Useful info for the scammers
Great, so Mr BT has just given the scammers the info that they need to impersonate BT by mis-representing their CLI :-(
BT customers in the UK have been targeted by scammers in India – with one person reporting they were defrauded for thousands of pounds this week. The issue appears to have been going on for more than a year. Some customers said the fraudsters knew their personal details. One reader got in touch to report that his father-in- …
Literally just coming here to say exactly the same thing.
You would think that a Telecoms Supplier, or in this case THE telecoms supplier, would know better. For those that don't know, putting any CLI you want on a phone call is trivial. Sort of like sticking a sticker over your Mondeo, that says Porsche.
Did you notice the way BT tried to push the problem back to the customer. You shred your bills, you don't give personal data out.....
Reading some of these reports the most likely explanation is that BT's IT systems have more holes in them than a tea strainer!
Yes, that's exactly what happened to TalkTalk - it was unrelated to the data breach in October 2015:
Inside the TalkTalk 'Indian scam call centre' - BBC News (6 March 2017)
"TalkTalk was hit by a cyber-attack in October 2015, but that hack appears to be unrelated to the Indian fraud.
Instead, it is alleged the scam is linked to problems in a company hired by the British broadband provider.
In 2011, TalkTalk outsourced some of its call-centre work to the Kolkata (Calcutta) office of Wipro, one of India's largest IT service companies.
Last year, three Wipro employees were arrested on suspicion of selling TalkTalk customer data."
... If you didn't initiate the conversation, it's a scam. End of discussion.
Seems to have worked. Nobody's reported getting ripped of in years (decades?), and yet all of them gripe about getting scam phone calls & email on a near daily basis ...
The issue is (and something that happened in the TalkTalk fraud attacks to a neighbour of mine) was that those scammed had initiated the call to the ISP and were then expecting a call back from a senior technician. They just got the call from a scammer instead; expecting a call from the ISP and without any technical knowledge they had no reason to doubt that's who was calling them until it was too late.
It's confidence tricksters. They use a wide net, or use a focused attack.
In this case it is focused, and I know of examples from at least 6 years ago if not more. Same day calls, that, are not likely to be "random" coincidence (as with the normal BT/MS calls).
Call is same day or next day to the BT one. Call is specifically "From BT" not "From Microsoft". Call mentions customers last call/name etc. Call asks for a credit card/bank card for payment. Thankfully it was a credit card and payment cancelled on the one I know of.
So, they know what works and what does not, and wait for the time you (or anyone) will fall for it. Like dressing as a waiter in a restaurant to steal cards. Who would expect it?
"had initiated the call to the ISP and were then expecting a call back "
If you are good enough to find a company that will do that rather have on hold for 1/2 hour then surely that is a trivial problem to solve?
so the rules are
If they rang you - its a scam , unless you rang them 1/2 hour ago AND they can tell you the exact time you rang and the password you specified at that time.
The same day or next day callback is a telltale sign that it's a scammer calling. The real BT would never be that efficient in following up customer contacts
(I'm allowed to say this - I used to work for BT in a former life, and know from first hand experience what a shower of s**t they are)
But in this case, it seems the scammers knew that the BT customer had recently called up about a problem, and were able to give details of it. Therefore the BT customer was expecting a call back, and maybe didn't realise that BT don't return calls.
Something is really fishy here.
Either BT's customer DB got leaked, or somebody did some dumpster diving and got a treasure trove of customer bills and other information which was not disposed of properly, and in turn, passed this information on to ne'er-do-wells in India.
Or it is an outsourcer in India who passed on prospective marks to his buddies...
No way in Hell can a ne'er-do-well in India recite personal details perfectly without having access to the customer database.... or customer details...
Perhaps they already do. In the UK.
What's the probability that it is an inside leak? An accomplice, associate or relative on the inside passing on the relevant information?
Some irony that Lloyds are mentionned, given that that have just, or are in the process of outsourcing their backroom data processing to India.
"Some irony that Lloyds are mentionned, given that that have just, or are in the process of outsourcing their backroom data processing to India."
I'm sitting here in London looking at the Lloyd's IT staff smoking outside. It looks a lot like they already have. It is not a particularly diverse workforce; a monoculture even.
Not that outsourcing to India is bad if done correctly.
"Yep completely agree. There are so many ways an ill-disposed IT worker with admin rights could get bulk data access "
My bet would be IT too. Not sure why you're all so keen to assume it's the Indians, could just as easily be anyone anywhere in the world.
Personally I'd just have a trigger in the CRM pushing records to SNS, but that's a bit easy to stop and trace. Fits the real-time profile though.
It might not be BT's leak - they could just be playing the probabilities with data scraped elsewhere we haven't heard from everyone who didn't fit the profile.
I had a scam call about "PC problems" on two separate occasions not long after contacting BT 151 about faults on my ADSL broadband. It seemed to be more than a coincidence as those calls had otherwise become very rare.
I received my first, and only, text scam after giving Wickes DIY my mobile number in order to place an online order. Otherwise that number was only known by family and close friends.
