Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > uk.telecom.mobile > #45840 > unrolled thread
| Started by | Java Jive <java@evij.com.invalid> |
|---|---|
| First post | 2025-03-03 12:27 +0000 |
| Last post | 2025-03-15 08:48 -0400 |
| Articles | 20 on this page of 111 — 14 participants |
Back to article view | Back to uk.telecom.mobile
"'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-03 12:27 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-03 10:47 -0500
Re: "'Scammers stole £40k after EDF gave out my number" David Rance <david@SPAMOFF.invalid> - 2025-03-03 17:13 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-03 17:33 +0000
Re: "'Scammers stole £40k after EDF gave out my number" David Rance <david@SPAMOFF.invalid> - 2025-03-03 18:20 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-03 15:54 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 17:25 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-03 14:04 -0500
Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 19:28 +0000
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:36 +0100
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:35 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-03 17:35 -0500
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-04 02:49 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-04 08:07 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-03 21:38 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-03 17:31 -0500
Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-04 08:13 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-04 08:09 -0500
Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-04 16:22 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-04 21:09 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-04 19:43 -0500
Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-05 05:34 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 08:22 -0500
Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-05 16:15 +0000
Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 09:44 +0100
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 13:15 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 08:47 -0500
Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 14:27 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 10:42 -0500
Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 16:51 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 17:21 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 12:37 -0500
Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-05 18:03 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 16:00 -0500
Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 22:07 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-06 15:42 +0000
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-06 19:28 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 18:23 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 16:01 -0500
Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 21:03 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 18:40 +0000
Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 18:02 +0100
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 21:04 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 08:12 -0500
Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 13:29 +0000
Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 17:38 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 17:25 +0000
Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 21:44 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 18:45 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 13:25 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 13:25 +0000
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 14:57 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-05 14:10 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-05 16:26 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 14:33 +0000
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 21:08 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-03 19:25 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 19:43 +0000
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:40 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 21:26 +0000
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:38 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 20:54 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-04 07:19 +0000
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:31 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Brian Gregory <void-invalid-dead-dontuse@email.invalid> - 2025-03-06 01:56 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-06 13:54 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Tweed <usenet.tweed@gmail.com> - 2025-03-06 14:57 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-06 11:09 -0500
Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-06 11:17 -0700
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-07 09:12 -0500
Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-07 09:35 -0700
Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-06 18:24 +0000
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-06 19:36 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-07 09:17 -0500
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-07 16:16 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-08 10:30 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Brian Gregory <void-invalid-dead-dontuse@email.invalid> - 2025-03-06 16:37 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-06 19:53 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-07 07:37 +0000
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-07 10:46 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-07 13:24 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-07 09:38 -0500
Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-07 15:35 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-07 15:46 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-14 18:49 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-15 09:53 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-15 11:46 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-15 08:35 -0400
Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-15 17:53 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-15 19:27 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-15 23:30 -0400
Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-16 13:47 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-16 15:13 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-16 16:04 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-16 18:00 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-17 08:53 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-17 13:53 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-17 14:53 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-17 18:44 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-20 10:42 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-20 12:48 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-20 13:18 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-20 13:27 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-20 14:28 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-20 16:02 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-20 13:00 -0400
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-16 11:54 -0400
Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-16 16:09 +0000
Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-16 19:23 +0000
Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-16 23:10 +0100
Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-15 08:48 -0400
Page 1 of 6 [1] 2 3 4 5 6 Next page →
| From | Java Jive <java@evij.com.invalid> |
|---|---|
| Date | 2025-03-03 12:27 +0000 |
| Subject | "'Scammers stole £40k after EDF gave out my number" |
| Message-ID | <vq478a$1a6p9$1@dont-email.me> |
"Scammers stole £40k after EDF gave out my number" https://www.bbc.co.uk/news/articles/ckg885lxd3jo [An unfortunate choice of photo of the victim, he looks really cheerful about it.] "A man targeted by fraudsters who got his mobile phone number from an energy company said he often woke up in the night thinking "what next?". Stephen, from Hertfordshire, had more than £40,000 taken from a savings account after his name and email address was used to get the information from EDF. Within 48 hours of his mobile phone number being divulged, his accounts with O2, Nationwide Building Society and Virgin Media had all been compromised. EDF said such incidents were rare but it took them seriously and added: "We are sorry for the difficulties this fraudulent caller has caused Stephen." ... '£50 to close the case' After more than a week, EDF finally responded about the call it thought Stephen made at 11:00 GMT on 3 February. EDF explained the fraudster had his name and email address and had asked EDF to give them his mobile number, which the company did. "I said, 'Why would you do that?' They said the person had gone through security. 'With a name and email address', I asked?," he said. "EDF said, 'Yes' - and then offered me a £50 goodwill gesture to close the case." So, EDF allowed them to go from his email address to obtaining his mobile phone number for a SIM-swap scam, but I wonder how they managed to go from either to all his savings accounts, unless they'd also compromised his PC or phone as well; if the latter, why did they need to go via EDF? -- Fake news kills! I may be contacted via the contact address given on my website: www.macfh.co.uk
[toc] | [next] | [standalone]
| From | Newyana2 <newyana@invalid.nospam> |
|---|---|
| Date | 2025-03-03 10:47 -0500 |
| Message-ID | <vq4isi$1ccn0$1@dont-email.me> |
| In reply to | #45840 |
On 3/3/2025 7:27 AM, Java Jive wrote: > "Scammers stole £40k after EDF gave out my number" > https://www.bbc.co.uk/news/articles/ckg885lxd3jo > > [An unfortunate choice of photo of the victim, he looks really cheerful > about it.] > > > "A man targeted by fraudsters who got his mobile phone number from an > energy company said he often woke up in the night thinking "what next?". > > Stephen, from Hertfordshire, had more than £40,000 taken from a savings > account after his name and email address was used to get the information > from EDF. > > Within 48 hours of his mobile phone number being divulged, his accounts > with O2, Nationwide Building Society and Virgin Media had all been > compromised. > > EDF said such incidents were rare but it took them seriously and added: > "We are sorry for the difficulties this fraudulent caller has caused > Stephen." > > ... > > > '£50 to close the case' > > After more than a week, EDF finally responded about the call it thought > Stephen made at 11:00 GMT on 3 February. > > EDF explained the fraudster had his name and email address and had asked > EDF to give them his mobile number, which the company did. > > "I said, 'Why would you do that?' They said the person had gone through > security. 'With a name and email address', I asked?," he said. > > "EDF said, 'Yes' - and then offered me a £50 goodwill gesture to close > the case." > > > So, EDF allowed them to go from his email address to obtaining his > mobile phone number for a SIM-swap scam, but I wonder how they managed > to go from either to all his savings accounts, unless they'd also > compromised his PC or phone as well; if the latter, why did they need to > go via EDF? > It sounds like some of the story is missing. (Not least of which is an explanation of what "EDF" means.) I don't see how the man could have been scammed without having at least one password, such as the email password. Name, email address and cellphone number don't make for vulnerability. Someone could do something like apply for a charge card in your name, but they still need access to your accounts in order to do it. Maybe the moral of the story here is to stop thinking that it's safe to have olnine accounts, especially that one uses via cellphone. Sensitive info shouldn't be available in the first place. But it would be interesting to know exactly how this scam worked. There are also non-online scams. For example, twice this year someone has tried to get a credit card in my name. Apparently they call up after applying and change the mailing address. The only reason it didn't work is because I have my credit frozen with the 3 credit reporting agencies in the US.
