Newsportal USENET - Re: "'Scammers stole £40k after EDF gave out my number"

Re: "'Scammers stole £40k after EDF gave out my number"

Sujet : Re: "'Scammers stole £40k after EDF gave out my number"
De : theom+news (at) *nospam* chiark.greenend.org.uk (Theo)
Groupes : comp.mobile.android uk.telecom.mobile
Date : 14. Mar 2025, 19:49:25

Autres entêtes

Organisation : University of Cambridge, England
Message-ID : <buh*n6r9z@news.chiark.greenend.org.uk>
References : 1 2 3 4 5 6 7
User-Agent : tin/1.8.3-20070201 ("Scotasay") (UNIX) (Linux/5.10.0-28-amd64 (x86_64))

In comp.mobile.android Newyana2 <newyana@invalid.nospam> wrote:

On 3/7/2025 8:24 AM, Java Jive wrote:

It seems very likely that I was correct. Rereading the original BBC
report, there is a single sentence which most of us seem to have missed
on first reading ...

"O2 Virgin Media confirmed the scammer telephoned its call centre
requesting a new Sim and had hacked Stephen's emails."

It's confusing, but that seems to be backward. The scammer
called the phone company, giving email and name to get the
cellphone number, then initiated a SIM swap. That, then, gave him
the means to change the passwords.

It would be interesting to see a security expert look at this
in detail. There are many reports online, but they all seem to be
reprints of one poorly researched article.

The radio programme is here and starts at 40m50s (not sure if BBC Sounds is
geoblocked but I don't think so):
https://www.bbc.co.uk/sounds/play/m0028bj1

In brief:
- received a text from O2 (mobile operator) saying he'd changed his password
- contacted O2 straightaway and told SIM had been swapped
- told they'd stop that and send out a new SIM card, emailed to confirm
- next morning, email from EDF (energy supplier) asking for feedback on
recent contact with customer services
- called EDF, told they'd pass it on to the fraud section and get back to
him
- nothing happened for over a week
- called O2 again to make sure everything was stopped, put through to fraud
department
- just after received an email saying new SIM card had been sent out,
connected to a different number. Queried with fraud department, said didn't
know, need to go to an O2 shop
- O2 shop couldn't do much as account had been stopped, couldn't look at it
- told them to check his emails
- contacted Virgin Media (ISP, merged with O2), told he'd changed his
password, had to go through changing password back again, told they'd pass
it to the fraud section
- thus far not had a conversation with any fraud section
- contacted various banks to check everything is ok, told they'd put in
extra security
- tried to make a payment on Nationwide card, couldn't go through because
they couldn't use the landline for the OTP. Told there was a problem with
the card, need to go to a Nationwide branch.
- told someone had attempted to use the credit card for £200 of voucher
codes, had been stopped. Gave two extra passwords to enhanced security.
- got an email from National Savings &I to say password had been changed
- rang NS&I straight away to say it hadn't, went through very long procedure
to verify who he was and get a new password
- after an hour, told you'd taken out a large amount of premium bonds, over
£40k
- NS&I fraud rang the next day, explained they had suspicions but asked for
the money to come back, could be 15 working days
- only way to get anywhere with O2, VM, EDF is to pay for Linkedin Premium
and have access to messaging the executives.
- Senior EDF executive contacted, listened to the call with the fraudster,
said like it didn't sound like him at all. Seemed to have name and email
address, asked EDF for mobile number and was given out to them.
- Told scammer had gone through security just with name and email address.
Offered £50 goodwill gesture for closing the case. Since agreed it has been
a data breach.

NS&I say he will be refunded fully.
EDF say security procedures were followed but subsequently recognised it was
fraud.
VMO2 says scammer had called them and passed security.

Expert says this all started from Ofcom (regulator) making it easier to
change mobile provider in under 2 mins. Some mobile operators thinking in
that way and not thinking about scams - can switch within networks without
even needing the code.

----

Speculating, I would guess they started with the SIM swap. I don't know the
O2 procedure, but it's possible to have SIMs which are unregistered or only
lightly registered (eg no online account). In that case there isn't much
security information the operator has, or it could be easy to find out
(pet's name, place of birth, etc). Scammer contacts the provider to say you
broke your SIM card and need a new one and they don't have very much to
authenticate you. If they can make that stick they can maybe then do a
password reset on the email which uses SMS as a recovery mechanism, and then
they're in.

Theo

Les messages affichés proviennent d'usenet.

Date	Sujet	#	Auteur
3 Mar 25	"'Scammers stole £40k after EDF gave out my number"	123	Java Jive
3 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	4	Newyana2
3 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	3	David Rance
3 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	2	Java Jive
3 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	David Rance
3 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Nick Finnigan
3 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	68	Andy Burns
3 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	AJL
3 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	58	Newyana2
3 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	2	Andy Burns
3 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Carlos E.R.
3 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	13	Carlos E.R.
3 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	3	Newyana2
4 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	2	Carlos E.R.
4 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Chris
3 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	9	AJL
4 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	2	Carlos E.R.
4 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	AJL
4 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	5	Andy Burns
4 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	4	AJL
4 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	3	Frank Slootweg
4 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	2	AJL
4 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Frank Slootweg
4 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Frank Slootweg
3 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	42	Chris
3 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	41	Newyana2
4 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	40	Chris
4 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	39	Newyana2
4 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Frank Slootweg
4 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	37	Chris
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	30	Newyana2
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	3	Chris
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	2	Newyana2
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Chris
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	25	David Wade
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	18	Carlos E.R.
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	17	Newyana2
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	14	Abandoned Trolley
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	13	Newyana2
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Frank Slootweg
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	11	Abandoned Trolley
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	10	Newyana2
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	5	Andy Burns
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	4	Newyana2
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	David Wade
6 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	2	Frank Slootweg
6 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Carlos E.R.
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	3	Abandoned Trolley
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	2	Newyana2
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Abandoned Trolley
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Frank Slootweg
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	2	David Wade
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Carlos E.R.
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Newyana2
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	5	Frank Slootweg
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	4	David Wade
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	2	Abandoned Trolley
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	David Wade
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Frank Slootweg
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Frank Slootweg
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	6	Frank Slootweg
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	5	Carlos E.R.
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	2	Theo
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Chris
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	2	Frank Slootweg
5 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Carlos E.R.
3 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	7	Chris
3 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	3	Andy Burns
3 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	2	Carlos E.R.
3 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Andy Burns
3 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Carlos E.R.
3 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	2	Andy Burns
4 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Chris
3 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Carlos E.R.
6 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	49	Brian Gregory
6 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	48	Java Jive
6 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Tweed
6 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	9	Newyana2
6 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	3	AJL
7 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	2	Newyana2
7 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	AJL
6 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Frank Slootweg
6 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	4	Carlos E.R.
7 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	3	Newyana2
7 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Carlos E.R.
8 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Chris
6 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	37	Brian Gregory
6 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	36	Java Jive
7 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	2	Chris
7 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Carlos E.R.
7 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	33	Java Jive
7 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	32	Newyana2
7 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Nick Finnigan
7 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Andy Burns
14 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	29	Theo
15 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Nick Finnigan
15 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	26	Java Jive
15 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	25	Newyana2
15 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	24	Java Jive
15 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Theo
16 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	22	Newyana2
15 Mar 25	Re: "'Scammers stole £40k after EDF gave out my number"	1	Newyana2