The problem is one of design.
First, nobody should have access to those numbers. Seriously, why does a call-centre operative work with a number? They don't need to. They just need a customer screen that has a dial button, they have no need to know what number you are, what address you are at.
Technically, depending on how you interpret their "need" for access to that data, giving them anything that isn't necessary is a breach of the DPA.
They don't even "need" to see your address by default. They certainly don't need a way to capture, dump or whatever else the screen. If they need it, it could be greyed out until they specifically request it.
Hey, Steve, why are you requesting the addresses of hundreds of customers that you aren't directly dealing with and which in the phone conversations you have with them aren't needed? Oops.
But people don't design the call centre software that way. And phone companies don't design calls on an "by invitation only" basis. You're basically putting your entire customer database into the hands of easily-bribed minimum wage staff who have enormously quick job flux, and then expecting that information to stay secret, not be mis-used and for customers to deal with it rather than the telecoms companies (CLI should NOT be able to be faked, even if people try... why does false CLI information get propagated from country to country?)
I'd also question - AGAIN - why a callcentre operative needs a general purpose computer, rather than a list of "1) Request Customer Address, 2) Change Customer Address, ...." because the SECOND they get a virus on that machine, your database is gone if they have access to it all. But apparently what we do nowadays is give them a full Windows 10 machine that isn't even locked down, and then have them access an intranet web page.
Because most of these compromises are not deep-level technical staff. They are front-users with smartphones taking screenshots or just saving everything they can see and then selling it off to make up for their minimum wage when they move from company to company every week.
But then... let's go through this.
Does your application admin need access to the live production database? No.
Does you network tech? No. Especially not if even the usual users don't.
Does your DBA? Possibly
Does you Sysadmin? Probably not. Maybe it's possible to compromise the database but he doesn't need access to the data inside database itself.
In fact, the only places where the data will appear are DB admins and live web-interfaces.
Centralise those. Make them accountable. Audit their access. And then if the ENTIRE db is compromised, you know who to go to.
Everyone else? They won't be able to compromise your entire database, only portions, and will similarly leave a very plain audit trail which can be tracked - by the portions of compromise if nothing else.
It's not about stopping the possibility entirely. It's about taking reasonable measures. And if your database keeps going wandering, and is this important and contains these kinds of details, reasonable measures are the above because you don't NEED that kind of access. It could even involve things like "watermarked data" entries where little red herring data is inserted into each user's account when they request large data (even as simple as altered capitalisation, changed spacing etc.) so that any leaks stand a good chance of pointing a finger at a particular dump by a particular user in a court of law. It's how things like map-theft is caught - by slightly misplacing a few entities that doesn't affect the usage of the map but means that you can tell if someone else just copied your map data/map directly rather than happened to collect the same information.
That nobody implements such measures, that customer support are able to give me all kinds of details about myself immediately, and that nobody is every publicly fined/caught for being the source of the leak suggest that nobody in those kinds of businesses takes data security seriously in the first place.
When there are no consequences, of course data thefts like this will happen.
Put in logs, measures, difficulties, audits,c ontrols and consequences and they'll greatly reduce, if not stop altogether.
If you see a CLI of 0800 xxx xxxx, it is always a fake CLI, even if it is coming from the owner of that number, because an 0800 number redirects to a geographic number, or possibly a group of geographic numbers.
The caller may want you to call back on the 0800 number so they can distribute the calls around their call centres, and anyway it is free to call that number whereas the geographic number might not be, depending on your phone contract. My contract gives me unlimited minutes, so it would be free anyway, but only for calls of up to an hour in duration. Other people might have to pay for them, so 0800 nos are never a bad thing. And if the geographic number is in India, it would almost never be free from the UK.
How do you allow that without allowing fraudsters to fake CLI? I suppose it would be possible to have a system where the owner of the number can specify permitted geographical numbers to call from.
"... after giving Wickes DIY my mobile number ..."
Ah ha! Have a cheap PAYG mobile for this purpose, if you really have to give a mobile number to anyone. You can store the number on your 'real' mobile to read out to people who 'need' it. You can always dump and replace the SIM card after a while if scam texts and calls get annoying.
My "suspected scam" instruction sheet:
If they mention "accident":
"THAT DIDN'T HAPPEN, NOBODY SAW THAT" (Repeat verbatim in response to whatever they say, increasing volume/agitation each time.)
"But, but, how did you know? - I was wearing brown trousers."
"That was no accident, she deserved all that and more." *click*
If they mention "Microsoft", "Windows", "Virus"...
"Oh dear!, is this to do with the computer thing? My grandson normally helps me with all that, it's upstairs, could you hold on while I get it please?" (Leave phone off hook, if you have time, do your best impression of someone simultaneously suffering from dementia, lack of short-term memory, and near total computer illiteracy.)
