Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.mobile.android > #146914 > unrolled thread

"'Scammers stole £40k after EDF gave out my number"

Started byJava Jive <java@evij.com.invalid>
First post2025-03-03 12:27 +0000
Last post2025-03-15 08:48 -0400
Articles 20 on this page of 123 — 14 participants

Back to article view | Back to comp.mobile.android


Contents

  "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-03 12:27 +0000
    Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-03 10:47 -0500
      Re: "'Scammers stole £40k after EDF gave out my number" David Rance <david@SPAMOFF.invalid> - 2025-03-03 17:13 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-03 17:33 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" David Rance <david@SPAMOFF.invalid> - 2025-03-03 18:20 +0000
    Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-03 15:54 +0000
    Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 17:25 +0000
      Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-03 17:38 +0000
      Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-03 14:04 -0500
        Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 19:28 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:36 +0100
        Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:35 +0100
          Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-03 17:35 -0500
            Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-04 02:49 +0100
              Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-04 08:07 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-03 22:58 +0000
            Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-04 02:50 +0100
              Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-03 21:23 -0700
            Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-04 06:43 +0000
              Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-04 09:22 -0700
                Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-04 16:40 +0000
                  Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-04 10:21 -0700
                    Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-04 18:37 +0000
            Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-04 14:46 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-03 21:38 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-03 17:31 -0500
            Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-04 08:13 +0000
              Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-04 08:09 -0500
                Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-04 16:22 +0000
                Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-04 21:09 +0000
                  Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-04 19:43 -0500
                    Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-05 05:34 +0000
                      Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 08:22 -0500
                        Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-05 16:15 +0000
                    Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 09:44 +0100
                      Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 13:15 +0100
                        Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 08:47 -0500
                          Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 14:27 +0000
                            Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 10:42 -0500
                              Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 16:51 +0000
                              Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 17:21 +0000
                                Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 12:37 -0500
                                  Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-05 18:03 +0000
                                    Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 16:00 -0500
                                      Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 22:07 +0100
                                      Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-06 15:42 +0000
                                        Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-06 19:28 +0100
                                  Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 18:23 +0000
                                    Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 16:01 -0500
                                      Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 21:03 +0000
                                  Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 18:40 +0000
                          Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 18:02 +0100
                            Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 21:04 +0100
                      Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 08:12 -0500
                      Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 13:29 +0000
                        Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 17:38 +0100
                          Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 17:25 +0000
                            Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 21:44 +0100
                          Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 18:45 +0000
                    Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 13:25 +0000
                  Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 13:25 +0000
                    Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 14:57 +0100
                      Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-05 14:10 +0000
                        Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-05 16:26 +0000
                      Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 14:33 +0000
                        Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 21:08 +0100
      Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-03 19:25 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 19:43 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:40 +0100
            Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 21:26 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:38 +0100
        Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 20:54 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-04 07:19 +0000
      Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:31 +0100
    Re: "'Scammers stole £40k after EDF gave out my number" Brian Gregory <void-invalid-dead-dontuse@email.invalid> - 2025-03-06 01:56 +0000
      Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-06 13:54 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" Tweed <usenet.tweed@gmail.com> - 2025-03-06 14:57 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-06 11:09 -0500
          Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-06 11:17 -0700
            Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-07 09:12 -0500
              Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-07 09:35 -0700
          Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-06 18:24 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-06 19:36 +0100
            Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-07 09:17 -0500
              Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-07 16:16 +0100
              Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-08 10:30 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" Brian Gregory <void-invalid-dead-dontuse@email.invalid> - 2025-03-06 16:37 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-06 19:53 +0000
            Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-07 07:37 +0000
              Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-07 10:46 +0100
            Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-07 13:24 +0000
              Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-07 09:38 -0500
                Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-07 15:35 +0000
                Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-07 15:46 +0000
                Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-14 18:49 +0000
                  Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-15 09:53 +0000
                  Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-15 11:46 +0000
                    Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-15 08:35 -0400
                      Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-15 17:53 +0000
                        Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-15 19:27 +0000
                        Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-15 23:30 -0400
                          Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-16 05:01 +0000
                            Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-16 08:47 -0400
                          Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-16 13:47 +0000
                            Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-16 15:13 +0000
                              Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-16 16:04 +0000
                                Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-16 18:00 +0000
                                  Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-17 08:53 +0000
                                    Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-17 13:53 +0000
                                      Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-17 14:53 +0000
                                        Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-17 18:44 +0000
                                          Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-20 10:42 +0000
                                            Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-20 12:48 +0000
                                              Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-20 13:18 +0000
                                                Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-20 13:27 +0000
                                                  Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-20 14:28 +0000
                                                    Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-20 16:02 +0000
                                                      Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-20 13:00 -0400
                            Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-16 11:54 -0400
                              Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-16 16:09 +0000
                              Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-16 19:23 +0000
                              Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-16 23:10 +0100
                  Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-15 08:48 -0400