[toc] | [prev] | [next] | [standalone]
| From | David Rance <david@SPAMOFF.invalid> |
|---|---|
| Date | 2025-03-03 17:13 +0000 |
| Message-ID | <vq4nv8$1d63h$1@dont-email.me> |
| In reply to | #45841 |
On 03/03/2025 15:47, Newyana2 wrote: > On 3/3/2025 7:27 AM, Java Jive wrote: >> "Scammers stole £40k after EDF gave out my number" >> https://www.bbc.co.uk/news/articles/ckg885lxd3jo >> >> [An unfortunate choice of photo of the victim, he looks really >> cheerful about it.] >> >> >> "A man targeted by fraudsters who got his mobile phone number from an >> energy company said he often woke up in the night thinking "what next?". >> >> Stephen, from Hertfordshire, had more than £40,000 taken from a >> savings account after his name and email address was used to get the >> information from EDF. >> >> Within 48 hours of his mobile phone number being divulged, his >> accounts with O2, Nationwide Building Society and Virgin Media had all >> been compromised. >> >> EDF said such incidents were rare but it took them seriously and >> added: "We are sorry for the difficulties this fraudulent caller has >> caused Stephen." >> >> ... >> >> >> '£50 to close the case' >> >> After more than a week, EDF finally responded about the call it >> thought Stephen made at 11:00 GMT on 3 February. >> >> EDF explained the fraudster had his name and email address and had >> asked EDF to give them his mobile number, which the company did. >> >> "I said, 'Why would you do that?' They said the person had gone >> through security. 'With a name and email address', I asked?," he said. >> >> "EDF said, 'Yes' - and then offered me a £50 goodwill gesture to close >> the case." >> >> >> So, EDF allowed them to go from his email address to obtaining his >> mobile phone number for a SIM-swap scam, but I wonder how they managed >> to go from either to all his savings accounts, unless they'd also >> compromised his PC or phone as well; if the latter, why did they need >> to go via EDF? >> > > It sounds like some of the story is missing. (Not least of which is an > explanation of what "EDF" means.) Electricité de France. I used to have an electricity supply account with them in France. David -- David Rance writing from Caversham, Reading, UK
[toc] | [prev] | [next] | [standalone]
| From | Java Jive <java@evij.com.invalid> |
|---|---|
| Date | 2025-03-03 17:33 +0000 |
| Message-ID | <vq4p4t$1dgtp$1@dont-email.me> |
| In reply to | #45843 |
On 2025-03-03 17:13, David Rance wrote: > > On 03/03/2025 15:47, Newyana2 wrote: >> >> It sounds like some of the story is missing. (Not least of which is an >> explanation of what "EDF" means.) > > Electricité de France. > > I used to have an electricity supply account with them in France. And they do business in the UK also. -- Fake news kills! I may be contacted via the contact address given on my website: www.macfh.co.uk
[toc] | [prev] | [next] | [standalone]
| From | David Rance <david@SPAMOFF.invalid> |
|---|---|
| Date | 2025-03-03 18:20 +0000 |
| Message-ID | <vq4rt3$1d63h$2@dont-email.me> |
| In reply to | #45845 |
On 03/03/2025 17:33, Java Jive wrote: > On 2025-03-03 17:13, David Rance wrote: >> >> On 03/03/2025 15:47, Newyana2 wrote: >>> >>> It sounds like some of the story is missing. (Not least of which >>> is an >>> explanation of what "EDF" means.) >> >> Electricité de France. >> >> I used to have an electricity supply account with them in France. > > And they do business in the UK also. Yes, they expanded into the UK a few years ago. At the same time they amalgamated with a few other businesses and now my account is with Enedis. David -- David Rance writing from Caversham, Reading, UK
[toc] | [prev] | [next] | [standalone]
| From | Nick Finnigan <nix@genie.co.uk> |
|---|---|
| Date | 2025-03-03 15:54 +0000 |
| Message-ID | <vq4jcb$1aivq$1@dont-email.me> |
| In reply to | #45840 |
On 03/03/2025 12:27, Java Jive wrote: > "Scammers stole £40k after EDF gave out my number" > https://www.bbc.co.uk/news/articles/ckg885lxd3jo > "A man targeted by fraudsters who got his mobile phone number from an > energy company said he often woke up in the night thinking "what next?". > > Stephen, from Hertfordshire, had more than £40,000 taken from a savings > account after his name and email address was used to get the information > from EDF. > > Within 48 hours of his mobile phone number being divulged, his accounts > with O2, Nationwide Building Society and Virgin Media had all been > compromised. > > > So, EDF allowed them to go from his email address to obtaining his mobile > phone number for a SIM-swap scam, but I wonder how they managed to go from > either to all his savings accounts, unless they'd also compromised his PC > or phone as well; if the latter, why did they need to go via EDF? Possibly via his email, which was with Virgin Media. I hope VM don't just send a password reset code to an O2 phone linked to the VM account. Or he's been pwned.
[toc] | [prev] | [next] | [standalone]
| From | Andy Burns <usenet@andyburns.uk> |
|---|---|
| Date | 2025-03-03 17:25 +0000 |
| Message-ID | <m2m70fF4cnfU1@mid.individual.net> |
| In reply to | #45840 |
Java Jive wrote: > "Scammers stole £40k after EDF gave out my number" Clearly EDF shouldn't go about giving out customer information, but I ought to be able to paint my mobile number in 1ft high letters on the side of my house and not have my SIM "swapped" All UK networks should take extra security measures, such as writing to customers at known address to confirm such a drastic action.
