Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > uk.telecom.mobile > #45840 > unrolled thread

"'Scammers stole £40k after EDF gave out my number"

Started byJava Jive <java@evij.com.invalid>
First post2025-03-03 12:27 +0000
Last post2025-03-15 08:48 -0400
Articles 20 on this page of 111 — 14 participants

Back to article view | Back to uk.telecom.mobile


Contents

  "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-03 12:27 +0000
    Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-03 10:47 -0500
      Re: "'Scammers stole £40k after EDF gave out my number" David Rance <david@SPAMOFF.invalid> - 2025-03-03 17:13 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-03 17:33 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" David Rance <david@SPAMOFF.invalid> - 2025-03-03 18:20 +0000
    Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-03 15:54 +0000
    Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 17:25 +0000
      Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-03 14:04 -0500
        Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 19:28 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:36 +0100
        Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:35 +0100
          Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-03 17:35 -0500
            Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-04 02:49 +0100
              Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-04 08:07 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-03 21:38 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-03 17:31 -0500
            Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-04 08:13 +0000
              Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-04 08:09 -0500
                Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-04 16:22 +0000
                Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-04 21:09 +0000
                  Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-04 19:43 -0500
                    Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-05 05:34 +0000
                      Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 08:22 -0500
                        Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-05 16:15 +0000
                    Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 09:44 +0100
                      Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 13:15 +0100
                        Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 08:47 -0500
                          Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 14:27 +0000
                            Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 10:42 -0500
                              Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 16:51 +0000
                              Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 17:21 +0000
                                Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 12:37 -0500
                                  Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-05 18:03 +0000
                                    Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 16:00 -0500
                                      Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 22:07 +0100
                                      Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-06 15:42 +0000
                                        Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-06 19:28 +0100
                                  Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 18:23 +0000
                                    Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 16:01 -0500
                                      Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 21:03 +0000
                                  Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 18:40 +0000
                          Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 18:02 +0100
                            Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 21:04 +0100
                      Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-05 08:12 -0500
                      Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 13:29 +0000
                        Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 17:38 +0100
                          Re: "'Scammers stole £40k after EDF gave out my number" Abandoned Trolley <that.bloke@microsoft.com> - 2025-03-05 17:25 +0000
                            Re: "'Scammers stole £40k after EDF gave out my number" David Wade <dave@g4ugm.invalid> - 2025-03-05 21:44 +0100
                          Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 18:45 +0000
                    Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 13:25 +0000
                  Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 13:25 +0000
                    Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 14:57 +0100
                      Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-05 14:10 +0000
                        Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-05 16:26 +0000
                      Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-05 14:33 +0000
                        Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-05 21:08 +0100
      Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-03 19:25 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 19:43 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:40 +0100
            Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 21:26 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:38 +0100
        Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-03 20:54 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-04 07:19 +0000
      Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-03 21:31 +0100
    Re: "'Scammers stole £40k after EDF gave out my number" Brian Gregory <void-invalid-dead-dontuse@email.invalid> - 2025-03-06 01:56 +0000
      Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-06 13:54 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" Tweed <usenet.tweed@gmail.com> - 2025-03-06 14:57 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-06 11:09 -0500
          Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-06 11:17 -0700
            Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-07 09:12 -0500
              Re: "'Scammers stole £40k after EDF gave out my number" AJL <noemail@none.com> - 2025-03-07 09:35 -0700
          Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-06 18:24 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-06 19:36 +0100
            Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-07 09:17 -0500
              Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-07 16:16 +0100
              Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-08 10:30 +0000
        Re: "'Scammers stole £40k after EDF gave out my number" Brian Gregory <void-invalid-dead-dontuse@email.invalid> - 2025-03-06 16:37 +0000
          Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-06 19:53 +0000
            Re: "'Scammers stole £40k after EDF gave out my number" Chris <ithinkiam@gmail.com> - 2025-03-07 07:37 +0000
              Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-07 10:46 +0100
            Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-07 13:24 +0000
              Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-07 09:38 -0500
                Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-07 15:35 +0000
                Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-07 15:46 +0000
                Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-14 18:49 +0000
                  Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-15 09:53 +0000
                  Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-15 11:46 +0000
                    Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-15 08:35 -0400
                      Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-15 17:53 +0000
                        Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-15 19:27 +0000
                        Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-15 23:30 -0400
                          Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-16 13:47 +0000
                            Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-16 15:13 +0000
                              Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-16 16:04 +0000
                                Re: "'Scammers stole £40k after EDF gave out my number" Theo <theom+news@chiark.greenend.org.uk> - 2025-03-16 18:00 +0000
                                  Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-17 08:53 +0000
                                    Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-17 13:53 +0000
                                      Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-17 14:53 +0000
                                        Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-17 18:44 +0000
                                          Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-20 10:42 +0000
                                            Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-20 12:48 +0000
                                              Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-20 13:18 +0000
                                                Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-20 13:27 +0000
                                                  Re: "'Scammers stole £40k after EDF gave out my number" Nick Finnigan <nix@genie.co.uk> - 2025-03-20 14:28 +0000
                                                    Re: "'Scammers stole £40k after EDF gave out my number" Andy Burns <usenet@andyburns.uk> - 2025-03-20 16:02 +0000
                                                      Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-20 13:00 -0400
                            Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-16 11:54 -0400
                              Re: "'Scammers stole £40k after EDF gave out my number" Java Jive <java@evij.com.invalid> - 2025-03-16 16:09 +0000
                              Re: "'Scammers stole £40k after EDF gave out my number" Frank Slootweg <this@ddress.is.invalid> - 2025-03-16 19:23 +0000
                              Re: "'Scammers stole £40k after EDF gave out my number" "Carlos E.R." <robin_listas@es.invalid> - 2025-03-16 23:10 +0100
                  Re: "'Scammers stole £40k after EDF gave out my number" Newyana2 <newyana@invalid.nospam> - 2025-03-15 08:48 -0400

