Flood Watch
from FRI 11:00 AM MST until SAT 11:00 PM MST, Yavapai County Mountains, Little Colorado River Valley in Coconino County, Little Colorado River Valley in Navajo County, Little Colorado River Valley in Apache County, Eastern Mogollon Rim, White Mountains, Northern Gila County, Yavapai County Valleys and Basins, Oak Creek and Sycamore Canyons, Western Pima County including Ajo/Organ Pipe Cactus National Monument, Tohono O'odham Nation including Sells, Upper Santa Cruz River and Altar Valleys including Nogales, Tucson Metro Area including Tucson/Green Valley/Marana/Vail, South Central Pinal County including Eloy/Picacho Peak State Park, Southeast Pinal County including Kearny/Mammoth/Oracle, Upper San Pedro River Valley including Sierra Vista/Benson, Eastern Cochise County below 5000 ft including Douglas/Wilcox, Upper Gila River and Aravaipa Valleys including Clifton/Safford, White Mountains of Graham and Greenlee Counties including Hannagan Meadow, Galiuro and Pinaleno Mountains including Mount Graham, Chiricahua Mountains including Chiricahua National Monument, Dragoon/Mule/Huachuca and Santa Rita Mountains including Bisbee/Canelo Hills/Madera Canyon, Santa Catalina and Rincon Mountains including Mount Lemmon/Summerhaven, Baboquivari Mountains including Kitt Peak, Kofa, Central La Paz, Aguila Valley, Southeast Yuma County, Gila River Valley, Northwest Valley, Tonopah Desert, Gila Bend, Buckeye/Avondale, Cave Creek/New River, Deer Valley, Central Phoenix, North Phoenix/Glendale, New River Mesa, Scottsdale/Paradise Valley, Rio Verde/Salt River, East Valley, Fountain Hills/East Mesa, South Mountain/Ahwatukee, Southeast Valley/Queen Creek, Superior, Northwest Pinal County, West Pinal County, Apache Junction/Gold Canyon, Tonto Basin, Mazatzal Mountains, Pinal/Superstition Mountains, Sonoran Desert Natl Monument, San Carlos, Dripping Springs, Globe/Miami, Southeast Gila County

Tech security expert warns about sim card scam on T-Mobile customers

It’s Deja Vu for some T-Mobile customers. In August, hackers exposed 50 million customers' data.

Now there is another issue.  The bad guys finding a way to swap your SIM cards.

How scammers take control of your phone number

Cyber risk expert David Derigiotis with Burns & Wilcox explained how it works.

"Your phone essentially goes dead and the attacker ports out your number to their device and now they start receiving all of your calls, all of your text messages," Derigiotis said.

The bad guys take control.  Then they call your phone company and tell them they want to switch your information to a new phone.

"The other is, good old-fashioned social engineering," he said. "They called, they trick the individual pretend that they are you. And they’re asking to port out that number and they’re able to simply do that by deceiving and tricking which is social engineering, taking advantage of that human element."

Dangers of SIM card swapping

Here’s the real danger. Many of us have authentication for other programs on our computers tied to our phones.  So, think about it.  You try to get into a program on your laptop, it pushes an authentication message to the cellphone the crooks now have in their control.

"If you’re using the text message as a second form of authentication for logging into an account whether it be a banking, email, whatever it may be," Derigiotis said. "They got access to that second authentication mechanism. That’s what happened to a number of individuals."

t mobile is sorry

How to protect yourself from T-Mobile scam

So, the best advice, double down on safety around your cell.

"What everyone should do is stop using their cell phone number, stop using that text as a second form of authentication," he said. "Because we see right here, this is the real weak spot, and breaking through that, and being able to get into an online account.

"I think it’s more important to use some type of app-based authentication, they have different forms out there, Google authenticator, Authy, there are also hardware out there where you can plug into the computer and by the computer, and it will present that additional code.

T-Mobile responding to people who were hit by this latest attack saying they’re taking immediate steps to help protect all individuals who may be at risk from this cyberattack.