Page 4 of 7 — ← Prev page 1 2 3 [4] 5 6 7  Next page →


#146983

FromFrank Slootweg <this@ddress.is.invalid>
Date2025-03-05 13:25 +0000
Message-ID<vq9m13.2jc.1@ID-201911.user.individual.net>
In reply to#146968
Chris <ithinkiam@gmail.com> wrote:
[...]
> Fortunately, the victim has had his 40k refunded. 

  Do you have a reference - with details - for that? I.e. who accepted
responsibility for which fault(s)?

[toc] | [prev] | [next] | [standalone]


#146986

From"Carlos E.R." <robin_listas@es.invalid>
Date2025-03-05 14:57 +0100
Message-ID<or1m9lxa3d.ln2@Telcontar.valinor>
In reply to#146983
On 2025-03-05 14:25, Frank Slootweg wrote:
> Chris <ithinkiam@gmail.com> wrote:
> [...]
>> Fortunately, the victim has had his 40k refunded.
> 
>    Do you have a reference - with details - for that? I.e. who accepted
> responsibility for which fault(s)?

Quote: «National Savings and Investments said it had refunded him the 
money taken from his account.»

And that's the £40000, because earlier it reads (quote):

«Worse news was to come, when he learned his National Savings and 
Investments password had been changed.

"After an hour of talking to different people there, they said, 'You've 
actually taken out a very large amount of premium bonds, over £40,000'," 
said Stephen.»

-- 
Cheers, Carlos.

[toc] | [prev] | [next] | [standalone]


#146987

FromTheo <theom+news@chiark.greenend.org.uk>
Date2025-03-05 14:10 +0000
Message-ID<YFe*ABH8z@news.chiark.greenend.org.uk>
In reply to#146986
In comp.mobile.android Carlos E.R. <robin_listas@es.invalid> wrote:
> On 2025-03-05 14:25, Frank Slootweg wrote:
> > Chris <ithinkiam@gmail.com> wrote:
> > [...]
> >> Fortunately, the victim has had his 40k refunded.
> > 
> >    Do you have a reference - with details - for that? I.e. who accepted
> > responsibility for which fault(s)?
> 
> Quote: «National Savings and Investments said it had refunded him the 
> money taken from his account.»
> 
> And that's the £40000, because earlier it reads (quote):
> 
> «Worse news was to come, when he learned his National Savings and 
> Investments password had been changed.
> 
> "After an hour of talking to different people there, they said, 'You've 
> actually taken out a very large amount of premium bonds, over £40,000'," 
> said Stephen.»

What I don't understand is how that's a fraud vector.  NS&I premium bonds
(a kind of government-backed savings account with 'interest' generated by a
lottery-style algorithm, with certain tax advantages because they count as a
lottery not savings) used to be paper things that you could 'hold'.  But
nowadays it's all electronic - it's a savings account in your name
effectively.  So if he did buy £40k of premium bonds, I don't know how the
fraudster would have cashed that out - unless there's some flaw in the PB
system?

Theo

[toc] | [prev] | [next] | [standalone]


#146992

FromChris <ithinkiam@gmail.com>
Date2025-03-05 16:26 +0000
Message-ID<vq9tvn$2g7f3$1@dont-email.me>
In reply to#146987
Theo <theom+news@chiark.greenend.org.uk> wrote:
> In comp.mobile.android Carlos E.R. <robin_listas@es.invalid> wrote:
>> On 2025-03-05 14:25, Frank Slootweg wrote:
>>> Chris <ithinkiam@gmail.com> wrote:
>>> [...]
>>>> Fortunately, the victim has had his 40k refunded.
>>> 
>>> Do you have a reference - with details - for that? I.e. who accepted
>>> responsibility for which fault(s)?
>> 
>> Quote: «National Savings and Investments said it had refunded him the 
>> money taken from his account.»
>> 
>> And that's the £40000, because earlier it reads (quote):
>> 
>> «Worse news was to come, when he learned his National Savings and 
>> Investments password had been changed.
>> 
>> "After an hour of talking to different people there, they said, 'You've 
>> actually taken out a very large amount of premium bonds, over £40,000'," 
>> said Stephen.»
> 
> What I don't understand is how that's a fraud vector.  NS&I premium bonds
> (a kind of government-backed savings account with 'interest' generated by a
> lottery-style algorithm, with certain tax advantages because they count as a
> lottery not savings) used to be paper things that you could 'hold'.  But
> nowadays it's all electronic - it's a savings account in your name
> effectively.  So if he did buy £40k of premium bonds, I don't know how the
> fraudster would have cashed that out - unless there's some flaw in the PB
> system?