Page 5 of 6 — ← Prev page 1 2 3 4 [5] 6  Next page →


#45926

FromJava Jive <java@evij.com.invalid>
Date2025-03-07 13:24 +0000
Message-ID<vqes1l$3i7oj$1@dont-email.me>
In reply to#45920
On 2025-03-06 19:53, Java Jive wrote:
>
> On 2025-03-06 16:37, Brian Gregory wrote:
>>
>> On 06/03/2025 13:54, Java Jive wrote:
>>>
>>> But how would they know which banks, savings accounts, etc, to target 
>>> without additional information?
>>
>> They're hackers after money. They are not lazy. They try them one by 
>> one. Why would you think they wouldn’t bother to do that?
> 
> Doesn't sound likely to me, they want the money, but they wouldn't want 
> to take unnecessary risks of getting caught, and randomly trying banks 
> and financial organisations without the necessary identifying 
> information such as account numbers would likely fail, and perhaps cause 
> the police to be contacted.

It seems very likely that I was correct.  Rereading the original BBC 
report, there is a single sentence which most of us seem to have missed 
on first reading ...

"O2 Virgin Media confirmed the scammer telephoned its call centre 
requesting a new Sim and had hacked Stephen's emails."

... so, as I had supposed, they were reading the victim's emails, and 
that is how they knew:

    -  His various account details;
    -  There was enough in them to be worth setting up the SIM swap scam.

-- 

Fake news kills!

I may be contacted via the contact address given on my website: 
www.macfh.co.uk

[toc] | [prev] | [next] | [standalone]


#45930

FromNewyana2 <newyana@invalid.nospam>
Date2025-03-07 09:38 -0500
Message-ID<vqf0ca$3j5oo$1@dont-email.me>
In reply to#45926
On 3/7/2025 8:24 AM, Java Jive wrote:

> It seems very likely that I was correct.  Rereading the original BBC 
> report, there is a single sentence which most of us seem to have missed 
> on first reading ...
> 
> "O2 Virgin Media confirmed the scammer telephoned its call centre 
> requesting a new Sim and had hacked Stephen's emails."
> 

   It's confusing, but that seems to be backward. The scammer
called the phone company, giving email and name to get the
cellphone number, then initiated a SIM swap. That, then, gave him
the means to change the passwords.