For general use:
"Please take a minute to think about your parents and grandparents - would they be proud of what you are doing? You should get an honest job." *click*
I'm getting about eight scam calls a day, just had two in the last 30 minutes. Because of this I don't answer any international calls. Maybe our politicians or GCHQ should do something about it. Like drop malware onto the call centres. I answered one call from "Bob at BT" and after confusing him (ctrl+r doesn't work on Linux) I asked him if he had children. When he said that he was still single I asked in a calm voice if his parents knew that he was a criminal. After a few seconds of silence he hung up.
I get these all the time the 'BT Call Blocking' phone can't block the numbers are they use fake caller id that is an actual BT Call Centre number.
Unless it's someone with an English, Welsh, Scottish, or Irish accent I'll just hang up on them.
If it's important they'll post a letter.
"If it's important they'll post a letter."
I've never had the pleasure of one of these scams , but thinking about it , thats because whever the ancient pulse dialing rotary phone that i plug onto my landline just for shits and giggles as i never use it rings , i just lift the receiver and drop it .
I havent managed to get any scam calls on my mobile either , which is more of a mystery given I've had the same number for 15 years or so and used it for quite a few things.
"A BT spokesman said: "BT takes the security of its customers' accounts very seriously. We proactively warn our customers to be on their guard against scams. Fraudsters use various methods to 'glean' your personal or financial details with the ultimate aim of stealing from you. This can include trying to use your BT bill and account number."
He advised customers should never share their BT account number with anyone and always shred bills. "Be wary of calls or emails you're not expecting. Even if someone quotes your BT account number, you shouldn't trust them with your personal information."
Standard stock response about how they really do care. Then it goes on to basically say it's not our fault but the fault of the people getting the calls. I seem to remember Talk Talk said similar things.
Nice BT, what are the odds it's an outsourcer passing details on?
Oh for some public PSA adverts warning people about trusting emails, website ads or cold phone calls to not poison their computer.
I'm kind'a surprised people are still falling for it. If a government agent phone me up with my national insurance number, place of birth and known political affiliations (philosophical anarchist), I would still ask that he (or she) send me a snail mail letter with a phone number that I could verify as being a UK gov based number before refusing to let him (or her) near my PC (at least without a warrant).
Some banks now do TV ads about how to spot the phone scammers. Yet still my credit card company phone me up and ask for name, date of birth and credit card number to prove who I am!
Your phoning me! On the mobile number I gave you on setting up the account! There's a good chance it's me, or my mobile's been stolen in the last day or so and I've not had time to cancel it. Yet who the fuck are you!
At least that Verified by Visa non-security web pisstake thingy has a word you gave them, so you know there's a passing chance it may be their computer you're talking to.
I had a long debate about just that with a man who said he was from a company with which I have a couple of investments. He did not see the illogicality of asking me for identification details when he had actually called me and I would not accept that he was who he said he was without some identification from him. In the end, I received a letter which was genuine but I still do not accept calls from them.
Would those people be "Wellington Capital Group", Tokyo? I'd take care if it is them.
Those people are good, very persuasive, they will send paperwork too. They call from a "genuine" Tokyo number, probably a Tokyo-located media-gateway with a VPN to the actual location.
The 1'st slight flaw in execution is that the paper mailings are generic and does not have Japanese postage on it, it comes from the end of some logistics chain: "Posten AB, International Mail" with a return mailbox in Malmö. Could be someone local getting this material in bulk by freight, then mailing it.
The 2'nd is that they call me, why would they call me!? If I need a stock broker to tell me about a very special opportunity, I call them!
The 3'rd is that I don't need 25%-50% return on some one-shot setup; because it will not change my situation so to speak (winning the lottery would, not this). I need some % always. I can easily get that locally for much less execution costs and no currency risks and no tax trouble.
Personally my solution is to never answer the phone. Ever.
Frankly the only reason I even have a phone line at all is because it's the only way I can get an internet connection, although I'm reliably informed that a so-called "copper pair only" service is technically feasible, except the only UK ISP that actually provides this service (A&A I believe) doesn't cover my area.
I used to do call screening, but now I don't even bother listening to messages. Anyone who has any legitimate business contacting me does so by email. If you attempt any other method, or you're not on the email whitelist, then I remain blissfully unaware of your existence.
Meanwhile, for those looking for something a little more aggressive than mere defence, this guy (SFW-ish) has a rather interesting solution.
"Anyone who has any legitimate business contacting me does so by email."
My dentist and the NHS hospital phone me to remind me of an imminent appointment with them.
The "international" ones are regular annoyances several times a week recently. Same recorded message every time. I've tried leaving the phone off hook for half an hour to hopefully lock their outgoing line. Now I just put the phone down when I hear her dulcet tones. A lousy business that doesn't take the hint they are wasting their time.
Unfortunately I do have overseas friends who still use the phone rather than Skype.
"NHS hospital phone me via a withheld number".... there, fixed that for you.
At least the NHS has the OPTION to unblock cli on outgoing calls, apparently the Police dont, so any cli blocked call claiming to be the Police may actually BE the Police.
