Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > uk.telecom.mobile > #45840 > unrolled thread

"'Scammers stole £40k after EDF gave out my number"

Started byJava Jive <java@evij.com.invalid>
First post2025-03-03 12:27 +0000
Last post2025-03-15 08:48 -0400
Articles 20 on this page of 111 — 14 participants

Back to article view | Back to uk.telecom.mobile


Contents

  "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-03 12:27 +0000
    Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-03 10:47 -0500
      Re: "'Scammers stole £40k after EDF gave out my number" David Rance <david@SPAMOFF.invalid> - 2025-03-03 17:13 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-03 17:33 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" David Rance <david@SPAMOFF.invalid> - 2025-03-03 18:20 +0000
    Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-03 15:54 +0000
    Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 17:25 +0000
      Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-03 14:04 -0500
        Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 19:28 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:36 +0100
        Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:35 +0100
          Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-03 17:35 -0500
            Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-04 02:49 +0100
              Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-04 08:07 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-03 21:38 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-03 17:31 -0500
            Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-04 08:13 +0000
              Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-04 08:09 -0500
                Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-04 16:22 +0000
                Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-04 21:09 +0000
                  Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-04 19:43 -0500
                    Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-05 05:34 +0000
                      Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 08:22 -0500
                        Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-05 16:15 +0000
                    Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 09:44 +0100
                      Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 13:15 +0100
                        Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 08:47 -0500
                          Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 14:27 +0000
                            Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 10:42 -0500
                              Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 16:51 +0000
                              Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 17:21 +0000
                                Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 12:37 -0500
                                  Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-05 18:03 +0000
                                    Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 16:00 -0500
                                      Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 22:07 +0100
                                      Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-06 15:42 +0000
                                        Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-06 19:28 +0100
                                  Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 18:23 +0000
                                    Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 16:01 -0500
                                      Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 21:03 +0000
                                  Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 18:40 +0000
                          Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 18:02 +0100
                            Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 21:04 +0100
                      Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 08:12 -0500
                      Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 13:29 +0000
                        Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 17:38 +0100
                          Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 17:25 +0000
                            Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 21:44 +0100
                          Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 18:45 +0000
                    Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 13:25 +0000
                  Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 13:25 +0000
                    Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 14:57 +0100
                      Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-05 14:10 +0000
                        Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-05 16:26 +0000
                      Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 14:33 +0000
                        Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 21:08 +0100
      Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-03 19:25 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 19:43 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:40 +0100
            Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 21:26 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:38 +0100
        Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 20:54 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-04 07:19 +0000
      Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:31 +0100
    Re: "'Scammers stole £40k after EDF gave out my number" Brian Gregory <void-invalid-dead-dontuse@email.invalid> - 2025-03-06 01:56 +0000
      Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-06 13:54 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" Tweed <usenet.tweed@gmail.com> - 2025-03-06 14:57 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-06 11:09 -0500
          Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-06 11:17 -0700
            Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-07 09:12 -0500
              Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-07 09:35 -0700
          Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-06 18:24 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-06 19:36 +0100
            Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-07 09:17 -0500
              Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-07 16:16 +0100
              Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-08 10:30 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" Brian Gregory <void-invalid-dead-dontuse@email.invalid> - 2025-03-06 16:37 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-06 19:53 +0000
            Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-07 07:37 +0000
              Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-07 10:46 +0100
            Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-07 13:24 +0000
              Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-07 09:38 -0500
                Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-07 15:35 +0000
                Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-07 15:46 +0000
                Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-14 18:49 +0000
                  Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-15 09:53 +0000
                  Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-15 11:46 +0000
                    Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-15 08:35 -0400
                      Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-15 17:53 +0000
                        Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-15 19:27 +0000
                        Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-15 23:30 -0400
                          Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-16 13:47 +0000
                            Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-16 15:13 +0000
                              Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-16 16:04 +0000
                                Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-16 18:00 +0000
                                  Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-17 08:53 +0000
                                    Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-17 13:53 +0000
                                      Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-17 14:53 +0000
                                        Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-17 18:44 +0000
                                          Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-20 10:42 +0000
                                            Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-20 12:48 +0000
                                              Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-20 13:18 +0000
                                                Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-20 13:27 +0000
                                                  Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-20 14:28 +0000
                                                    Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-20 16:02 +0000
                                                      Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-20 13:00 -0400
                            Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-16 11:54 -0400
                              Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-16 16:09 +0000
                              Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-16 19:23 +0000
                              Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-16 23:10 +0100
                  Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-15 08:48 -0400

Page 1 of 6  [1] 2 3 4 5 6  Next page →


#45840 — "'Scammers stole £40k after EDF gave out my number"

FromJava Jive <java@evij.com.invalid>
Date2025-03-03 12:27 +0000
Subject"'Scammers stole £40k after EDF gave out my number"
Message-ID<vq478a$1a6p9$1@dont-email.me>
"Scammers stole £40k after EDF gave out my number"
https://www.bbc.co.uk/news/articles/ckg885lxd3jo

[An unfortunate choice of photo of the victim, he looks really cheerful 
about it.]


