Reply to post: Vodafone "security"

Visual voicemail hack makes your messages a snack

Anonymous Coward
Anonymous Coward

Vodafone "security"

My business account was fraudulently used to "purchase" three iPhones (long story, but basically the fraudsters get them delivered to the registered address, phone up claiming to be Vodafone saying "they were sent it error" and hope you'll fall for it and let them collected and "return" the phones).

I called Voda as soon as I spotted what was going on. "Oh, so it wasn't you (the only name on the account) who phoned up earlier to place the order then"?

In the past they had never asked what I considered to be "security questions" when I phoned them - I assumed they knew it was "me" as I was calling from the registered handset (they certainly knew my name). After talking to them I spotted the flaw in their security process - it seems they had been "taking me through security" in the past. They would ask for:

1) My name;

2) The company name;

3) The registered office address.

That's it! So, "security" for Ltd.Co. accounts is based on information that's public record?

Doh!

*My reward for all the bother was to have my online account cancelled (without notice), cancellation of my direct debit (also without notice, resulting in missing a payment) and several months of incorrect bills whilst the corrections to corrections were corrected.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022