I have managed to get the NHS to sent text reminders, as they wont read the line on my notes that says "All masked calls are refused", so I missed loads of appointments - and also turned up for appointments they tried to cancel at T minus 60 minutes.
Why aren't British scammers more involved in this growth industry?
Ignoring the joke aspect, they are, just different types. For bank transfer fraud the scammer will have most success if they are beyond the reach of UK plods, in a jurisdiction where corruption and fraud are business as usual. And they need a bank account somewhere that will be near impossible for UK investigators to trace or recover money from.
You could do this in the UK, but you'd trigger red flag systems for money laundering, you'd have to do high profile things like taking large sums of cash out, have lots of accounts open (and closed quickly), and it would be relatively easy for the police to find you, collect the evidence, and then track you and arrest you.
They most certainly are.
The crooks even wait outside call centres and offer cash to the poor folks working there on crap wages if they will sneak out lists of details.
There is AFAIK a case currently ongoing into exactly this in the U.K.
Spoofing CLI, that's not difficult and let's be honest you could get a zero hours contract job as a cleaner on minimum wage in many call centres. Once in, hit the fire alarm, drop your keylogger somewhere as the place empties or grab a ream of papers on your way out.
They are. They usually do insurance and stock trading scams.
The stock broker scammers are all talking with a pretty smooth British accent, the perfect mix between Scholared Gentleman/Wimmen and the plain ruffian who know how to work "The Street" and who will get you the goods, no matter what. They pretend to be Valets, basically.
Probably runs their boiler rooms out of Malta or Spain via VPN for legal reasons.
The data used by these scammers is being leaked from inside BT or it's being carried out by BT employees in India themselves. How do I know? Well back in 2001 I changed my surname by deedpoll in the UK, but BT were never informed. They are the only company that still use my old surname, which isn't used anywhere else. So when someone phones up tell me they're from BT, wanting to help make my broadband better and they're using my old surname, I know where that data has come from.
Because it has been going on since the day after the first call centre opened there*; reports about it have been published year after year, but do any UK companies give a shit??
Only when it hits them in the wallet.. and even then they have very short memories.
*Workers being paid £100 per month were being offered £1,000 per time to smuggle out the days data files.
"We'll never ask customers for personal information out of the blue."
I got a call from my ISP (Plusnet - BT owned) the other day, wanting to talk to me about upgrading my broadband package. I refused to give any personal information because they had just rung me up out of the blue. They said they would send me an e-mail, to prove who they were.... So how exactly am I supposed to check that the e-mail is from them?
And according to the person who phoned me up, I can't check out the prices of the packages that they're offering on the plusnet website, because they're only available to the retention team, who speak to you over the phone, and surprise surprise, the phone number of the retention team is not on the plusnet website.
So, now that the idea of changing my broadband package has been planted in my head, I can't identify who to talk to about changing my package, and the offers on the website are for new subscribers, so I should probably think about changing my ISP then?
EDIT:- to clarify, the person on the phone did not sound like someone in a call centre in india.
"I got a call from my ISP (Plusnet - BT owned) the other day,"
Well I know what you mean, but I was called by them a year or so ago and offered a much reduced charge for what I was getting (unlimited download, fixed IP, domain name and web-space) . I'm very cautious about this kind of call but as they didn't want any details I went ahead and it was all genuine. Just wish genuine companies would think about how they appear to people they are (cold) calling.
These sort of calls, where you're called by companies offering to reduce your bill "out of the goodness of their hearts" (or more likely because they want to put you on a new contract with worse terms) I ignore completely.
If I want to pay less, I will call them myself when I want to.
Sometimes it's actually better to pay more if it means you get more service or stay on contract terms that are far better than a new contract.
I received these calls for years. BT was atrocious with many interruptions and line faults, every time the scammers called my internet broke. I came to the conclusion there is a flaw in the BT router allowing them to "break" my internet if they know my number and IP. I was ex-directory, TPS and never gave out my number. I moved from BT and ADSL and no longer get the calls.
I know they were compromised because I give false information to all suppliers including BT by using variations on my name, I do this for all suppliers. It does mean I keep my own database in a notebook (paper) so I don't get things mixed up and it can't be hacked.
When they called I tried to waste their time as much as possible so I can learn what they are doing. If I was bored I also became a gay chat line or a security firm when they called.
AC because I am paranoid and they are out to get me.
During years of unsatisfactory dealings with BT I realised that I could not rely on the Indian call centre to actually do anything. They were helpful and polite but when I received my next bill, the promised corrections were not there. Instead I emailed the Customer Services boss of BT and was, in turn, contacted by a woman with an Ulster accent who actually fixed things.
Alternatively, use Twitter and when (inevitably) the BT's Twitter Jockeys can't fix issues they may hand you on to online interactive text chat. You then have a written record of your dealings, unlike on the phone.
In the end, increasing fees meant I dumped BT 18 months ago -- so things may have improved/got worse since.
"Alternatively, use Twitter and when (inevitably) the BT's Twitter Jockeys can't fix issues they may hand you on to online interactive text chat. You then have a written record of your dealings, unlike on the phone."