"A man targeted by fraudsters who got his mobile phone number from an 
energy company said he often woke up in the night thinking "what next?".

Stephen, from Hertfordshire, had more than £40,000 taken from a savings 
account after his name and email address was used to get the information 
from EDF.

Within 48 hours of his mobile phone number being divulged, his accounts 
with O2, Nationwide Building Society and Virgin Media had all been 
compromised.

EDF said such incidents were rare but it took them seriously and added: 
"We are sorry for the difficulties this fraudulent caller has caused 
Stephen."

...


'£50 to close the case'

After more than a week, EDF finally responded about the call it thought 
Stephen made at 11:00 GMT on 3 February.

EDF explained the fraudster had his name and email address and had asked 
EDF to give them his mobile number, which the company did.

"I said, 'Why would you do that?' They said the person had gone through 
security. 'With a name and email address', I asked?," he said.

"EDF said, 'Yes' - and then offered me a £50 goodwill gesture to close 
the case."


So, EDF allowed them to go from his email address to obtaining his 
mobile phone number for a SIM-swap scam, but I wonder how they managed 
to go from either to all his savings accounts, unless they'd also 
compromised his PC or phone as well; if the latter, why did they need to 
go via EDF?

-- 

Fake news kills!

I may be contacted via the contact address given on my website: 
www.macfh.co.uk

[toc] | [next] | [standalone]


#45841

FromNewyana2 <newyana@invalid.nospam>
Date2025-03-03 10:47 -0500
Message-ID<vq4isi$1ccn0$1@dont-email.me>
In reply to#45840
On 3/3/2025 7:27 AM, Java Jive wrote:
> "Scammers stole £40k after EDF gave out my number"
> https://www.bbc.co.uk/news/articles/ckg885lxd3jo
> 
> [An unfortunate choice of photo of the victim, he looks really cheerful 
> about it.]
> 
> 
> "A man targeted by fraudsters who got his mobile phone number from an 
> energy company said he often woke up in the night thinking "what next?".
> 
> Stephen, from Hertfordshire, had more than £40,000 taken from a savings 
> account after his name and email address was used to get the information 
> from EDF.
> 
> Within 48 hours of his mobile phone number being divulged, his accounts 
> with O2, Nationwide Building Society and Virgin Media had all been 
> compromised.
> 
> EDF said such incidents were rare but it took them seriously and added: 
> "We are sorry for the difficulties this fraudulent caller has caused 
> Stephen."
> 
> ...
> 
> 
> '£50 to close the case'
> 
> After more than a week, EDF finally responded about the call it thought 
> Stephen made at 11:00 GMT on 3 February.
> 
> EDF explained the fraudster had his name and email address and had asked 
> EDF to give them his mobile number, which the company did.
> 
> "I said, 'Why would you do that?' They said the person had gone through 
> security. 'With a name and email address', I asked?," he said.
> 
> "EDF said, 'Yes' - and then offered me a £50 goodwill gesture to close 
> the case."
> 
> 
> So, EDF allowed them to go from his email address to obtaining his 
> mobile phone number for a SIM-swap scam, but I wonder how they managed 
> to go from either to all his savings accounts, unless they'd also 
> compromised his PC or phone as well; if the latter, why did they need to 
> go via EDF?
> 

   It sounds like some of the story is missing. (Not least of which is an
explanation of what "EDF" means.) I don't see how the man could
have been scammed without having at least one password, such as
the email password. Name, email address and cellphone number
don't make for vulnerability. Someone could do something like apply
for a charge card in your name, but they still need access to your
accounts in order to do it.

   Maybe the moral of the story here is to stop thinking that it's
safe to have olnine accounts, especially that one uses via
cellphone. Sensitive info shouldn't be available in the first place.
But it would be interesting to know exactly how this scam worked.

   There are also non-online scams. For example, twice this year someone
has tried to get a credit card in my name. Apparently they call
up after applying and change the mailing address. The only reason
it didn't work is because I have my credit frozen with the 3 credit
reporting agencies in the US.