Yeah, I'm not sure how it worked either. 

I had some PBs until recently and you can only withdraw to a designated
bank account and it takes a couple of days. They do use 2FA, but it was
only enforced (relatively) recently so if the victim hadn't logged in for a
while it might not have been set up. 

So given it took 48 hours for him to realise he'd been compromised and he
only had email authentication set up, then the thief could have had time to
change the bank details and then withdrawn the PBs. 

[toc] | [prev] | [next] | [standalone]


#146989

FromFrank Slootweg <this@ddress.is.invalid>
Date2025-03-05 14:33 +0000
Message-ID<vq9qs1.16p4.1@ID-201911.user.individual.net>
In reply to#146986
Carlos E.R. <robin_listas@es.invalid> wrote:
> On 2025-03-05 14:25, Frank Slootweg wrote:
> > Chris <ithinkiam@gmail.com> wrote:
> > [...]
> >> Fortunately, the victim has had his 40k refunded.
> > 
> >    Do you have a reference - with details - for that? I.e. who accepted
> > responsibility for which fault(s)?
> 
> Quote: «National Savings and Investments said it had refunded him the 
> money taken from his account.»
> 
> And that's the £40000, because earlier it reads (quote):
> 
> «Worse news was to come, when he learned his National Savings and 
> Investments password had been changed.
> 
> "After an hour of talking to different people there, they said, 'You've 
> actually taken out a very large amount of premium bonds, over £40,000'," 
> said Stephen.»

  Thanks for that! I apparently overlooked the first quote. I only saw
the £50 "goodwill gesture" from EDF, which was a clear insult and so was
the £125 "goodwill gesture" from O2 Virgin Media.

[toc] | [prev] | [next] | [standalone]


#147004

From"Carlos E.R." <robin_listas@es.invalid>
Date2025-03-05 21:08 +0100
Message-ID<ijnm9lxm9k.ln2@Telcontar.valinor>
In reply to#146989
On 2025-03-05 15:33, Frank Slootweg wrote:
> Carlos E.R. <robin_listas@es.invalid> wrote:
>> On 2025-03-05 14:25, Frank Slootweg wrote:
>>> Chris <ithinkiam@gmail.com> wrote:
>>> [...]
>>>> Fortunately, the victim has had his 40k refunded.
>>>
>>>     Do you have a reference - with details - for that? I.e. who accepted
>>> responsibility for which fault(s)?
>>
>> Quote: «National Savings and Investments said it had refunded him the
>> money taken from his account.»
>>
>> And that's the £40000, because earlier it reads (quote):
>>
>> «Worse news was to come, when he learned his National Savings and
>> Investments password had been changed.
>>
>> "After an hour of talking to different people there, they said, 'You've
>> actually taken out a very large amount of premium bonds, over £40,000',"
>> said Stephen.»
> 
>    Thanks for that! I apparently overlooked the first quote. I only saw
> the £50 "goodwill gesture" from EDF, which was a clear insult and so was
> the £125 "goodwill gesture" from O2 Virgin Media.

The article has the information not in order, spread all over the text. 
The refund line is very near the end.

-- 
Cheers, Carlos.

[toc] | [prev] | [next] | [standalone]


#146924

FromChris <ithinkiam@gmail.com>
Date2025-03-03 19:25 +0000
Message-ID<vq4vo3$1er4v$1@dont-email.me>
In reply to#146919
Andy Burns <usenet@andyburns.uk> wrote:
> Java Jive wrote:
> 
>> "Scammers stole £40k after EDF gave out my number"
> 
> Clearly EDF shouldn't go about giving out customer information, but I 
> ought to be able to paint my mobile number in 1ft high letters on the 
> side of my house and not have my SIM "swapped"

You can. But if you /also/ add your full name and email address, then all
bets are off. 