[toc] | [prev] | [next] | [standalone]
| From | Newyana2 <newyana@invalid.nospam> |
|---|---|
| Date | 2025-03-03 14:04 -0500 |
| Message-ID | <vq4ue1$1ejeg$1@dont-email.me> |
| In reply to | #45844 |
On 3/3/2025 12:25 PM, Andy Burns wrote:
> Java Jive wrote:
>
>> "Scammers stole £40k after EDF gave out my number"
>
> Clearly EDF shouldn't go about giving out customer information, but I
> ought to be able to paint my mobile number in 1ft high letters on the
> side of my house and not have my SIM "swapped"
>
> All UK networks should take extra security measures, such as writing to
> customers at known address to confirm such a drastic action.
>
I think the problem is a balance between security and convenience.
If you lose your cellphone, you don't want to have to go somewhere
with a certified letter and drivers license to confirm you are who
you say you are. If scammers can get hold of enough personal info,
or trick phone operators, or find a dishonest phone company employee
to pay off, then they're all set. It's easy for them precisely because it's
convenient for you. From there they can just log into the
victim's email and other accounts, click "I forgot my password", receive
a reset code on their cellphone, and set a new password. Poof! They've
taken over your life.
To pull it off, probably the biggest obstacle is getting enough personal
info, like email address, home address, birthdate, etc. That's exactly the
kind of info that gets regularly exposed in data hacks online, and it's
the kind of info they'll need to pull off a SIM swap.
So the weak point here, which was supposed to be the strong point,
is 2FA. The secondary weak point is people having online accounts in
the first place. If you're banking online then you're vulnerable. But it's
not easy to avoid. I had to call my bank's corporate offices in order
to block the possibility of creating an online account. For most people
that's out of the question. People want convenience. Walk to the bank?
Fuggetaboutit!
Ironically, unless someone can hack into my computer they have
virtually zero chance of taking over my accounts. First, I don't have
online accounts, generally. Second, since I don't use 2FA an attacker
would have to somehow get my email passwords.
[toc] | [prev] | [next] | [standalone]
| From | Andy Burns <usenet@andyburns.uk> |
|---|---|
| Date | 2025-03-03 19:28 +0000 |
| Message-ID | <m2me7kF4cneU4@mid.individual.net> |
| In reply to | #45847 |
Newyana2 wrote: > I think the problem is a balance between security and convenience. If you've been careless enough to lose or damage your phone, you deserve a bit of hurt :-) > If you lose your cellphone, you don't want to have to go somewhere > with a certified letter and drivers license to confirm you are who > you say you are. I'm envisaging something like you (or the criminals) phone the service provider, they say "fine we'll send a letter with a code to the address we have on file, call us back tomorrow when you get it", they could even include a new SIM while they're at it. The criminal is therefore cut out of the loop (if they try to organise post redirection to intercept the letter, the post office will send notification of the redirection in the post before they actually start the redirection, so the criminals can't short circuit it that way.
[toc] | [prev] | [next] | [standalone]
| From | "Carlos E.R." <robin_listas@es.invalid> |
|---|---|
| Date | 2025-03-03 21:36 +0100 |
| Message-ID | <9ggh9lxofo.ln2@Telcontar.valinor> |
| In reply to | #45849 |
On 2025-03-03 20:28, Andy Burns wrote: > Newyana2 wrote: > >> I think the problem is a balance between security and convenience. > > If you've been careless enough to lose or damage your phone, you deserve > a bit of hurt :-) > >> If you lose your cellphone, you don't want to have to go somewhere >> with a certified letter and drivers license to confirm you are who >> you say you are. > > I'm envisaging something like you (or the criminals) phone the service > provider, they say "fine we'll send a letter with a code to the address > we have on file, call us back tomorrow when you get it", they could even > include a new SIM while they're at it. The criminal is therefore cut > out of the loop (if they try to organise post redirection to intercept > the letter, the post office will send notification of the redirection in > the post before they actually start the redirection, so the criminals > can't short circuit it that way. Bad guys have been known to lie in wait near the house to steal the mail when it arrives. Specially if the mailbox is external to the house. -- Cheers, Carlos.