[toc] | [prev] | [next] | [standalone]


#45843

FromDavid Rance <david@SPAMOFF.invalid>
Date2025-03-03 17:13 +0000
Message-ID<vq4nv8$1d63h$1@dont-email.me>
In reply to#45841
On 03/03/2025 15:47, Newyana2 wrote:
> On 3/3/2025 7:27 AM, Java Jive wrote:
>> "Scammers stole £40k after EDF gave out my number"
>> https://www.bbc.co.uk/news/articles/ckg885lxd3jo
>>
>> [An unfortunate choice of photo of the victim, he looks really 
>> cheerful about it.]
>>
>>
>> "A man targeted by fraudsters who got his mobile phone number from an 
>> energy company said he often woke up in the night thinking "what next?".
>>
>> Stephen, from Hertfordshire, had more than £40,000 taken from a 
>> savings account after his name and email address was used to get the 
>> information from EDF.
>>
>> Within 48 hours of his mobile phone number being divulged, his 
>> accounts with O2, Nationwide Building Society and Virgin Media had all 
>> been compromised.
>>
>> EDF said such incidents were rare but it took them seriously and 
>> added: "We are sorry for the difficulties this fraudulent caller has 
>> caused Stephen."
>>
>> ...
>>
>>
>> '£50 to close the case'
>>
>> After more than a week, EDF finally responded about the call it 
>> thought Stephen made at 11:00 GMT on 3 February.
>>
>> EDF explained the fraudster had his name and email address and had 
>> asked EDF to give them his mobile number, which the company did.
>>
>> "I said, 'Why would you do that?' They said the person had gone 
>> through security. 'With a name and email address', I asked?," he said.
>>
>> "EDF said, 'Yes' - and then offered me a £50 goodwill gesture to close 
>> the case."
>>
>>
>> So, EDF allowed them to go from his email address to obtaining his 
>> mobile phone number for a SIM-swap scam, but I wonder how they managed 
>> to go from either to all his savings accounts, unless they'd also 
>> compromised his PC or phone as well; if the latter, why did they need 
>> to go via EDF?
>>
> 
>    It sounds like some of the story is missing. (Not least of which is an
> explanation of what "EDF" means.)

Electricité de France.

I used to have an electricity supply account with them in France.

David

-- 
David Rance    writing from Caversham, Reading, UK

[toc] | [prev] | [next] | [standalone]


#45845

FromJava Jive <java@evij.com.invalid>
Date2025-03-03 17:33 +0000
Message-ID<vq4p4t$1dgtp$1@dont-email.me>
In reply to#45843
On 2025-03-03 17:13, David Rance wrote:
>
> On 03/03/2025 15:47, Newyana2 wrote:
>>
>>    It sounds like some of the story is missing. (Not least of which is an
>> explanation of what "EDF" means.)
> 
> Electricité de France.
> 
> I used to have an electricity supply account with them in France.

And they do business in the UK also.

-- 

Fake news kills!

I may be contacted via the contact address given on my website: 
www.macfh.co.uk

[toc] | [prev] | [next] | [standalone]


#45846

FromDavid Rance <david@SPAMOFF.invalid>
Date2025-03-03 18:20 +0000
Message-ID<vq4rt3$1d63h$2@dont-email.me>
In reply to#45845
On 03/03/2025 17:33, Java Jive wrote:
 > On 2025-03-03 17:13, David Rance wrote:
 >>
 >> On 03/03/2025 15:47, Newyana2 wrote:
 >>>
 >>>    It sounds like some of the story is missing. (Not least of which
 >>> is an
 >>> explanation of what "EDF" means.)
 >>
 >> Electricité de France.
 >>
 >> I used to have an electricity supply account with them in France.
 >
 > And they do business in the UK also.

Yes, they expanded into the UK a few years ago. At the same time they 
amalgamated with a few other businesses and now my account is with Enedis.

David

-- 
David Rance    writing from Caversham, Reading, UK

[toc] | [prev] | [next] | [standalone]


#45842

FromNick Finnigan <nix@genie.co.uk>
Date2025-03-03 15:54 +0000
Message-ID<vq4jcb$1aivq$1@dont-email.me>
In reply to#45840
On 03/03/2025 12:27, Java Jive wrote:
> "Scammers stole £40k after EDF gave out my number"
> https://www.bbc.co.uk/news/articles/ckg885lxd3jo
> "A man targeted by fraudsters who got his mobile phone number from an 
> energy company said he often woke up in the night thinking "what next?".
> 
> Stephen, from Hertfordshire, had more than £40,000 taken from a savings 
> account after his name and email address was used to get the information 
> from EDF.
> 
> Within 48 hours of his mobile phone number being divulged, his accounts 
> with O2, Nationwide Building Society and Virgin Media had all been 
> compromised.
> 
> 
> So, EDF allowed them to go from his email address to obtaining his mobile 
> phone number for a SIM-swap scam, but I wonder how they managed to go from 
> either to all his savings accounts, unless they'd also compromised his PC 
> or phone as well; if the latter, why did they need to go via EDF?