> All UK networks should take extra security measures, such as writing to 
> customers at known address to confirm such a drastic action.

I'd be stupendously annoyed at any company giving my phone number to anyone
including myself. Why would I legitimately ever need to be told my own
mobile number? 

[toc] | [prev] | [next] | [standalone]


#146926

FromAndy Burns <usenet@andyburns.uk>
Date2025-03-03 19:43 +0000
Message-ID<m2mf3oF5im1U1@mid.individual.net>
In reply to#146924
Chris wrote:

> Why would I legitimately ever need to be told my own
> mobile number?

But why is knowing my mobile number sufficient to rip off my mobile 
account?  I'd say hundreds of people know my mobile number ...

[toc] | [prev] | [next] | [standalone]


#146932

From"Carlos E.R." <robin_listas@es.invalid>
Date2025-03-03 21:40 +0100
Message-ID<omgh9lxofo.ln2@Telcontar.valinor>
In reply to#146926
On 2025-03-03 20:43, Andy Burns wrote:
> Chris wrote:
> 
>> Why would I legitimately ever need to be told my own
>> mobile number?
> 
> But why is knowing my mobile number sufficient to rip off my mobile 
> account?  I'd say hundreds of people know my mobile number ...

They managed to did a SIM swap. For this they needed to trick some 
agency that duplicates SIMs into thinking it is really you who requests 
the duplicate SIM.

-- 
Cheers, Carlos.

[toc] | [prev] | [next] | [standalone]


#146935

FromAndy Burns <usenet@andyburns.uk>
Date2025-03-03 21:26 +0000
Message-ID<m2ml43F68k5U2@mid.individual.net>
In reply to#146932
"Carlos E.R." wrote:

> They managed to did a SIM swap. For this they needed to trick some 
> agency that duplicates SIMs into thinking it is really you who requests 
> the duplicate SIM.

I only know the tabloid headline version of what's involved in a SIM 
swap, clearly the networks don't want to give out information about how 
it's actually done, but I wish I knew more about that e.g. to choose a 
network that protects their customers better ... I don't think any 
mobile network has ever invited me to setup TOTP/2FA on my account.

[toc] | [prev] | [next] | [standalone]


#146933

From"Carlos E.R." <robin_listas@es.invalid>
Date2025-03-03 21:38 +0100
Message-ID<1kgh9lxofo.ln2@Telcontar.valinor>
In reply to#146924
On 2025-03-03 20:25, Chris wrote:
> Andy Burns <usenet@andyburns.uk> wrote:
>> Java Jive wrote:
>>
>>> "Scammers stole £40k after EDF gave out my number"
>>
>> Clearly EDF shouldn't go about giving out customer information, but I
>> ought to be able to paint my mobile number in 1ft high letters on the
>> side of my house and not have my SIM "swapped"
> 
> You can. But if you /also/ add your full name and email address, then all
> bets are off.

It is quite normal for a person conducting business to publish all that, 
in order to be contacted by clients. You might have two phones, then.


> 
>> All UK networks should take extra security measures, such as writing to
>> customers at known address to confirm such a drastic action.
> 
> I'd be stupendously annoyed at any company giving my phone number to anyone
> including myself. Why would I legitimately ever need to be told my own
> mobile number?

To confirm that it is properly stored, because I claim I lost a phone call.

-- 
Cheers, Carlos.

[toc] | [prev] | [next] | [standalone]


#146934

FromAndy Burns <usenet@andyburns.uk>
Date2025-03-03 20:54 +0000
Message-ID<m2mj7sF68k5U1@mid.individual.net>
In reply to#146924
Chris wrote:

> I'd be stupendously annoyed at any company giving my phone number to anyone
> including myself. Why would I legitimately ever need to be told my own
> mobile number?
True enough, but why should knowing anyone's phone number let the 
criminals take over the phone account?

I must admit when I hear these stories, same as Newyana2 I tend to think 
there's something not being told about how it happens, like obvious 
passwords or identical passwords used for everything ...