[toc] | [prev] | [next] | [standalone]
| From | "Carlos E.R." <robin_listas@es.invalid> |
|---|---|
| Date | 2025-03-03 21:35 +0100 |
| Message-ID | <8dgh9lxofo.ln2@Telcontar.valinor> |
| In reply to | #45847 |
On 2025-03-03 20:04, Newyana2 wrote: > So the weak point here, which was supposed to be the strong point, > is 2FA. The secondary weak point is people having online accounts in > the first place. If you're banking online then you're vulnerable. But it's > not easy to avoid. I had to call my bank's corporate offices in order > to block the possibility of creating an online account. For most people > that's out of the question. People want convenience. Walk to the bank? > Fuggetaboutit! It is not a choice for us, they are removing physical offices, and they have fewer employees. I even have to book an appointment to get inside the bank office. Even if I want to cash a big cheque into my account! -- Cheers, Carlos.
[toc] | [prev] | [next] | [standalone]
| From | Newyana2 <newyana@invalid.nospam> |
|---|---|
| Date | 2025-03-03 17:35 -0500 |
| Message-ID | <vq5apd$1gojh$1@dont-email.me> |
| In reply to | #45853 |
On 3/3/2025 3:35 PM, Carlos E.R. wrote:
> It is not a choice for us, they are removing physical offices, and they
> have fewer employees. I even have to book an appointment to get inside
> the bank office. Even if I want to cash a big cheque into my account!
>
I didn't know that. There are somewhat less banks here,
but I can easily walk to mine. There are banches in most local
towns, so I can easily get to an ATM. My bank is open 7 days,
usually with 2 tellers on duty. And I can deposit checks in the
ATM, too.
It's scary to me how fast people are accepting online banks.
They pay better interest, but what are the guarantees? I would
never get an online bank account. There are safer ways to get
interest.
[toc] | [prev] | [next] | [standalone]
| From | "Carlos E.R." <robin_listas@es.invalid> |
|---|---|
| Date | 2025-03-04 02:49 +0100 |
| Message-ID | <pp2i9lxh3m.ln2@Telcontar.valinor> |
| In reply to | #45860 |
On 2025-03-03 23:35, Newyana2 wrote: > On 3/3/2025 3:35 PM, Carlos E.R. wrote: > >> It is not a choice for us, they are removing physical offices, and >> they have fewer employees. I even have to book an appointment to get >> inside the bank office. Even if I want to cash a big cheque into my >> account! >> > I didn't know that. There are somewhat less banks here, > but I can easily walk to mine. There are banches in most local > towns, so I can easily get to an ATM. My bank is open 7 days, > usually with 2 tellers on duty. And I can deposit checks in the > ATM, too. Not that kind of cheque, they don't exist here anymore. It is a cheque written by the bank itself and guaranteed by them. It is not backed by the account of a person. I don't know how they call that in English. Branches are disappearing here. A relatively small village may have no office at all, maybe not even a cash machine (ah, ATMs). Banks are open, but during covid they enforced "get an appointment in advance", and they are keeping that rule. You can not just walk in, you need an appointment. > It's scary to me how fast people are accepting online banks. > They pay better interest, but what are the guarantees? I would > never get an online bank account. There are safer ways to get > interest. Even traditional banks force us to use them online. -- Cheers, Carlos.
[toc] | [prev] | [next] | [standalone]
| From | Chris <ithinkiam@gmail.com> |
|---|---|
| Date | 2025-03-04 08:07 +0000 |
| Message-ID | <vq6cck$1pl9j$1@dont-email.me> |
| In reply to | #45861 |
Carlos E.R. <robin_listas@es.invalid> wrote: > On 2025-03-03 23:35, Newyana2 wrote: >> On 3/3/2025 3:35 PM, Carlos E.R. wrote: >> >>> It is not a choice for us, they are removing physical offices, and >>> they have fewer employees. I even have to book an appointment to get >>> inside the bank office. Even if I want to cash a big cheque into my >>> account! >>> >> I didn't know that. There are somewhat less banks here, >> but I can easily walk to mine. There are banches in most local >> towns, so I can easily get to an ATM. My bank is open 7 days, >> usually with 2 tellers on duty. And I can deposit checks in the >> ATM, too. > > Not that kind of cheque, they don't exist here anymore. It is a cheque > written by the bank itself and guaranteed by them. It is not backed by > the account of a person. I don't know how they call that in English. In the UK, it's called a banker's draft. > Branches are disappearing here. A relatively small village may have no > office at all, maybe not even a cash machine (ah, ATMs). Banks are open, > but during covid they enforced "get an appointment in advance", and they > are keeping that rule. You can not just walk in, you need an appointment. > > >> It's scary to me how fast people are accepting online banks. >> They pay better interest, but what are the guarantees? I would >> never get an online bank account. There are safer ways to get >> interest. > > Even traditional banks force us to use them online. It's not forced here. The service is usually better. In particular, many banks only ever opened for half a day at the weekend. Now most smaller branch don't open at all. Which is totally stupid. Why not close one day in the week and then open all day saturday?