   Possibly via his email, which was with Virgin Media. I hope VM don't 
just send a password reset code to an O2 phone linked to the VM account.
  Or he's been pwned.

[toc] | [prev] | [next] | [standalone]


#45844

FromAndy Burns <usenet@andyburns.uk>
Date2025-03-03 17:25 +0000
Message-ID<m2m70fF4cnfU1@mid.individual.net>
In reply to#45840
Java Jive wrote:

> "Scammers stole £40k after EDF gave out my number"

Clearly EDF shouldn't go about giving out customer information, but I 
ought to be able to paint my mobile number in 1ft high letters on the 
side of my house and not have my SIM "swapped"

All UK networks should take extra security measures, such as writing to 
customers at known address to confirm such a drastic action.

[toc] | [prev] | [next] | [standalone]


#45847

FromNewyana2 <newyana@invalid.nospam>
Date2025-03-03 14:04 -0500
Message-ID<vq4ue1$1ejeg$1@dont-email.me>
In reply to#45844
On 3/3/2025 12:25 PM, Andy Burns wrote:
> Java Jive wrote:
> 
>> "Scammers stole £40k after EDF gave out my number"
> 
> Clearly EDF shouldn't go about giving out customer information, but I 
> ought to be able to paint my mobile number in 1ft high letters on the 
> side of my house and not have my SIM "swapped"
> 
> All UK networks should take extra security measures, such as writing to 
> customers at known address to confirm such a drastic action.
> 

    I think the problem is a balance between security and convenience.
If you lose your cellphone, you don't want to have to go somewhere
with a certified letter and drivers license to confirm you are who
you say you are. If scammers can get hold of enough personal info,
or trick phone operators, or find a dishonest phone company employee
to pay off, then they're all set. It's easy for them precisely because it's
convenient for you. From there they can just log into the
victim's email and other accounts, click "I forgot my password", receive
a reset code on their cellphone, and set a new password. Poof! They've
taken over your life.

   To pull it off, probably the biggest obstacle is getting enough personal
info, like email address, home address, birthdate, etc. That's exactly the
kind of info that gets regularly exposed in data hacks online, and it's
the kind of info they'll need to pull off a SIM swap.

   So the weak point here, which was supposed to be the strong point,
is 2FA. The secondary weak point is people having online accounts in
the first place. If you're banking online then you're vulnerable. But it's
not easy to avoid. I had to call my bank's corporate offices in order
to block the possibility of creating an online account. For most people
that's out of the question. People want convenience. Walk to the bank?
Fuggetaboutit!

   Ironically, unless someone can hack into my computer they have
virtually zero chance of taking over my accounts. First, I don't have
online accounts, generally. Second, since I don't use 2FA an attacker
would have to somehow get my email passwords.

[toc] | [prev] | [next] | [standalone]


#45849

FromAndy Burns <usenet@andyburns.uk>
Date2025-03-03 19:28 +0000
Message-ID<m2me7kF4cneU4@mid.individual.net>
In reply to#45847
Newyana2 wrote:

>    I think the problem is a balance between security and convenience.

If you've been careless enough to lose or damage your phone, you deserve 
a bit of hurt :-)

> If you lose your cellphone, you don't want to have to go somewhere
> with a certified letter and drivers license to confirm you are who
> you say you are.

I'm envisaging something like you (or the criminals) phone  the service 
provider, they say "fine we'll send a letter with a code to the address 
we have on file, call us back tomorrow when you get it", they could even 
include a new SIM while they're at it.  The criminal is therefore cut 
out of the loop (if they try to organise post redirection to intercept 
the letter, the post office will send notification of the redirection in 
the post before they actually start the redirection, so the criminals 
can't short circuit it that way.

[toc] | [prev] | [next] | [standalone]


#45852

From"Carlos E.R." <robin_listas@es.invalid>
Date2025-03-03 21:36 +0100
Message-ID<9ggh9lxofo.ln2@Telcontar.valinor>
In reply to#45849
On 2025-03-03 20:28, Andy Burns wrote:
> Newyana2 wrote:
> 
>>    I think the problem is a balance between security and convenience.
> 
> If you've been careless enough to lose or damage your phone, you deserve 
> a bit of hurt :-)
> 
>> If you lose your cellphone, you don't want to have to go somewhere
>> with a certified letter and drivers license to confirm you are who
>> you say you are.
> 
> I'm envisaging something like you (or the criminals) phone  the service 
> provider, they say "fine we'll send a letter with a code to the address 
> we have on file, call us back tomorrow when you get it", they could even 
> include a new SIM while they're at it.  The criminal is therefore cut 
> out of the loop (if they try to organise post redirection to intercept 
> the letter, the post office will send notification of the redirection in 
> the post before they actually start the redirection, so the criminals 
> can't short circuit it that way.

