Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.mobile.android > #146914 > unrolled thread

"'Scammers stole £40k after EDF gave out my number"

Started byJava Jive <java@evij.com.invalid>
First post2025-03-03 12:27 +0000
Last post2025-03-15 08:48 -0400
Articles 3 on this page of 123 — 14 participants

Back to article view | Back to comp.mobile.android


Contents

  "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-03 12:27 +0000
    Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-03 10:47 -0500
      Re: "'Scammers stole £40k after EDF gave out my number" David Rance <david@SPAMOFF.invalid> - 2025-03-03 17:13 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-03 17:33 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" David Rance <david@SPAMOFF.invalid> - 2025-03-03 18:20 +0000
    Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-03 15:54 +0000
    Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 17:25 +0000
      Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-03 17:38 +0000
      Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-03 14:04 -0500
        Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 19:28 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:36 +0100
        Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:35 +0100
          Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-03 17:35 -0500
            Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-04 02:49 +0100
              Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-04 08:07 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-03 22:58 +0000
            Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-04 02:50 +0100
              Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-03 21:23 -0700
            Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-04 06:43 +0000
              Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-04 09:22 -0700
                Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-04 16:40 +0000
                  Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-04 10:21 -0700
                    Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-04 18:37 +0000
            Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-04 14:46 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-03 21:38 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-03 17:31 -0500
            Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-04 08:13 +0000
              Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-04 08:09 -0500
                Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-04 16:22 +0000
                Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-04 21:09 +0000
                  Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-04 19:43 -0500
                    Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-05 05:34 +0000
                      Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 08:22 -0500
                        Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-05 16:15 +0000
                    Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 09:44 +0100
                      Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 13:15 +0100
                        Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 08:47 -0500
                          Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 14:27 +0000
                            Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 10:42 -0500
                              Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 16:51 +0000
                              Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 17:21 +0000
                                Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 12:37 -0500
                                  Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-05 18:03 +0000
                                    Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 16:00 -0500
                                      Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 22:07 +0100
                                      Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-06 15:42 +0000
                                        Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-06 19:28 +0100
                                  Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 18:23 +0000
                                    Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 16:01 -0500
                                      Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 21:03 +0000
                                  Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 18:40 +0000
                          Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 18:02 +0100
                            Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 21:04 +0100
                      Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 08:12 -0500
                      Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 13:29 +0000
                        Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 17:38 +0100
                          Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 17:25 +0000
                            Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 21:44 +0100
                          Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 18:45 +0000
                    Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 13:25 +0000
                  Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 13:25 +0000
                    Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 14:57 +0100
                      Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-05 14:10 +0000
                        Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-05 16:26 +0000
                      Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 14:33 +0000
                        Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 21:08 +0100
      Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-03 19:25 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 19:43 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:40 +0100
            Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 21:26 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:38 +0100
        Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 20:54 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-04 07:19 +0000
      Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:31 +0100
    Re: "'Scammers stole £40k after EDF gave out my number" Brian Gregory <void-invalid-dead-dontuse@email.invalid> - 2025-03-06 01:56 +0000
      Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-06 13:54 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" Tweed <usenet.tweed@gmail.com> - 2025-03-06 14:57 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-06 11:09 -0500
          Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-06 11:17 -0700
            Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-07 09:12 -0500
              Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-07 09:35 -0700
          Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-06 18:24 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-06 19:36 +0100
            Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-07 09:17 -0500
              Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-07 16:16 +0100
              Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-08 10:30 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" Brian Gregory <void-invalid-dead-dontuse@email.invalid> - 2025-03-06 16:37 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-06 19:53 +0000
            Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-07 07:37 +0000
              Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-07 10:46 +0100
            Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-07 13:24 +0000
              Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-07 09:38 -0500
                Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-07 15:35 +0000
                Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-07 15:46 +0000
                Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-14 18:49 +0000
                  Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-15 09:53 +0000
                  Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-15 11:46 +0000
                    Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-15 08:35 -0400
                      Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-15 17:53 +0000
                        Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-15 19:27 +0000
                        Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-15 23:30 -0400
                          Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-16 05:01 +0000
                            Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-16 08:47 -0400
                          Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-16 13:47 +0000
                            Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-16 15:13 +0000
                              Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-16 16:04 +0000
                                Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-16 18:00 +0000
                                  Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-17 08:53 +0000
                                    Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-17 13:53 +0000
                                      Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-17 14:53 +0000
                                        Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-17 18:44 +0000
                                          Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-20 10:42 +0000
                                            Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-20 12:48 +0000
                                              Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-20 13:18 +0000
                                                Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-20 13:27 +0000
                                                  Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-20 14:28 +0000
                                                    Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-20 16:02 +0000
                                                      Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-20 13:00 -0400
                            Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-16 11:54 -0400
                              Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-16 16:09 +0000
                              Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-16 19:23 +0000
                              Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-16 23:10 +0100
                  Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-15 08:48 -0400

Page 7 of 7 — ← Prev page 1 2 3 4 5 6 [7]


#147190

FromFrank Slootweg <this@ddress.is.invalid>
Date2025-03-16 19:23 +0000
Message-ID<vr7bvd.r4o.1@ID-201911.user.individual.net>
In reply to#147182
Newyana2 <newyana@invalid.nospam> wrote:
> On 3/16/2025 9:47 AM, Java Jive wrote:
> 
> > and went on to hack ...".  Further, if you reread the original report in 
> > its entirety, how would he have persuaded EDF to give up the victim's 
> > mobile number without personal identifying information that came from 
> > access to his emails? 
> 
> "
> EDF explained the fraudster had his name and email address and had asked 
> EDF to give them his mobile number, which the company did.
> 
> "I said, 'Why would you do that?' They said the person had gone through 
> security. 'With a name and email address', I asked?," he said.
> 
> "EDF said, 'Yes' - and then offered me a £50 goodwill gesture to close 
> the case.
> "
> 
>     You seem determined to not know the facts. So that you
> can feel safe using 2FA?