[toc] | [prev] | [next] | [standalone]
| From | Chris <ithinkiam@gmail.com> |
|---|---|
| Date | 2025-03-03 21:38 +0000 |
| Message-ID | <vq57fp$1g6j2$1@dont-email.me> |
| In reply to | #45847 |
Newyana2 <newyana@invalid.nospam> wrote: > . > > So the weak point here, which was supposed to be the strong point, > is 2FA. Eh? > The secondary weak point is people having online accounts in > the first place. If you're banking online then you're vulnerable. But it's > not easy to avoid. I had to call my bank's corporate offices in order > to block the possibility of creating an online account. For most people > that's out of the question. People want convenience. Walk to the bank? > Fuggetaboutit! What bank? In the uk most banks are closing branches all over the place. Plus, we have online only banks. My nearest branch for one of my banks that does have branches is nearly 6 miles away. Also having to physically tell a person to move digital numbers from one place to another is an utter waste of everyone's time. > Ironically, unless someone can hack into my computer they have > virtually zero chance of taking over my accounts. First, I don't have > online accounts, generally. Second, since I don't use 2FA an attacker > would have to somehow get my email passwords. How does that work? 2FA requires a code *and* the password. You're removing a layer of security.
[toc] | [prev] | [next] | [standalone]
| From | Newyana2 <newyana@invalid.nospam> |
|---|---|
| Date | 2025-03-03 17:31 -0500 |
| Message-ID | <vq5aic$1gnna$1@dont-email.me> |
| In reply to | #45858 |
On 3/3/2025 4:38 PM, Chris wrote: >> Ironically, unless someone can hack into my computer they have >> virtually zero chance of taking over my accounts. First, I don't have >> online accounts, generally. Second, since I don't use 2FA an attacker >> would have to somehow get my email passwords. > > How does that work? 2FA requires a code *and* the password. You're removing > a layer of security. > If they're able to take over your phone # they can just go around to accounts and click "I lost my password". A reset code wll then be sent to the cellphone. So if they know email addresses and account logins then they can take all of them over within minutes. In my case, with no 2FA, there's no way to get my email password. With no online bank account there's nothing to hack. 2FA is not a security improvement. It's a gimmick to enable far more exptensive tracking of people by linking phone ID and location to other data.
[toc] | [prev] | [next] | [standalone]
| From | Chris <ithinkiam@gmail.com> |
|---|---|
| Date | 2025-03-04 08:13 +0000 |
| Message-ID | <vq6cnr$1pn8s$1@dont-email.me> |
| In reply to | #45859 |
Newyana2 <newyana@invalid.nospam> wrote: > On 3/3/2025 4:38 PM, Chris wrote: > >>> Ironically, unless someone can hack into my computer they have >>> virtually zero chance of taking over my accounts. First, I don't have >>> online accounts, generally. Second, since I don't use 2FA an attacker >>> would have to somehow get my email passwords. >> >> How does that work? 2FA requires a code *and* the password. You're removing >> a layer of security. >> > > If they're able to take over your phone # they can just go > around to accounts and click "I lost my password". A reset > code wll then be sent to the cellphone. That's not how it works. At best you get sent a reset link to your email. This means the attacker needs to know your email account details as well as the username/login for the service. With banks it's more secure. In the UK at least. In order to reset anything you need to answer personal questions which must match pre-set answers and then the reset option is sent to your email. Or, often, a code sent to your home via the mail. > So if they know > email addresses and account logins then they can take all > of them over within minutes. In my case, with no 2FA, there's > no way to get my email password. With no online bank account > there's nothing to hack. You're dependent on a single factor. If your password is exposed or, more likely, the company's security has been compromised via other means then an attacker has free reign. Yes, the chances are low, but the potential damage is much higher then if had 2FA. > > 2FA is not a security improvement. It's a gimmick to enable > far more exptensive tracking of people by linking phone ID and > location to other data. Your paranoia is clouding your judgement.