Bad guys have been known to lie in wait near the house to steal the mail 
when it arrives. Specially if the mailbox is external to the house.



-- 
Cheers, Carlos.

[toc] | [prev] | [next] | [standalone]


#45853

From"Carlos E.R." <robin_listas@es.invalid>
Date2025-03-03 21:35 +0100
Message-ID<8dgh9lxofo.ln2@Telcontar.valinor>
In reply to#45847
On 2025-03-03 20:04, Newyana2 wrote:
>    So the weak point here, which was supposed to be the strong point,
> is 2FA. The secondary weak point is people having online accounts in
> the first place. If you're banking online then you're vulnerable. But it's
> not easy to avoid. I had to call my bank's corporate offices in order
> to block the possibility of creating an online account. For most people
> that's out of the question. People want convenience. Walk to the bank?
> Fuggetaboutit!

It is not a choice for us, they are removing physical offices, and they 
have fewer employees. I even have to book an appointment to get inside 
the bank office. Even if I want to cash a big cheque into my account!

-- 
Cheers, Carlos.

[toc] | [prev] | [next] | [standalone]


#45860

FromNewyana2 <newyana@invalid.nospam>
Date2025-03-03 17:35 -0500
Message-ID<vq5apd$1gojh$1@dont-email.me>
In reply to#45853
On 3/3/2025 3:35 PM, Carlos E.R. wrote:

> It is not a choice for us, they are removing physical offices, and they 
> have fewer employees. I even have to book an appointment to get inside 
> the bank office. Even if I want to cash a big cheque into my account!
> 
     I didn't know that. There are somewhat less banks here,
but I can easily walk to mine. There are banches in most local
towns, so I can easily get to an ATM. My bank is open 7 days,
usually with 2 tellers on duty. And I can deposit checks in the
ATM, too.

   It's  scary to me how fast people are accepting online banks.
They pay better interest, but what are the guarantees? I would
never get an online bank account. There are safer ways to get
interest.

[toc] | [prev] | [next] | [standalone]


#45861

From"Carlos E.R." <robin_listas@es.invalid>
Date2025-03-04 02:49 +0100
Message-ID<pp2i9lxh3m.ln2@Telcontar.valinor>
In reply to#45860
On 2025-03-03 23:35, Newyana2 wrote:
> On 3/3/2025 3:35 PM, Carlos E.R. wrote:
> 
>> It is not a choice for us, they are removing physical offices, and 
>> they have fewer employees. I even have to book an appointment to get 
>> inside the bank office. Even if I want to cash a big cheque into my 
>> account!
>>
>      I didn't know that. There are somewhat less banks here,
> but I can easily walk to mine. There are banches in most local
> towns, so I can easily get to an ATM. My bank is open 7 days,
> usually with 2 tellers on duty. And I can deposit checks in the
> ATM, too.

Not that kind of cheque, they don't exist here anymore. It is a cheque 
written by the bank itself and guaranteed by them. It is not backed by 
the account of a person. I don't know how they call that in English.

Branches are disappearing here. A relatively small village may have no 
office at all, maybe not even a cash machine (ah, ATMs). Banks are open, 
but during covid they enforced "get an appointment in advance", and they 
are keeping that rule. You can not just walk in, you need an appointment.


>    It's  scary to me how fast people are accepting online banks.
> They pay better interest, but what are the guarantees? I would
> never get an online bank account. There are safer ways to get
> interest.

Even traditional banks force us to use them online.

-- 
Cheers, Carlos.

[toc] | [prev] | [next] | [standalone]


#45865

FromChris <ithinkiam@gmail.com>
Date2025-03-04 08:07 +0000
Message-ID<vq6cck$1pl9j$1@dont-email.me>
In reply to#45861
Carlos E.R. <robin_listas@es.invalid> wrote:
> On 2025-03-03 23:35, Newyana2 wrote:
>> On 3/3/2025 3:35 PM, Carlos E.R. wrote:
>> 
>>> It is not a choice for us, they are removing physical offices, and 
>>> they have fewer employees. I even have to book an appointment to get 
>>> inside the bank office. Even if I want to cash a big cheque into my 
>>> account!
>>> 
>>     I didn't know that. There are somewhat less banks here,
>> but I can easily walk to mine. There are banches in most local
>> towns, so I can easily get to an ATM. My bank is open 7 days,
>> usually with 2 tellers on duty. And I can deposit checks in the
>> ATM, too.
> 
> Not that kind of cheque, they don't exist here anymore. It is a cheque 
> written by the bank itself and guaranteed by them. It is not backed by 
> the account of a person. I don't know how they call that in English.