   It would be interesting to see a security expert look at this
in detail. There are many reports online, but they all seem to be
reprints of one poorly researched article.

[toc] | [prev] | [next] | [standalone]


#45932

FromNick Finnigan <nix@genie.co.uk>
Date2025-03-07 15:35 +0000
Message-ID<vqf3oc$1aivq$4@dont-email.me>
In reply to#45930
On 07/03/2025 14:38, Newyana2 wrote:
> On 3/7/2025 8:24 AM, Java Jive wrote:
> 
>> It seems very likely that I was correct.  Rereading the original BBC 
>> report, there is a single sentence which most of us seem to have missed 
>> on first reading ...
>>
>> "O2 Virgin Media confirmed the scammer telephoned its call centre 
>> requesting a new Sim and had hacked Stephen's emails."
>>
> 
>    It's confusing, but that seems to be backward. The scammer
> called the phone company, giving email and name to get the
> cellphone number, then initiated a SIM swap. That, then, gave him
> the means to change the passwords.

  No, the scammer called EDF to get the mobile phone number.

[toc] | [prev] | [next] | [standalone]


#45933

FromAndy Burns <usenet@andyburns.uk>
Date2025-03-07 15:46 +0000
Message-ID<m30imsFlmpmU1@mid.individual.net>
In reply to#45930
Newyana2 wrote:

> It would be interesting to see a security expert look at this
> in detail.

But they're not going to publish detail ... it'd be a scammer's text book.

[toc] | [prev] | [next] | [standalone]


#45968

FromTheo <theom+news@chiark.greenend.org.uk>
Date2025-03-14 18:49 +0000
Message-ID<buh*n6r9z@news.chiark.greenend.org.uk>
In reply to#45930
In comp.mobile.android Newyana2 <newyana@invalid.nospam> wrote:
> On 3/7/2025 8:24 AM, Java Jive wrote:
> 
> > It seems very likely that I was correct.  Rereading the original BBC 
> > report, there is a single sentence which most of us seem to have missed 
> > on first reading ...
> > 
> > "O2 Virgin Media confirmed the scammer telephoned its call centre 
> > requesting a new Sim and had hacked Stephen's emails."
> > 
> 
>    It's confusing, but that seems to be backward. The scammer
> called the phone company, giving email and name to get the
> cellphone number, then initiated a SIM swap. That, then, gave him
> the means to change the passwords.
> 
>    It would be interesting to see a security expert look at this
> in detail. There are many reports online, but they all seem to be
> reprints of one poorly researched article.

The radio programme is here and starts at 40m50s (not sure if BBC Sounds is
geoblocked but I don't think so):
https://www.bbc.co.uk/sounds/play/m0028bj1

In brief:
- received a text from O2 (mobile operator) saying he'd changed his password
- contacted O2 straightaway and told SIM had been swapped
- told they'd stop that and send out a new SIM card, emailed to confirm
- next morning, email from EDF (energy supplier) asking for feedback on
recent contact with customer services
- called EDF, told they'd pass it on to the fraud section and get back to
him
- nothing happened for over a week
- called O2 again to make sure everything was stopped, put through to fraud
department
- just after received an email saying new SIM card had been sent out,
connected to a different number.  Queried with fraud department, said didn't
know, need to go to an O2 shop
- O2 shop couldn't do much as account had been stopped, couldn't look at it
- told them to check his emails
- contacted Virgin Media (ISP, merged with O2), told he'd changed his
password, had to go through changing password back again, told they'd pass
it to the fraud section
- thus far not had a conversation with any fraud section
- contacted various banks to check everything is ok, told they'd put in
extra security
- tried to make a payment on Nationwide card, couldn't go through because
they couldn't use the landline for the OTP.  Told there was a problem with
the card, need to go to a Nationwide branch.
- told someone had attempted to use the credit card for £200 of voucher
codes, had been stopped.  Gave two extra passwords to enhanced security.
- got an email from National Savings &I to say password had been changed
- rang NS&I straight away to say it hadn't, went through very long procedure
to verify who he was and get a new password
- after an hour, told you'd taken out a large amount of premium bonds, over
£40k
- NS&I fraud rang the next day, explained they had suspicions but asked for
the money to come back, could be 15 working days
- only way to get anywhere with O2, VM, EDF is to pay for Linkedin Premium
and have access to messaging the executives.
- Senior EDF executive contacted, listened to the call with the fraudster,
said like it didn't sound like him at all.  Seemed to have name and email
address, asked EDF for mobile number and was given out to them.
- Told scammer had gone through security just with name and email address. 
Offered £50 goodwill gesture for closing the case.  Since agreed it has been
a data breach.

