Mar 24, 2025

Pablo said:
Two weak links.........access to phone - how?
Phone carrier porting over on a simple verbal request.

All they need is your phone number and email.

They impersonate you to get your current phone Sim shut off, then get all your stuff sent to their new SIM. They use your email to reset your bank passwords, etc. using 2FA - since there now getting your texts. Now there in to your bank accounts.

They don't need to know anything else. Once there in they can transfer money, etc. They don't even need to be in to your email, they just need to know what it is.

They wouldn't even need to know what bank. If they try the 10 largest consumer banks in the USA thats probably half the people.

It all starts with lax security at the cell provider.

https://www.aba.com/advocacy/commun...sources/protect-your-money/sim-swapping-scams

alarmguy · Mar 24, 2025

PandaBear said:
They are MVNO using T-Mobile I think.

However regardless of which network, it is Boost's own security that they need to deal with and not the network they lease from.

Boost mobile has their own 5G network, which covers 70% most likely 80% of the country.
They use T-Mobile and AT&T to fill in any areas with no coverage.
I wouldn’t hesitate to use them, just like any other, price rules

https://www.androidauthority.com/boost-mobile-5g-3498200/

..

rijndael · Mar 24, 2025

This is a pretty good reason to NOT use SMS as your second factor. Using a 2FA app, like Authy, might be a better idea.

It's actually been discouraged for a few years now, specifically because of SMS's security issues, but it's so handy that we keep using it.

Pablo · Mar 24, 2025

rijndael said:
This is a pretty good reason to NOT use SMS as your second factor. Using a 2FA app, like Authy, might be a better idea.

What about face recognition?

rijndael · Mar 24, 2025

How it's implemented matters a lot (privacy issues), and it's generally vastly more expensive. FIDO is probably a more accepted / better alternative to SMS, but it's not everywhere.

Pablo · Mar 24, 2025

rijndael said:
How it's implemented matters a lot (privacy issues), and it's generally vastly more expensive. FIDO is probably a more accepted / better alternative to SMS, but it's not everywhere.

On iPhone you can use it on everything

Is Boost Mobile REALLY safe?

Pablo

Owen Lucas

$100 Site Donor 2023

Pew

Pablo

Pablo

rijndael

ripcord

Pablo

slacktide_bitog

Pablo

SC Maintenance

Pablo

Hall

PandaBear

SC Maintenance

alarmguy

rijndael

Pablo

rijndael

Pablo

Similar threads