In the UK, it's called a banker's draft. 

> Branches are disappearing here. A relatively small village may have no 
> office at all, maybe not even a cash machine (ah, ATMs). Banks are open, 
> but during covid they enforced "get an appointment in advance", and they 
> are keeping that rule. You can not just walk in, you need an appointment.
> 
> 
>>   It's  scary to me how fast people are accepting online banks.
>> They pay better interest, but what are the guarantees? I would
>> never get an online bank account. There are safer ways to get
>> interest.
> 
> Even traditional banks force us to use them online.

It's not forced here. The service is usually better. In particular, many
banks only ever opened for half a day at the weekend. Now most smaller
branch don't open at all. Which is totally stupid. Why not close one day in
the week and then open all day saturday?

[toc] | [prev] | [next] | [standalone]


#45858

FromChris <ithinkiam@gmail.com>
Date2025-03-03 21:38 +0000
Message-ID<vq57fp$1g6j2$1@dont-email.me>
In reply to#45847
Newyana2 <newyana@invalid.nospam> wrote:
> .
> 
>   So the weak point here, which was supposed to be the strong point,
> is 2FA. 

Eh?

> The secondary weak point is people having online accounts in
> the first place. If you're banking online then you're vulnerable. But it's
> not easy to avoid. I had to call my bank's corporate offices in order
> to block the possibility of creating an online account. For most people
> that's out of the question. People want convenience. Walk to the bank?
> Fuggetaboutit!

What bank? In the uk most banks are closing branches all over the place.
Plus, we have online only banks. My nearest branch for one of my banks that
does have branches is nearly 6 miles away. 

Also having to physically tell a person to move digital numbers from one
place to another is an utter waste of everyone's time. 

>   Ironically, unless someone can hack into my computer they have
> virtually zero chance of taking over my accounts. First, I don't have
> online accounts, generally. Second, since I don't use 2FA an attacker
> would have to somehow get my email passwords.

How does that work? 2FA requires a code *and* the password. You're removing
a layer of security. 


[toc] | [prev] | [next] | [standalone]


#45859

FromNewyana2 <newyana@invalid.nospam>
Date2025-03-03 17:31 -0500
Message-ID<vq5aic$1gnna$1@dont-email.me>
In reply to#45858
On 3/3/2025 4:38 PM, Chris wrote:

>>    Ironically, unless someone can hack into my computer they have
>> virtually zero chance of taking over my accounts. First, I don't have
>> online accounts, generally. Second, since I don't use 2FA an attacker
>> would have to somehow get my email passwords.
> 
> How does that work? 2FA requires a code *and* the password. You're removing
> a layer of security.
> 

  If they're able to take over your phone # they can just go
around to accounts and click "I lost my password". A reset
code wll then be sent to the cellphone. So if they know
email addresses and account logins then they can take all
of them over within minutes. In my case, with no 2FA, there's
no way to get my email password. With no online bank account
there's nothing to hack.

   2FA is not a security improvement. It's a gimmick to enable
far more exptensive tracking of people by linking phone ID and
location to other data.

[toc] | [prev] | [next] | [standalone]


#45866

FromChris <ithinkiam@gmail.com>
Date2025-03-04 08:13 +0000
Message-ID<vq6cnr$1pn8s$1@dont-email.me>
In reply to#45859
Newyana2 <newyana@invalid.nospam> wrote:
> On 3/3/2025 4:38 PM, Chris wrote:
> 
>>> Ironically, unless someone can hack into my computer they have
>>> virtually zero chance of taking over my accounts. First, I don't have
>>> online accounts, generally. Second, since I don't use 2FA an attacker
>>> would have to somehow get my email passwords.
>> 
>> How does that work? 2FA requires a code *and* the password. You're removing
>> a layer of security.
>> 
> 
>  If they're able to take over your phone # they can just go
> around to accounts and click "I lost my password". A reset
> code wll then be sent to the cellphone. 

That's not how it works. At best you get sent a reset link to your email.
This means the attacker needs to know your email account details as well as
the username/login for the service. 

With banks it's more secure. In the UK at least. In order to reset anything
you need to answer personal questions which must match pre-set answers and
then the reset option is sent to your email. Or, often, a code sent to your
home via the mail. 

> So if they know
> email addresses and account logins then they can take all
> of them over within minutes. In my case, with no 2FA, there's
> no way to get my email password. With no online bank account
> there's nothing to hack.