NS&I say he will be refunded fully.
EDF say security procedures were followed but subsequently recognised it was
fraud.
VMO2 says scammer had called them and passed security.

Expert says this all started from Ofcom (regulator) making it easier to
change mobile provider in under 2 mins.  Some mobile operators thinking in
that way and not thinking about scams - can switch within networks without
even needing the code.

----

Speculating, I would guess they started with the SIM swap.  I don't know the
O2 procedure, but it's possible to have SIMs which are unregistered or only
lightly registered (eg no online account).  In that case there isn't much
security information the operator has, or it could be easy to find out
(pet's name, place of birth, etc).  Scammer contacts the provider to say you
broke your SIM card and need a new one and they don't have very much to
authenticate you.  If they can make that stick they can maybe then do a
password reset on the email which uses SMS as a recovery mechanism, and then
they're in.

Theo

[toc] | [prev] | [next] | [standalone]


#45969

FromNick Finnigan <nix@genie.co.uk>
Date2025-03-15 09:53 +0000
Message-ID<vr3ind$34sjd$1@dont-email.me>
In reply to#45968
On 14/03/2025 18:49, Theo wrote:
> 
> Speculating, I would guess they started with the SIM swap.  I don't know the
> O2 procedure, but it's possible to have SIMs which are unregistered or only
> lightly registered (eg no online account).  In that case there isn't much
> security information the operator has, or it could be easy to find out
> (pet's name, place of birth, etc).  Scammer contacts the provider to say you
> broke your SIM card and need a new one and they don't have very much to
> authenticate you.  

  Is that SIM card in a phone which they can still see on their network?

If they can make that stick they can maybe then do a
> password reset on the email which uses SMS as a recovery mechanism, and then
> they're in.
> 
> Theo

[toc] | [prev] | [next] | [standalone]


#45970

FromJava Jive <java@evij.com.invalid>
Date2025-03-15 11:46 +0000
Message-ID<vr3pav$3eto7$1@dont-email.me>
In reply to#45968
On 2025-03-14 18:49, Theo wrote:
>
> Speculating, I would guess they started with the SIM swap.

The original report suggests that they started with an email hack, and 
used that to facilitate the SIM swap.

-- 

Fake news kills!

I may be contacted via the contact address given on my website: 
www.macfh.co.uk

[toc] | [prev] | [next] | [standalone]


#45971

FromNewyana2 <newyana@invalid.nospam>
Date2025-03-15 08:35 -0400
Message-ID<vr3s4m$3hdbg$1@dont-email.me>
In reply to#45970
On 3/15/2025 7:46 AM, Java Jive wrote:
> On 2025-03-14 18:49, Theo wrote:
>>
>> Speculating, I would guess they started with the SIM swap.
> 
> The original report suggests that they started with an email hack, and 
> used that to facilitate the SIM swap.
> 

   That's not what it said. "Suggests" gets into speculation.
The reoprt does imply that conning the phone company
into a SIM swap was where it started. Which also makes
the most sense. The point being that if you have someone's
phone then you have their texts, email, etc. So the rest is fairly
simple. His email server then assumes 2FA is adequate to let
him change his email password, so the scammer doesn't
need answers to security questions. It all centers on the
cellphone being depended upon as the most secure identity.
In that scenario, the scammer only needs some public facts,
like the email addess, name, maybe street address, etc. A
casual friend could have those things, or they might be found
in a data dump online. So the weak points are 2FA and the
human factor. The phone company wants to help, doesn't want
to anger the customer, so they can sometimes be tricked.