[toc] | [prev] | [next] | [standalone]
| From | Newyana2 <newyana@invalid.nospam> |
|---|---|
| Date | 2025-03-04 08:09 -0500 |
| Message-ID | <vq6u0r$1skm6$1@dont-email.me> |
| In reply to | #45866 |
On 3/4/2025 3:13 AM, Chris wrote:
> Newyana2 <newyana@invalid.nospam> wrote:
>> On 3/3/2025 4:38 PM, Chris wrote:
>>
>>>> Ironically, unless someone can hack into my computer they have
>>>> virtually zero chance of taking over my accounts. First, I don't have
>>>> online accounts, generally. Second, since I don't use 2FA an attacker
>>>> would have to somehow get my email passwords.
>>>
>>> How does that work? 2FA requires a code *and* the password. You're removing
>>> a layer of security.
>>>
>>
>> If they're able to take over your phone # they can just go
>> around to accounts and click "I lost my password". A reset
>> code wll then be sent to the cellphone.
>
> That's not how it works. At best you get sent a reset link to your email.
> This means the attacker needs to know your email account details as well as
> the username/login for the service.
>
That's not typically necessary with 2FA. Remember, you've
clicked the link that says you forgot your password. Typically
that would trigger security questions. With 2FA it could involve
a code sent to a cellphone... which the scammer now controls.
That's the whole point. That's how people are being compromised
by only doing a SIM swap. In many cases the scammer need only
know a few personal details, which they might have found in a
data dump online.
> You're dependent on a single factor. If your password is exposed or, more
> likely, the company's security has been compromised via other means then an
> attacker has free reign.
>
> Yes, the chances are low, but the potential damage is much higher then if
> had 2FA.
>
So you say. Yet this man was compromised. Someone was
able to do a SIM swap and get the rest from that. They may
have even got some of that information by simply waiting for
texts and emails after the swap. The problem is that the
cellphone has become the centerpiece of personal security,
and that trust is not justified.
In my case all they need is my email password, but how are
they going to get it? Pretty much the only chance would be
a total data hack of my email host. Or they'll need to know
the answers to my security questions. Again, that will almost
certainly require hacking my email host. And since I don't bank
online or write credit card numbers in email, there's not much
that the scammer could benefit. They could order books in my
name from the library. But even then they'll need my library
card or my drivers license to pick up those books. And since
I use POP3 email, auto-deleting mail on the server, the scammer
can't look through my old email. So they can't even be a wiseguy
and change my dentist appt. :)
>>
>> 2FA is not a security improvement. It's a gimmick to enable
>> far more exptensive tracking of people by linking phone ID and
>> location to other data.
>
> Your paranoia is clouding your judgement.
>
Famous last words of the ostrich. The whole point of this
thread is about a man who got SIM swapped and lost 40K
pounds! Your neighbor has just been eaten by a lion. Keeping
his head in a hole didn't protect him. What a shocker!
[toc] | [prev] | [next] | [standalone]
| From | Frank Slootweg <this@ddress.is.invalid> |
|---|---|
| Date | 2025-03-04 16:22 +0000 |
| Message-ID | <vq7ct9.11ok.1@ID-201911.user.individual.net> |
| In reply to | #45869 |
Newyana2 <newyana@invalid.nospam> wrote: > On 3/4/2025 3:13 AM, Chris wrote: > > Newyana2 <newyana@invalid.nospam> wrote: [Much uniformed, misguided, FUD, scare mongering, etc. deleted.] > >> 2FA is not a security improvement. It's a gimmick to enable > >> far more exptensive tracking of people by linking phone ID and > >> location to other data. > > > > Your paranoia is clouding your judgement. > > Famous last words of the ostrich. The whole point of this > thread is about a man who got SIM swapped and lost 40K > pounds! Your neighbor has just been eaten by a lion. Keeping > his head in a hole didn't protect him. What a shocker! Nope, the man lost 40K pounds, because two companies (EDF and O2) fscked up their security procedures. Insult was added to injury, by the fact that his savings account was apparently only protected by a password, i.e. the kind of weak/no 'security' *you* are actually advocating. Had this been protected by 2FA (not SMS, which is not 2FA, but (weak) 2SV), he would have lost nothing. In addition to (real) 2FA, our (NL) bank accounts, especially the savings accounts can be further protected by a time-locked and maximum amount at a time. There hardly ever is a need to make a 40K pound transfer without advance notice. Bottom line: Yes, shitty security/security-procedures get people into trouble. News at eleven!