You're dependent on a single factor. If your password is exposed or, more
likely, the company's security has been compromised via other means then an
attacker has free reign. 

Yes, the chances are low, but the potential damage is much higher then if
had 2FA. 

> 
>   2FA is not a security improvement. It's a gimmick to enable
> far more exptensive tracking of people by linking phone ID and
> location to other data.

Your paranoia is clouding your judgement. 


[toc] | [prev] | [next] | [standalone]


#45869

FromNewyana2 <newyana@invalid.nospam>
Date2025-03-04 08:09 -0500
Message-ID<vq6u0r$1skm6$1@dont-email.me>
In reply to#45866
On 3/4/2025 3:13 AM, Chris wrote:
> Newyana2 <newyana@invalid.nospam> wrote:
>> On 3/3/2025 4:38 PM, Chris wrote:
>>
>>>> Ironically, unless someone can hack into my computer they have
>>>> virtually zero chance of taking over my accounts. First, I don't have
>>>> online accounts, generally. Second, since I don't use 2FA an attacker
>>>> would have to somehow get my email passwords.
>>>
>>> How does that work? 2FA requires a code *and* the password. You're removing
>>> a layer of security.
>>>
>>
>>   If they're able to take over your phone # they can just go
>> around to accounts and click "I lost my password". A reset
>> code wll then be sent to the cellphone.
> 
> That's not how it works. At best you get sent a reset link to your email.
> This means the attacker needs to know your email account details as well as
> the username/login for the service.
> 
   That's not typically necessary with 2FA. Remember, you've
clicked the link that says you forgot your password. Typically
that would trigger security questions. With 2FA it could involve
a code sent to a cellphone... which the scammer now controls.
That's the whole point. That's how people are being compromised
by only doing a SIM swap. In many cases the scammer need only
know a few personal details, which they might have found in a
data dump online.

> You're dependent on a single factor. If your password is exposed or, more
> likely, the company's security has been compromised via other means then an
> attacker has free reign.
> 
> Yes, the chances are low, but the potential damage is much higher then if
> had 2FA.
> 
    So you say. Yet this man was compromised. Someone was
able to do a SIM swap and get the rest from that. They may
have even got some of that information by simply waiting for
texts and emails after the swap. The problem is that the
cellphone has become the centerpiece of personal security,
and that trust is not justified.

    In my case all they need is my email password, but how are
they going to get it? Pretty much the only chance would be
a total data hack of my email host. Or they'll need to know
the answers to my security questions. Again, that will almost
certainly require hacking my email host. And since I don't bank
online or write credit card numbers in email, there's not much
that the scammer could benefit. They could order books in my
name from the library. But even then they'll need my library
card or my drivers license to pick up those books. And since
I use POP3 email, auto-deleting mail on the server, the scammer
can't look through my old email. So they can't even be a wiseguy
and change my dentist appt. :)

>>
>>    2FA is not a security improvement. It's a gimmick to enable
>> far more exptensive tracking of people by linking phone ID and
>> location to other data.
> 
> Your paranoia is clouding your judgement.
> 

   Famous last words of the ostrich. The whole point of this
thread is about a man who got SIM swapped and lost 40K
pounds! Your neighbor has just been eaten by a lion. Keeping
his head in a hole didn't protect him. What a shocker!

[toc] | [prev] | [next] | [standalone]


#45871

FromFrank Slootweg <this@ddress.is.invalid>
Date2025-03-04 16:22 +0000
Message-ID<vq7ct9.11ok.1@ID-201911.user.individual.net>
In reply to#45869
Newyana2 <newyana@invalid.nospam> wrote:
> On 3/4/2025 3:13 AM, Chris wrote:
> > Newyana2 <newyana@invalid.nospam> wrote:

[Much uniformed, misguided, FUD, scare mongering, etc. deleted.]

> >>    2FA is not a security improvement. It's a gimmick to enable
> >> far more exptensive tracking of people by linking phone ID and
> >> location to other data.
> > 
> > Your paranoia is clouding your judgement.
> 
>    Famous last words of the ostrich. The whole point of this
> thread is about a man who got SIM swapped and lost 40K
> pounds! Your neighbor has just been eaten by a lion. Keeping
> his head in a hole didn't protect him. What a shocker!

  Nope, the man lost 40K pounds, because two companies (EDF and O2)
fscked up their security procedures.

  Insult was added to injury, by the fact that his savings account was
apparently only protected by a password, i.e. the kind of weak/no
'security' *you* are actually advocating. Had this been protected by 2FA
(not SMS, which is not 2FA, but (weak) 2SV), he would have lost nothing.