    Though it would be interesting if this story is ever clarified
officially. Maybe they avoided details in order not to give
other scammers ideas. Taking away all human factors is also
a problem.

    Meanwhile, I look forward to seeing a Bill Murray movie,
where his cellphone dies and he begins a comedic odyssey,
trying to convince everyone from his employer to his family
that he exists. (His family haven't looked up from their cellphones
for 30 years, so naturally they assumed that poor Bill died
when he stopped answering texts... and they don't know what
he looks like. Maybe they could call it Brazil 2.0. :)

[toc] | [prev] | [next] | [standalone]


#45973

FromJava Jive <java@evij.com.invalid>
Date2025-03-15 17:53 +0000
Message-ID<vr4ere$eqk$1@dont-email.me>
In reply to#45971
On 2025-03-15 12:35, Newyana2 wrote:
> On 3/15/2025 7:46 AM, Java Jive wrote:
>> On 2025-03-14 18:49, Theo wrote:
>>>
>>> Speculating, I would guess they started with the SIM swap.
>>
>> The original report suggests that they started with an email hack, and 
>> used that to facilitate the SIM swap.
> 
>    That's not what it said.

Look back directly up thread to my post of 2025-03-06 19:53, where I 
quote the single sentence in the original report that stated that an 
email hack had occurred before the SIM-swap scam was done.

-- 

Fake news kills!

I may be contacted via the contact address given on my website: 
www.macfh.co.uk

[toc] | [prev] | [next] | [standalone]


#45976

FromTheo <theom+news@chiark.greenend.org.uk>
Date2025-03-15 19:27 +0000
Message-ID<cuh*Rux9z@news.chiark.greenend.org.uk>
In reply to#45973
In comp.mobile.android Java Jive <java@evij.com.invalid> wrote:
> On 2025-03-15 12:35, Newyana2 wrote:
> > On 3/15/2025 7:46 AM, Java Jive wrote:
> >> On 2025-03-14 18:49, Theo wrote:
> >>>
> >>> Speculating, I would guess they started with the SIM swap.
> >>
> >> The original report suggests that they started with an email hack, and 
> >> used that to facilitate the SIM swap.
> > 
> >    That's not what it said.
> 
> Look back directly up thread to my post of 2025-03-06 19:53, where I 
> quote the single sentence in the original report that stated that an 
> email hack had occurred before the SIM-swap scam was done.

What's a complicating factor is that Virgin Media O2 is both his mobile
phone provider and his email provider.  I don't know how integrated VM and
O2 systems are since the merger, but it's possible one login allows access
to both the emails and the mobile account.  That is an unfortunate single
point of failure.

Theo

[toc] | [prev] | [next] | [standalone]


#45978

FromNewyana2 <newyana@invalid.nospam>
Date2025-03-15 23:30 -0400
Message-ID<vr5git$t0ll$1@dont-email.me>
In reply to#45973
On 3/15/2025 1:53 PM, Java Jive wrote:
> On 2025-03-15 12:35, Newyana2 wrote:
>> On 3/15/2025 7:46 AM, Java Jive wrote:
>>> On 2025-03-14 18:49, Theo wrote:
>>>>
>>>> Speculating, I would guess they started with the SIM swap.
>>>
>>> The original report suggests that they started with an email hack, 
>>> and used that to facilitate the SIM swap.
>>
>>    That's not what it said.
> 
> Look back directly up thread to my post of 2025-03-06 19:53, where I 
> quote the single sentence in the original report that stated that an 
> email hack had occurred before the SIM-swap scam was done.
> 
  You read it wrong.