One can only hope that the people manning the text chat are more competent than those on the other end of the Yodel chat app thing, who as far as I could tell had no more control over my parcel than I did. I had such a bad experience that I've now stopped using websites when I can identify that they use Yodel as a courier. Wiggle, I miss you...
....instead have a voicemail setup that is the sound of an old modem or fax machine. Obviously make sure all your friends are aware. Then when their automated software calls your number and waits for a human to answer, it hears the modem/fax noise and thinks its rung a fax machine so will hang up and blacklist your number from their list. So you'll never get called again.
Works with cold callers as well who tend to use the same type of software.
At the end of the title sequence, they had a tag line, normally 'The truth is out there', but they occasionally mixed it up. The one that I recall that is relevant to this story is 'Trust no one'. If you've called me, and I'm not expecting your call, and I don't recognize your voice, then I don't believe a word you say. They are preying on people who are trusting, and that tends to be the more vulnerable in society. Which makes these people total shit in my book.
For the posters who seem to be annoyed when their phone rings, or never answers it, or records a modem, or whatever...
Why do you have a phone plugged into the socket?
Our household (similarly had to have a line for broadband) method of dealing with it, was to never buy a phone to connect to the line. Don't need one, don't own one. Just pay the line rental for the broadband and ignore the thing exists.
Going to any sort of effort, or getting annoyed in even the smallest way seems daft.
Don't even know what the landline number is. There's been nothing plugged into it for a decade, and the number was never given out.
For me it is the reliable phone line or effectively no communications. We live in a house which has very unreliable mobile service.
I am not now with BT as such any more and never had their broadband. Yesterday my wife fielded one call about 'our 'BT BB yesterday and I had one today. The idiot was so shocked to hear that my (non) BT was in fine health, I almost felt sorry for them.
Once around Christmas I was doing something with BT and also had a bank statement on my desk. A scammer claimed that a payment had been missed, when I had several proofs to rebut his claim I just wish the scum could get an 'honest' fraud.
Not if you've been hoodwinked into getting so-called "VOIP" with your so-called "broadband" you won't. Not unless you spring for a hellaciously expensive backup battery for the so-called "modem". And even then, the battery is only good for a couple of minutes.
When I pointed out that The Bay Area may well get hit with a major earthquake that knocks out PG&E power to millions of people, many of whom will be needing to dial into emergency services after the disaster, the reply was "they can use their cell phones". This despite the fact that most cell towers are supplied with the same PG&E power that homes are ...
They are $TELCO. They don't care, they don't have to. (Apologies to Ernestine.)
Keep your POTS line, people!
I recall watching a YouTube video of a guy who had a scammer phone him from a large ISP and he went along with it for ages and when they wanted to remote into his device, he fired up a Windows 98 VM and when the technician got connected he was so confused. Loved it.
Always ask immediately (and insist on a full answer) "Who's calling?" Family and friends soon get used to it.
Get complete caller's details if in doubt. Be absolutely sure what the calling organisation does.
For call centre scammers : "Do you think <suitable derogatory ethnic> should be castrated?" etc.
If somebody is going through a script then (and you're still on the line for some reason) then take over the asking of questions.
Never say who I am until I'm happy and clicked on the record button. Never EVER give ANY data regarding 'data protection'. That's a loud alarm bell.
If somebody say "Regarding your complaint" etc. then respond with "which one?"
I had one the other day, she asked what i was using to access the internet, I explained i was using an android tablet, an iphone and an amazon dot.
She then tried to get me to go to w3 validator then validate to any website - the default will always show errors even for google.com. she said that was evidence that i had a virus causing problems and i should pay to get it sorted.
This took over 40 minutes and then i just said "you know what you can do? Crawl back under whatever rock you crawled out from under, I am a computer security expert and know you are nothing to do with BT and are trying to scam me out of money. Thank you and Goodbye. I then hung up.
2 minutes later I had a man call me back and tell me to take my phone and shove it where the sun doesnt shine.
Wouldn't surprise me if the calls were actually coming from the call centres used by BT in India.
During my time with Time Computers / Supanet we used contract call centres who - in the same room - also did work for TalkTalk, BT, and a number of Indian companies.
OK a few years ago, but the same principle applies: these overseas call centres are contractors, many of the companies running them are bent, and many of the staff are corrupt (including the managers)
Earlier in the year while I still had BT broadband, I received a call one day, supposedly from a BT engineer saying there was a problem with my broadband, which was news to me as it seemed to be working just fine. He quoted my name and BT account number as verification he was legit. He had an English accent rather than an Indian one, and initially at least seemed somewhat plausible. He asked me to put my router directly into the master socket, which it already was, but he was quite insistent that I went to check it. As the master socket was in the attic and required a step ladder to access it I refused, but he was quite insistent that I checked it. Smelling a rat I hung up and did a 1471. I googled the number and it came up as a legitimate BT's customer service number!