  In addition to (real) 2FA, our (NL) bank accounts, especially the
savings accounts can be further protected by a time-locked and maximum
amount at a time. There hardly ever is a need to make a 40K pound
transfer without advance notice.

  Bottom line: Yes, shitty security/security-procedures get people into
trouble. News at eleven!

[toc] | [prev] | [next] | [standalone]


#45873

FromChris <ithinkiam@gmail.com>
Date2025-03-04 21:09 +0000
Message-ID<vq7q5c$21s5q$1@dont-email.me>
In reply to#45869
Newyana2 <newyana@invalid.nospam> wrote:
> On 3/4/2025 3:13 AM, Chris wrote:
>> Newyana2 <newyana@invalid.nospam> wrote:
>>> On 3/3/2025 4:38 PM, Chris wrote:
>>> 
>>>>> Ironically, unless someone can hack into my computer they have
>>>>> virtually zero chance of taking over my accounts. First, I don't have
>>>>> online accounts, generally. Second, since I don't use 2FA an attacker
>>>>> would have to somehow get my email passwords.
>>>> 
>>>> How does that work? 2FA requires a code *and* the password. You're removing
>>>> a layer of security.
>>>> 
>>> 
>>> If they're able to take over your phone # they can just go
>>> around to accounts and click "I lost my password". A reset
>>> code wll then be sent to the cellphone.
>> 
>> That's not how it works. At best you get sent a reset link to your email.
>> This means the attacker needs to know your email account details as well as
>> the username/login for the service.
>> 
>   That's not typically necessary with 2FA. 

Yes it is. 

> Remember, you've
> clicked the link that says you forgot your password. Typically
> that would trigger security questions. 

Correct. 

> With 2FA it could involve
> a code sent to a cellphone... 

Only after you've correctly answered additional security. Usually it's an
email not a 2FA code via SMS as it's known to be insecure. 

> which the scammer now controls.
> That's the whole point. That's how people are being compromised
> by only doing a SIM swap. In many cases the scammer need only
> know a few personal details, which they might have found in a
> data dump online.
> 
>> You're dependent on a single factor. If your password is exposed or, more
>> likely, the company's security has been compromised via other means then an
>> attacker has free reign.
>> 
>> Yes, the chances are low, but the potential damage is much higher then if
>> had 2FA.
>> 
>    So you say. Yet this man was compromised. Someone was
> able to do a SIM swap and get the rest from that. 

Where does the story say that 2FA was the weak point?  in fact where is 2FA
mentioned at all?

> They may
> have even got some of that information by simply waiting for
> texts and emails after the swap. 

The primary issue is how was it possible to swap the sim in the first
place. 

> The problem is that the
> cellphone has become the centerpiece of personal security,
> and that trust is not justified.

That's true. 

>    In my case all they need is my email password, but how are
> they going to get it? Pretty much the only chance would be
> a total data hack of my email host. Or they'll need to know
> the answers to my security questions. Again, that will almost
> certainly require hacking my email host. And since I don't bank
> online or write credit card numbers in email, there's not much
> that the scammer could benefit. They could order books in my
> name from the library. But even then they'll need my library
> card or my drivers license to pick up those books. And since
> I use POP3 email, auto-deleting mail on the server, the scammer
> can't look through my old email. So they can't even be a wiseguy
> and change my dentist appt. :)

Basically, with everything so interdependent if someone wants to target you
specifically they will find a way. 

>>> 
>>> 2FA is not a security improvement. It's a gimmick to enable
>>> far more exptensive tracking of people by linking phone ID and
>>> location to other data.
>> 
>> Your paranoia is clouding your judgement.
>> 
> 
>   Famous last words of the ostrich. The whole point of this
> thread is about a man who got SIM swapped and lost 40K
> pounds! 

None of which has anything to do with 2FA which you brought up. 

There's definitely a lot more to this story. For example, there's a daily
limit of £10k for bank transfers. 

Plus, I also use the Nationwide bank and their security is pretty strict
especially around new types of transactions. 

> Your neighbor has just been eaten by a lion. Keeping
> his head in a hole didn't protect him. What a shocker!

Reading the whole article it seems they also compromised his email account
and then tried to use his Nationwide credit card, which was blocked
automatically, and stole the £40k from his Premium Bonds. Real nightmare
scenario. 

If someone has your emails and your mobile phone number you are royally
screwed. Yes, even you. 

Fortunately, the victim has had his 40k refunded. 

[toc] | [prev] | [next] | [standalone]


Page 1 of 6  [1] 2 3 4 5 6  Next page →

Back to top | Article view | uk.telecom.mobile


csiph-web