"O2 Virgin Media confirmed the scammer telephoned its call centre 
requesting a new Sim and had hacked Stephen's emails."

   Both things happened. Nowhere does it say or imply that
hacking the email preceded the SIM swap. That wouldn't
make sense.

"
EDF explained the fraudster had his name and email address and had asked 
EDF to give them his mobile number, which the company did. ... The call 
from the fraudster to EDF happened three hours before O2 received a 
request to move his number in the Sim-swap scam. ...
"

So they called EDF with name and email, asking for their phone
number. With that they called O2 and asked to swap SIMs.
Once the SIM was swapped they could log in to email and say
the lost their password. They then have a password change
link sent via email or text... which they now control.

As the article then states: "Criminals do it to bypass two-factor
authentication to change passwords and access anything else
you need a code from a text message for."

    Hacking his email wouldn't have got the scammers a way to
bypass 2FA via cellphone, but a SIM swap would. So if the man
had not been using 2FA it's unlikely that he could have been
scammed.

[toc] | [prev] | [next] | [standalone]


#45982

FromJava Jive <java@evij.com.invalid>
Date2025-03-16 13:47 +0000
Message-ID<vr6kqh$1t946$1@dont-email.me>
In reply to#45978
On 2025-03-16 03:30, Newyana2 wrote:
> On 3/15/2025 1:53 PM, Java Jive wrote:
>> On 2025-03-15 12:35, Newyana2 wrote:
>>> On 3/15/2025 7:46 AM, Java Jive wrote:
>>>> On 2025-03-14 18:49, Theo wrote:
>>>>>
>>>>> Speculating, I would guess they started with the SIM swap.
>>>>
>>>> The original report suggests that they started with an email hack, 
>>>> and used that to facilitate the SIM swap.
>>>
>>>    That's not what it said.
>>
>> Look back directly up thread to my post of 2025-03-06 19:53, where I 
>> quote the single sentence in the original report that stated that an 
>> email hack had occurred before the SIM-swap scam was done.
>>
>   You read it wrong.
> 
> "O2 Virgin Media confirmed the scammer telephoned its call centre 
> requesting a new Sim and had hacked Stephen's emails."
> 
>    Both things happened. Nowhere does it say or imply that
> hacking the email preceded the SIM swap. That wouldn't
> make sense.

It makes perfect sense, what you are claiming makes no sense, and shows 
that you have lost the chronological sequence of events.  For one thing, 
the use of the word 'had' implies that the hack was already in place at 
the time of scammer's phone call, otherwise they would have said 
something like "... and hacked ..." or "... used it to hack ..." or "... 
and went on to hack ...".  Further, if you reread the original report in 
its entirety, how would he have persuaded EDF to give up the victim's 
mobile number without personal identifying information that came from 
access to his emails?  Next, how would he have been able to confirm the 
request for a replacement SIM without being able to reply to the 
confirmatory email?

-- 

Fake news kills!

I may be contacted via the contact address given on my website: 
www.macfh.co.uk

[toc] | [prev] | [next] | [standalone]


#45983

FromTheo <theom+news@chiark.greenend.org.uk>
Date2025-03-16 15:13 +0000
Message-ID<cuh*FQB9z@news.chiark.greenend.org.uk>
In reply to#45982
In uk.telecom.mobile Java Jive <java@evij.com.invalid> wrote:
> It makes perfect sense, what you are claiming makes no sense, and shows 
> that you have lost the chronological sequence of events.  For one thing, 
> the use of the word 'had' implies that the hack was already in place at 
> the time of scammer's phone call, otherwise they would have said 
> something like "... and hacked ..." or "... used it to hack ..." or "... 
> and went on to hack ...".  Further, if you reread the original report in 
> its entirety, how would he have persuaded EDF to give up the victim's 
> mobile number without personal identifying information that came from 
> access to his emails?  Next, how would he have been able to confirm the 
> request for a replacement SIM without being able to reply to the 
> confirmatory email?