  And you seem to mix up *knowing the email address* with *having access
to the email account*. (AFAIC,) The latter is what Java Jive is
referring to: "personal identifying information that came from access to
his emails".

  You might know my email address, but that doesn't mean you have access
to my emails.

[...]

[toc] | [prev] | [next] | [standalone]


#147195

From"Carlos E.R." <robin_listas@es.invalid>
Date2025-03-16 23:10 +0100
Message-ID<brujalxi1k.ln2@Telcontar.valinor>
In reply to#147182
On 2025-03-16 16:54, Newyana2 wrote:
> On 3/16/2025 9:47 AM, Java Jive wrote:
> 
>> and went on to hack ...".  Further, if you reread the original report 
>> in its entirety, how would he have persuaded EDF to give up the 
>> victim's mobile number without personal identifying information that 
>> came from access to his emails? 
> 
> "
> EDF explained the fraudster had his name and email address and had asked 
> EDF to give them his mobile number, which the company did.
> 
> "I said, 'Why would you do that?' They said the person had gone through 
> security. 'With a name and email address', I asked?," he said.
> 
> "EDF said, 'Yes' - and then offered me a £50 goodwill gesture to close 
> the case.
> "
> 
>     You seem determined to not know the facts. So that you
> can feel safe using 2FA?
> 
>> Next, how would he have been able to confirm the request for a 
>> replacement SIM without being able to reply to the confirmatory email?
>>
> 
>      As far as I can see, that part is not in the article. O2 never
> details exactly how the SIM swap happened. The article is not
> clear about all the details. Did the scammer have access to
> security question answers? Was he just a smooth talker? I
> don't see anyplace where that's mentioned. It's possible the email
> was hacked first, but that's never stated. The implication is that
> based on having some personal data, the scammer was able to
> do a SIM swap. Once that's done, getting into the email is easy
> because 2FA is a weak link.

According to the post by Theo, going by the radio program me on BBC, the 
exact sequence was:


- received a text from O2 (mobile operator) saying he'd changed his password
- contacted O2 straightaway and told SIM had been swapped
- told they'd stop that and send out a new SIM card, emailed to confirm
- next morning, email from EDF (energy supplier) asking for feedback on
recent contact with customer services
- called EDF, told they'd pass it on to the fraud section and get back 
to him
...

...

-- 
Cheers, Carlos.

[toc] | [prev] | [next] | [standalone]


#147165

FromNewyana2 <newyana@invalid.nospam>
Date2025-03-15 08:48 -0400
Message-ID<vr3st1$3htng$1@dont-email.me>
In reply to#147160
On 3/14/2025 2:49 PM, Theo wrote:

> Expert says this all started from Ofcom (regulator) making it easier to
> change mobile provider in under 2 mins.  Some mobile operators thinking in
> that way and not thinking about scams - can switch within networks without
> even needing the code.
> 
> ----
> 
> Speculating, I would guess they started with the SIM swap.  I don't know the
> O2 procedure, but it's possible to have SIMs which are unregistered or only
> lightly registered (eg no online account).  In that case there isn't much
> security information the operator has, or it could be easy to find out
> (pet's name, place of birth, etc).  Scammer contacts the provider to say you
> broke your SIM card and need a new one and they don't have very much to
> authenticate you.  If they can make that stick they can maybe then do a
> password reset on the email which uses SMS as a recovery mechanism, and then
> they're in.
> 

  This also highlights another increasing problem: More and
more companies are cutting corners by hiring cheap phone
services in India or even using automated "help" email.

   I recently had trouble watching movies on Hoopla, an
American service that works through libraries. There's no
phone number to call. When I emailed support I just kept
getting the same response: "Try these steps and let us know
if there's still a problem." The steps are posted in a webpage.
So basically they have a bot that answers all support
questions with "See our support webpage." No one is minding
the store.

   In a similar scenario with AxVoice VOIP, the VOIP device
stopped working. As near as I could tell, their support consisted
of someone in India who worked 2 hours per day. Each email
took 24+ hours to answer. It took 3-4 days to get to the
point of "OK. Send the device to this address and we'll close
your account."

    Once responsible humans are removed, things can go very
badly because there's no common sense factor. This started
with retail stores, where the clerks don't know what they carry
because "the computer handles that". Now it's escalated to
bizarre scenarios like a news item last week where a woman
tried to cancel a Spotify subscription that her husband had
set up and forgotten many years ago. She had to call in
outside help -- a local news station to embarass Spotify
publicly.

[toc] | [prev] | [standalone]


Page 7 of 7 — ← Prev page 1 2 3 4 5 6 [7]

Back to top | Article view | comp.mobile.android


csiph-web