I phoned BT directly and got passed around several people in a call centre (presumably in India based on the accents) before I got passed to someone in the UK. No, a BT engineer hadn't called me. There was not a problem with my broadband. They said that despite my 1471 check, that it wasn't their service number that had called me and they offered to block the real calling number. The fake engineer never called back (or was blocked), but I surmised his end game would probably have been to give him remote access to my computer so he could install malware or commit other fraud.
Interesting that BT allow scammers to fake their number to look like BT's service number!
My solution which has worked with 100% efficiency so far :
Them : Hello, Mr Person, I am calling from ....
Me : How did you get this number? This number is unlisted and is part of the Witness Relocation Program. Please hold the line for 30 seconds caller while we trace this call and verify that the location you are ringing from is on the list of allowed contacters and dispatch law enforcement officers to your location if it is not
I usually dont get to the end of my spiel before they have hung up.
Back in January this year an Indian 'Scam' Centre contacted me about my BT account. They knew I had an account with BT, my address and my name. At the time the only organisation that knew I was at that address was BT.
As it happened, I'd been in a long running dispute with BT as my routers wifi was broken ( ethernet was ok and I was running an old laptop as a router to give my household wifi) and they weren't replacing it, so I was calling ( and being called by BT engineers) regularly. So when the call started I was quite receptive because, yes there was an issue with my internet. Of course once they asked me to download software I knew this was not 'above board' and told them so, they even tried the old 'get your manager'.
The second the call was over ( I hung up ) I called BT to report this, they didn't even log my report. 2 Days later I spoke to an engineer who told me no report was logged and advised me to make a report by email. This was also done ( and ignored, as I chased this up). I would Suggest BT clearly knew about a data leak and has tried to cover it up, and also knows of the scammers and has chosen to ignore this.
As an aside, eventually I tried BT's online 'chat with an engineer' type thing, this was actually quite good, as by this point I'd been through their 'support' process so many times I knew it by heart, could go over the issue, and all their steps to the point where the operators third statement was 'ok I can see that your router has a hardware fault we'll send out a new one....
oh, and in regards to this ( and some comments on here), we didn't own a phone for the landline, so I'd given my mobile number to BT as my contact number, and this was the phone I was contacted on....
This was a number I'd had for all of 2 months and had given to no-one ( literally, people contact me via the interwebs)
Again this is to point out that the information given to these people must have come from BT....
They told me I would save money moving to a broadband business package... that fucking little shit in sales never told me that I would go from unlimited infinity 2 to a 50gb/month infinity 1! Even after I specifically asked him "nothing will change to my broadband, will it?" which he confirmed!
Took months to sort out what that fucking little shit in the sales department did, it was some young British guy working on commission to get people to change their account package who could only see £ signs not people.
The guys at the Indian call centers were fucking useless in trying to fix the situation, eventually I got passed onto a nice Scottish woman who instantly saw I should never have been moved to the business package in the first place.
Like I said replying to another comment, anyone calls about saving you pounds, DON'T. It may be legitimate but it also may mean worse terms. You can't make a decision on the spot then without having possession of all the facts, so don't bother.
If you want to save money, do it and call them in your own time, once you have thoroughly researched the savings.
A few years ago BT would have Option 1, Option 2, Option 3 as call plans and I was on Option 1 (the minimum "pay for all calls as you make them" one. They used to also subdivide the call plans so that you could get Option 2 (the "evenings and weekends are free" one) for the same price as Option 1, so I was getting calls where BT was "helpfully" offering me Option 2 for the same price. Of course I said "no" and I further looked at the exact terms - this Option 2 "same price" one would have meant that I would have been recontracted for a year AND it'd be a rolling contract so I wouldn't be able to get out of it except in a very short timeframe just before it rolled over, every year. My Mum got caught by that one, which was an issue years later when she tried to get out of it, and couldn't
It is possible to string them along for three and a half hours...possibly longer, but to be honest after that length of time it was starting to get a bit boring for me and I gave up on the job.
A hands-free phone with good battery life is essential. A mute function is useful as well, as it avoids any tell-tale background noises while you take a loo break.
Of late, I've started answering unsolicited/unknown calls with a half interested "Hello, fraud squad". That normally kills off the accident claim and PPI lot inshore.
If offshore, I then insist my name is DI Burnside of Sun Hill... Usually they lose interest long before I tire of going full Saarf Lundan rozzer down the blower at 'em, occasionally barking at imaginary Tosh Lynes to put the kettle on.
I had half of Sun Hill on my doorstep one morning - they used to use my manor* a lot for filming.
When they were driving the prop cars to and from location, they'd have black tape covering the word 'Police'. The first time I saw them I thought 'that's a piss-poor attempt at an unmarked police car'.
*getting into the vernacular there.
Real Police cars are even harder to spot when not in service, they have a post-it sized note to the effect put on the windscreen ( I used to deliver the cars from the Vauxhall Fleet depots to the Police workshops)
Great fun doing 65 down the middle lane of the motorway and DARING anyone to overtake you.