[toc] | [prev] | [next] | [standalone]


#146949

FromChris <ithinkiam@gmail.com>
Date2025-03-04 07:19 +0000
Message-ID<vq69i7$1p77u$1@dont-email.me>
In reply to#146934
Andy Burns <usenet@andyburns.uk> wrote:
> Chris wrote:
> 
>> I'd be stupendously annoyed at any company giving my phone number to anyone
>> including myself. Why would I legitimately ever need to be told my own
>> mobile number?
> True enough, but why should knowing anyone's phone number let the 
> criminals take over the phone account?

I don't know specifics, but from other accounts I've heard it's often a
mixture of luck and guesswork on the side of the thief. Now that they know
a few bits of information about you they can try and reuse that info to get
access to your accounts. Email is the prize, but others can be useful. 

> I must admit when I hear these stories, same as Newyana2 I tend to think 
> there's something not being told about how it happens, like obvious 
> passwords or identical passwords used for everything ...

I agree, although for many cases it won't be fully known. 

[toc] | [prev] | [next] | [standalone]


#146928

From"Carlos E.R." <robin_listas@es.invalid>
Date2025-03-03 21:31 +0100
Message-ID<o6gh9lxofo.ln2@Telcontar.valinor>
In reply to#146919
On 2025-03-03 18:25, Andy Burns wrote:
> Java Jive wrote:
> 
>> "Scammers stole £40k after EDF gave out my number"
> 
> Clearly EDF shouldn't go about giving out customer information, but I 
> ought to be able to paint my mobile number in 1ft high letters on the 
> side of my house and not have my SIM "swapped"
> 
> All UK networks should take extra security measures, such as writing to 
> customers at known address to confirm such a drastic action.

Or start by phoning them.

-- 
Cheers, Carlos.

[toc] | [prev] | [next] | [standalone]


#147013

FromBrian Gregory <void-invalid-dead-dontuse@email.invalid>
Date2025-03-06 01:56 +0000
Message-ID<m2sdlgF2fjiU1@mid.individual.net>
In reply to#146914
On 03/03/2025 12:27, Java Jive wrote:
> So, EDF allowed them to go from his email address to obtaining his 
> mobile phone number for a SIM-swap scam, but I wonder how they managed 
> to go from either to all his savings accounts, unless they'd also 
> compromised his PC or phone as well; if the latter, why did they need to 
> go via EDF?

Once you've got the email and done the SIM swap scam or hacked SS7 to 
read someone’s incoming SMS, that's enough, or almost enough, to get in 
to all sorts of things via the I've forgotten my password link on their 
websites.

-- 
Brian Gregory (in England).

[toc] | [prev] | [next] | [standalone]


#147027

FromJava Jive <java@evij.com.invalid>
Date2025-03-06 13:54 +0000
Message-ID<vqc9e4$30gdm$1@dont-email.me>
In reply to#147013
On 2025-03-06 01:56, Brian Gregory wrote:
>
> On 03/03/2025 12:27, Java Jive wrote:
>>
>> So, EDF allowed them to go from his email address to obtaining his 
>> mobile phone number for a SIM-swap scam, but I wonder how they managed 
>> to go from either to all his savings accounts, unless they'd also 
>> compromised his PC or phone as well; if the latter, why did they need 
>> to go via EDF?
> 
> Once you've got the email and done the SIM swap scam or hacked SS7 to 
> read someone’s incoming SMS, that's enough, or almost enough, to get in 
> to all sorts of things via the I've forgotten my password link on their 
> websites.

But how would they know which banks, savings accounts, etc, to target 
without additional information?  Just knowing his email address on its 
own would not be enough for this, there must be hundreds of people who 
know my email address, because they send me emails via it, but that fact 
alone doesn't make me vulnerable to hacking.

At very least, they would have had to be able to read his emails, which 
would imply that the original problem was not EDF giving out his mobile 
number  -  which certainly they should not have done, and without that 
second breach of confidentiality it is true that the scam could not have 
progressed further, so they are undeniably at fault  -  but something 
like his email password being hacked somehow or other beforehand.  How 
the latter could happen would be pure speculation as the original report 
I linked gave no details, but most probably either he clicked on 
something in a phishing scam email, or installed some dodgy software, or 
a site he visits was hacked and he used the same password in too many 
places.

-- 

Fake news kills!