[toc] | [prev] | [next] | [standalone]
| From | Chris <ithinkiam@gmail.com> |
|---|---|
| Date | 2025-03-04 21:09 +0000 |
| Message-ID | <vq7q5c$21s5q$1@dont-email.me> |
| In reply to | #45869 |
Newyana2 <newyana@invalid.nospam> wrote: > On 3/4/2025 3:13 AM, Chris wrote: >> Newyana2 <newyana@invalid.nospam> wrote: >>> On 3/3/2025 4:38 PM, Chris wrote: >>> >>>>> Ironically, unless someone can hack into my computer they have >>>>> virtually zero chance of taking over my accounts. First, I don't have >>>>> online accounts, generally. Second, since I don't use 2FA an attacker >>>>> would have to somehow get my email passwords. >>>> >>>> How does that work? 2FA requires a code *and* the password. You're removing >>>> a layer of security. >>>> >>> >>> If they're able to take over your phone # they can just go >>> around to accounts and click "I lost my password". A reset >>> code wll then be sent to the cellphone. >> >> That's not how it works. At best you get sent a reset link to your email. >> This means the attacker needs to know your email account details as well as >> the username/login for the service. >> > That's not typically necessary with 2FA. Yes it is. > Remember, you've > clicked the link that says you forgot your password. Typically > that would trigger security questions. Correct. > With 2FA it could involve > a code sent to a cellphone... Only after you've correctly answered additional security. Usually it's an email not a 2FA code via SMS as it's known to be insecure. > which the scammer now controls. > That's the whole point. That's how people are being compromised > by only doing a SIM swap. In many cases the scammer need only > know a few personal details, which they might have found in a > data dump online. > >> You're dependent on a single factor. If your password is exposed or, more >> likely, the company's security has been compromised via other means then an >> attacker has free reign. >> >> Yes, the chances are low, but the potential damage is much higher then if >> had 2FA. >> > So you say. Yet this man was compromised. Someone was > able to do a SIM swap and get the rest from that. Where does the story say that 2FA was the weak point? in fact where is 2FA mentioned at all? > They may > have even got some of that information by simply waiting for > texts and emails after the swap. The primary issue is how was it possible to swap the sim in the first place. > The problem is that the > cellphone has become the centerpiece of personal security, > and that trust is not justified. That's true. > In my case all they need is my email password, but how are > they going to get it? Pretty much the only chance would be > a total data hack of my email host. Or they'll need to know > the answers to my security questions. Again, that will almost > certainly require hacking my email host. And since I don't bank > online or write credit card numbers in email, there's not much > that the scammer could benefit. They could order books in my > name from the library. But even then they'll need my library > card or my drivers license to pick up those books. And since > I use POP3 email, auto-deleting mail on the server, the scammer > can't look through my old email. So they can't even be a wiseguy > and change my dentist appt. :) Basically, with everything so interdependent if someone wants to target you specifically they will find a way. >>> >>> 2FA is not a security improvement. It's a gimmick to enable >>> far more exptensive tracking of people by linking phone ID and >>> location to other data. >> >> Your paranoia is clouding your judgement. >> > > Famous last words of the ostrich. The whole point of this > thread is about a man who got SIM swapped and lost 40K > pounds! None of which has anything to do with 2FA which you brought up. There's definitely a lot more to this story. For example, there's a daily limit of £10k for bank transfers. Plus, I also use the Nationwide bank and their security is pretty strict especially around new types of transactions. > Your neighbor has just been eaten by a lion. Keeping > his head in a hole didn't protect him. What a shocker! Reading the whole article it seems they also compromised his email account and then tried to use his Nationwide credit card, which was blocked automatically, and stole the £40k from his Premium Bonds. Real nightmare scenario. If someone has your emails and your mobile phone number you are royally screwed. Yes, even you. Fortunately, the victim has had his 40k refunded.
[toc] | [prev] | [next] | [standalone]
Page 1 of 6 [1] 2 3 4 5 6 Next page →
Back to top | Article view | uk.telecom.mobile
csiph-web