I've had several "BT bvroadband" support calls of late, which is interesting as I don't have BT broadband. If I'm in the mood for a laugh and not pushed for time I like to play along with their game.
One caller tried to tell me there was a problem with my BB running slow and we got as far as them telling me there was a problem at the exchnage and they had replaced the DLM module. As a result my router was now still on its default channel of 936 and I needed to change it to channel 875 to get it working properly. (yes, i did write it all down!) It had taken about 20 minutes to get this far into the conversation and I was fascinated to see where it was going, but the line got dropped from their end....
Another time I was told there was a problem with my router and could i look at the front to see what LED's were lit. "Five" i said (I couldn't be bothered to go into the cupboard to look, but I think it normally has 5). She sounded a bit confused then, and asked what colour they were, which was a strange question as they are all green. When I replied green, she was even more confused and said she would have to pass me to a supervisor. That's when we got cut off. I thought it was strange that they would ask how many lights were on my router as they had no idea what router I have - but realised afterwards most folks on BT probably have whatever router it is that BT supply by default.
On another occasion I was told there was a problem with my computer. I managed to string them a long quite abit, and when I asked which computer, I was continually told its was "my computer", which later became "my windows computer". Eventually he asked me how many computers I had connected and switched on, to which I said 17 (*rough guess, may not be accurate), and he hung up.
And another who was asking me what kind of computer I had. "A black one" I kept saying, eventually he said it will say something like "HP" or "Acer" or "Dell" on it. Ah - I said, it says "Raspberry Pi" on the case. After a few seconds I got a very confused "Raspberry Pi?" Yes, I replied, "It's like an Apple Pie, but with raspberries". Ah, he said, you have an Apple? "No - A Raspberry Pi, probably more like a banana pie than an Apple Pie". At which point he hung up.
A few years ago it was "Microsoft Support" or "Windows Support", but now it always seems to be "BT Support"
I guess we're lucky its only low level things like telecoms that have released our personal information into the offshore workforce and we're seeing only a few thousand pounds fraud.
Imagine how much worse it could be if it were the big banks who had all these offshore workers with direct access to the exact financial status and personal details of individuals and companies...
Fraud can take place anywhere in the world. It takes place here in the UK as well as every other country. However there is a relative value proposition at work - the relative profit of committing fraud in India is much greater than in the UK, therefore its more likely to occur more widely at much lower levels. That cheap offshore labour might not be so cheap if your fraud incidence rises.
This makes me want to build an OS/2 VM just for the fun of letting them loose in it. I'd be amazed if they even knew what it was. I could pretend to be working for MSFT and pretend it was a preview build of Windows 11...
Except I'm not on BT and haven't ever had a call like this, so that's spoiled my fun. :(
I have a Truecall unit. That screens my calls without me getting involved. Pretty much all cold callers give up when they hear the message. Calls from numbers on the whitelist go straight through. I believe there's a couple of BT phones that include the technology and Sky has something called 'Shield' that I believe is free as part of their telephone service.
My BY cordless phones have this inbuilt - branded as "BT Call Guardian". Works very well and I now get zero calls of this ilk. Non-whitelisted numbers hear an announcement and are asked to speak their name. Only then do the phones ring and I get the option to answer or reject the call.
However, I'd been getting lots on my mobile, so I searched for an Android App that would do the same sort of screening. (Naffly entitled) "Mr Number" seems be doing an excellent job. When first installed it went through my recent call history and correctly identified almost all of the scam calls I'd been receiving.
I like messing with the scammers. "Oh my computer is leaking a virus. You say you're from Microsoft? Oh you're on the main campus? Let's talk this over. What's your building and office number, I'll have a shuttle there in a few minutes. **CLICK**"
Or "who is this? what is your operating number?"
I always answer with a terse 'hello - your PIN please', on the basis that anyone I want to speak to will ring my mobile or speak to me in person. The responses have ranged from instant hang-up to 'err... 1234?' occasionally I have to repeat 'your PIN, please' Getting the first question in puts most callers on the back foot, especially as the call is evidently going no further until they supply a valid PIN, I'm sure that some of those supplied are actual card PIN's by the guarded way they reveal them. In case you're wondering, in the event of a wrong PIN, my response is simply to disconnect the call (I have never chosen a correct PIN, so by default, they are all wrong).
Everyone in a while you pick up your phone and there is this unbelievable fast talking person after they get you to stay on the line for about 5 minutes, they then will start talking about your brothers and sisters with her name and they know what age they are, they go into extremely detailed discussion of your life and the amount of DEBT you have and about how much you owe in credit card debt. They also know how much you owe on your house and how they could get you a better rate.
I listened to one for two minutes he thought he had me fooled. I hung up on him, I don't have time for such foolishness. These guys are *GOOD*.