I may be contacted via the contact address given on my website: 
www.macfh.co.uk

[toc] | [prev] | [next] | [standalone]


#147028

FromTweed <usenet.tweed@gmail.com>
Date2025-03-06 14:57 +0000
Message-ID<vqcd5k$314au$1@dont-email.me>
In reply to#147027
Java Jive <java@evij.com.invalid> wrote:
> On 2025-03-06 01:56, Brian Gregory wrote:
>> 
>> On 03/03/2025 12:27, Java Jive wrote:
>>> 
>>> So, EDF allowed them to go from his email address to obtaining his 
>>> mobile phone number for a SIM-swap scam, but I wonder how they managed 
>>> to go from either to all his savings accounts, unless they'd also 
>>> compromised his PC or phone as well; if the latter, why did they need 
>>> to go via EDF?
>> 
>> Once you've got the email and done the SIM swap scam or hacked SS7 to 
>> read someone’s incoming SMS, that's enough, or almost enough, to get in 
>> to all sorts of things via the I've forgotten my password link on their 
>> websites.
> 
> But how would they know which banks, savings accounts, etc, to target 
> without additional information?  Just knowing his email address on its 
> own would not be enough for this, there must be hundreds of people who 
> know my email address, because they send me emails via it, but that fact 
> alone doesn't make me vulnerable to hacking.
> 
> At very least, they would have had to be able to read his emails, which 
> would imply that the original problem was not EDF giving out his mobile 
> number  -  which certainly they should not have done, and without that 
> second breach of confidentiality it is true that the scam could not have 
> progressed further, so they are undeniably at fault  -  but something 
> like his email password being hacked somehow or other beforehand.  How 
> the latter could happen would be pure speculation as the original report 
> I linked gave no details, but most probably either he clicked on 
> something in a phishing scam email, or installed some dodgy software, or 
> a site he visits was hacked and he used the same password in too many 
> places.
> 

If the scammer has passed EDF’s security, which seems to have happened,
perhaps they have the login credentials to the account. That would allow
them to obtain a pdf of the utility bill. Unfortunately a utility bill is
often demanded as a proof of ID. So perhaps the utility bill allowed access
to the mobile phone account. 

[toc] | [prev] | [next] | [standalone]


#147033

FromNewyana2 <newyana@invalid.nospam>
Date2025-03-06 11:09 -0500
Message-ID<vqchaq$31s6r$1@dont-email.me>
In reply to#147027
On 3/6/2025 8:54 AM, Java Jive wrote:
> On 2025-03-06 01:56, Brian Gregory wrote:
>>
>> On 03/03/2025 12:27, Java Jive wrote:
>>>
>>> So, EDF allowed them to go from his email address to obtaining his 
>>> mobile phone number for a SIM-swap scam, but I wonder how they 
>>> managed to go from either to all his savings accounts, unless they'd 
>>> also compromised his PC or phone as well; if the latter, why did they 
>>> need to go via EDF?
>>
>> Once you've got the email and done the SIM swap scam or hacked SS7 to 
>> read someone’s incoming SMS, that's enough, or almost enough, to get 
>> in to all sorts of things via the I've forgotten my password link on 
>> their websites.
> 
> But how would they know which banks, savings accounts, etc, to target 
> without additional information?  Just knowing his email address on its 
> own would not be enough for this, there must be hundreds of people who 
> know my email address, because they send me emails via it, but that fact 
> alone doesn't make me vulnerable to hacking.
> 
> At very least, they would have had to be able to read his emails

    Think of the average person. First there was the SIM swap, so
now the scammer is getting all texts. They're also getting
2FA codes. With the email address they go to that and say they
forgot their password. Then there are two possiiblities. They may
need to know security questions, or they may have a password
reset link sent to their cellphone. If it's the latter then they have
email access. That's part of the lesson here. 2FA is not safer. It's
riskier. It's bringing an insecure, portable device into the mix and
trusting that device fully.

   And most people use webmail, or at least IMAPwith email left
online so that they can read it from multiple devices. So all email
is there. It's not farfetched to think that they might find enough
data there to log into banking. No one has to bank online. No one
has to leave email on someone's server. Texts can be deleted. But
how many people follow such simple security guidelines? You can
see from the posts here that a lot of people will argue "'til the
cows come home" rather than admit that e-lifestyle is risky.