If you want the personal touch you can call these 1-800 (toll-free) and talk with a person that has a special talent and she will read you like you have never been read before. These girls are scary, They also get $5 a minute so they keep you on the line as long as possible.I am told these women are excellent talks and before long your phone bill is-logging with charges, first its $5 then connect time j
I very rarely use my home phone, except I keep it for distant friends and relatives who use the number to occasionally call. However, recently I have used the phone to call out, vet's, doctor etc.,, and without exception, I have had spam calls call back for a week or more afterwards. Yes, I am on TPS (which is totally useless anyway) but I also back it up with a Truecall gadget which means I can stop o'seas calls and find out who calls, supposedly local. (real o'sea callers have an extra code to get the phone to ring)
After being closely involved with a work colleague being scammed - first alerting her to it, and ccd in all bank discussions - it is VERY obvious that all these frauds are based on insiders within banks and utilities passing out personal information. Plus, I heard of another recent case that almost went as far as prosecution, then the CPS inexplicably "lost" all evidence. I think we need to accept that we now live in an extremely corrupt society. It wasn't always like this.
On the TPS list, and during 30 months with EE just the odd few calls we could blacklist. After 4 months with BT, and ExDiretctory, and still on TPS list, been getting 12+ unwanted/silent/spam calls per evening, now reducing since blacklisting all international and 'unknown' callers and adding numbers to the list weekly ... I think, no CONVINCED, that BT , or someone with access to their customer DB is selling this info . And the only thing I can do is once again switch providers at the end of the contrick. Although this process can be sweetened with new customer financial/value incentives, its fundamentally wrong that I need to get on this little merry go round every year, because the operator of one of the country's critical national infrastructure treats data security as a joke!
I had a call from a chap from Microsoft; insisted I had a problem with my laptop and was trying to get me to download and install a remote control piece of software to help diagnose the problem. I said his procedure for donwloading it didn't work - was it a problem that I was using a Mac? "Ah, hold one minute" he said .. click, brrrrrrrr.
How is this essentially any different from the years-old scam where they claim to be Microsoft and tell you your computer has been sending error reports and they just need you to give them control of it? Seriously, anyone who is dumb enough to fall for this deserves what's coming to them.
They continue to try it on with me, but as I don't use Windows, and I don't use BT for my broadband, it's rather obviously a scam.
I did a report on this ages ago, I contacted BT and got shot down in flames, despite 3 of my customers reporting slow internet, then with 24 hours they got calls back from fake BT people who knew all about their issues with the broadband - you cannot tell me that some BT staff are not selling or giving those details to a 3rd party, maybe friends or family too!
This is my post from August last year:
This has been going on since BT connected their phones to the internet and outsourced their call centres to India. One of the first scams was, "I'm an IBM/Microsoft engineer and we can see a problem with your computer, please give me your passwords and let us log on to fix it".
I got so fed up of it that I dreaded hearing an Indian voice on my phone and put the phone down. Later on I would mention, "sex and travel" but they did not catch on to that. Eventually BT started selling phones with caller ID and nuisance call blocking. These are an absolute must. As a much older person in a prosperous village we are a target for all types of chancers.
It is a hazard of BPO.
The identity theft is rampant with call center workers thinking Limey is rich and so a little credit card fraud won't hurt them. There are whole call centers setup to scam westerners.
It will only stop when it is made to hurt, something like the government in the offending area and the corporation that hired the service being made to pay a fine plus restitution.
It's quite clear that many large institutions do not protect the data properly.
Westpac Bank Australia,
My father in-law had an account with them Eg. Mr. Smith As he was not internet savvy, we added my personal email address for any required emails. It was the only place we ever associated my email with his name.
A while later came the typical grammatically challenged phishing email, To: jones at jones.com
Dear Mr Smith, Your account... I still have it on file somewhere.
Changed banks after that... if they can't look after an email address, how can they be trusted with money.
Not many may think this, but back in the day when flat caps and clogs were normal attire, data was sold by the company serving. Customer data is money. They don’t care who they sell to as long as they make ca$h. O.k. It could be data centre employees, or simply poor security of Customer data i.e. some spam head has bought their photos in on a usb stick to show Carley and Treyvon who sits next to them.....ooo look at the puppy pics I have just loaded along with a nasty worm from that freeware site who prints photos for ‘free’ mwahahahahahaha.....data sucked live from the system.....
Education is lacking and common sense moreso. Crikey the airheads these days walk into street furniture because they cannot get off social media so don’t expect this load of cannon fodder to safeguard your data anytime soon......
Got a scam mobile phone contract call a few weeks back
Managed to piss the caller off so much he told me I was "the rudest person he'd spoken to that day". He rang off when I said that if he stayed on the line he'd find I was the rudest he'd speak to all week.......
He tried calling again a few hours later, asking for the company director. So I told him the "director" said "F*** Off". Not heard from him again
2 months ago, I got call from local number with automated announcement claiming to be BT network provider, and using TEAMVIEW managed to access my computer, and attempted to SCAM & locked my PC. When I rang the local number, it was dead number.
On 25/5/18, I got call from 08000 988 674, claiming to BT network provider. When I mentioned word 'scam', the caller hanged up the call. Can anybody investigate where this call is coming from.
Biting the hand that feeds IT © 1998–2021