   Another possible factor is online data hacks, which have become
very common. There was a case awhile back of a company in Florida
that was just a data wholesaler, buying and selling personal info.
They got hacked. So getting security question info that way is
possible.

    The mystery here is why anyone thinks that dealing with
things like banking online, or putting important info in email left
indefinitely on servers, or leaving texts on one's phone, might be
safe. It's convenient. Period.

    Anyone who assumes they're safe conducting their life online
is simply an ostrich who doesn't want to know the facts. In
their defense, the facts are well hidden. But it's still ostrich
mentality, driven by laziness.

[toc] | [prev] | [next] | [standalone]


#147043

FromAJL <noemail@none.com>
Date2025-03-06 11:17 -0700
Message-ID<vqcorl$337fk$1@dont-email.me>
In reply to#147033
On 3/6/2025 9:09 AM, Newyana2 wrote:

> Anyone who assumes they're safe conducting their life online is
> simply an ostrich who doesn't want to know the facts. In their
> defense, the facts are well hidden. But it's still ostrich
> mentality, driven by laziness.

Perhaps the ostrich is anyone who thinks their life is not online these
days.

Go to the doctor? Your very personal info is online and available to the
office staff, the computer service techs, the billing company, the
insurance company, and of course hackers. Pay taxes? All online and
available to many (honest?) government employees. Own a home? Here (AZ
US) hackers are selling them without the owners knowledge using online
government title info. Retired? My info is online for both my state and
fed retirement accounts both of which are direct deposited into my
online bank account. Likewise most of my investments. I could fill a
couple of more paragraphs about folks living online these days but I
think even an ostrich would get my point.

So I don't think living on my phone as I do adds that much to the
danger. My sensitive apps require 2 passwords (phone entry and app
password) so I am not too worried about unauthorized access if lost. All
I need is a couple of hours to get home and change things. Less if the
wife is nearby with her phone.

And of course if you think keeping your sensitive stuff only on your
home computers keeps you safe then you should talk to my neighbor who
lost all his electronics in a burglary...



[toc] | [prev] | [next] | [standalone]


#147078

FromNewyana2 <newyana@invalid.nospam>
Date2025-03-07 09:12 -0500
Message-ID<vqeuq0$3ira8$1@dont-email.me>
In reply to#147043
On 3/6/2025 1:17 PM, AJL wrote:
> On 3/6/2025 9:09 AM, Newyana2 wrote:
> 
>> Anyone who assumes they're safe conducting their life online is
>> simply an ostrich who doesn't want to know the facts. In their
>> defense, the facts are well hidden. But it's still ostrich
>> mentality, driven by laziness.
> 
> Perhaps the ostrich is anyone who thinks their life is not online these
> days.
> 

    My life is not online. Of course there's data online. What I
meant was living through a cellphone and all that entails.

> Go to the doctor? Your very personal info is online and available to the
> office staff, the computer service techs, the billing company, the
> insurance company, and of course hackers. Pay taxes? All online and
> available to many (honest?) government employees. Own a home? Here (AZ
> US) hackers are selling them without the owners knowledge using online
> government title info. Retired? My info is online for both my state and
> fed retirement accounts both of which are direct deposited into my
> online bank account. Likewise most of my investments. I could fill a
> couple of more paragraphs about folks living online these days but I
> think even an ostrich would get my point.
> 

    Which is what? That your laziness is justified because the world
has already gone to hell? That's a good example of ostrich logic.
Non-ostrich means simply relating to your life rather than looking
for excuses not to. It's not a black/white issue. The irony is that
ostriches always put a lot of effort into defending their ignorance:

"My doctor already knows my phone number, and my SS payment
is auto-deposited, so why should I care that Google tracks me
everywhere I go?"

> And of course if you think keeping your sensitive stuff only on your
> home computers keeps you safe then you should talk to my neighbor who
> lost all his electronics in a burglary...
> 

   You missed the whole point. But I know that you're in
a rush to go buy something you don't need so that you
can get some cash back on your credit card... And I
know that you're proud of such clever consumerism.
So I won't bore you with clarifications. :)

[toc] | [prev] | [next] | [standalone]


Page 4 of 7 — ← Prev page 1 2 3 [4] 5 6 7  Next page →

Back to top | Article view | comp.mobile.android


csiph-web