When I've had to do a SIM swap (some time ago) it was all done on security
questions, there was no confirmatory email.  I don't think the mobile
networks required an email address, and if you're on PAYG they still
don't.

I think there is not enough information to be clear about the sequencing,
especially since emails and mobile are provided by the same company.

Theo

[toc] | [prev] | [next] | [standalone]


#45985

FromJava Jive <java@evij.com.invalid>
Date2025-03-16 16:04 +0000
Message-ID<vr6src$23f7c$1@dont-email.me>
In reply to#45983
On 2025-03-16 15:13, Theo wrote:
> In uk.telecom.mobile Java Jive <java@evij.com.invalid> wrote:
>>
>> It makes perfect sense, what you are claiming makes no sense, and shows
>> that you have lost the chronological sequence of events.  For one thing,
>> the use of the word 'had' implies that the hack was already in place at
>> the time of scammer's phone call, otherwise they would have said
>> something like "... and hacked ..." or "... used it to hack ..." or "...
>> and went on to hack ...".  Further, if you reread the original report in
>> its entirety, how would he have persuaded EDF to give up the victim's
>> mobile number without personal identifying information that came from
>> access to his emails?  Next, how would he have been able to confirm the
>> request for a replacement SIM without being able to reply to the
>> confirmatory email?
> 
> When I've had to do a SIM swap (some time ago) it was all done on security
> questions, there was no confirmatory email.  I don't think the mobile
> networks required an email address, and if you're on PAYG they still
> don't.
> 
> I think there is not enough information to be clear about the sequencing,
> especially since emails and mobile are provided by the same company.

No, how would he have known the answers to the security questions to 
enable the SIM swap, and his emails were from Virgin Media, while the 
SIM was from O2.  Although not initially, my reading of the original 
article is now unambiguously that the email hack preceded the SIM swap 
and provided the initial personal information necessary to accomplish 
everything that followed.

-- 

Fake news kills!

I may be contacted via the contact address given on my website: 
www.macfh.co.uk

[toc] | [prev] | [next] | [standalone]


#45988

FromTheo <theom+news@chiark.greenend.org.uk>
Date2025-03-16 18:00 +0000
Message-ID<duh*2rC9z@news.chiark.greenend.org.uk>
In reply to#45985
In uk.telecom.mobile Java Jive <java@evij.com.invalid> wrote:
> On 2025-03-16 15:13, Theo wrote:
> > In uk.telecom.mobile Java Jive <java@evij.com.invalid> wrote:
> >>
> >> It makes perfect sense, what you are claiming makes no sense, and shows
> >> that you have lost the chronological sequence of events.  For one thing,
> >> the use of the word 'had' implies that the hack was already in place at
> >> the time of scammer's phone call, otherwise they would have said
> >> something like "... and hacked ..." or "... used it to hack ..." or "...
> >> and went on to hack ...".  Further, if you reread the original report in
> >> its entirety, how would he have persuaded EDF to give up the victim's
> >> mobile number without personal identifying information that came from
> >> access to his emails?  Next, how would he have been able to confirm the
> >> request for a replacement SIM without being able to reply to the
> >> confirmatory email?
> > 
> > When I've had to do a SIM swap (some time ago) it was all done on security
> > questions, there was no confirmatory email.  I don't think the mobile
> > networks required an email address, and if you're on PAYG they still
> > don't.
> > 
> > I think there is not enough information to be clear about the sequencing,
> > especially since emails and mobile are provided by the same company.
> 
> No, how would he have known the answers to the security questions to 
> enable the SIM swap, and his emails were from Virgin Media, while the 
> SIM was from O2.  Although not initially, my reading of the original 
> article is now unambiguously that the email hack preceded the SIM swap 
> and provided the initial personal information necessary to accomplish 
> everything that followed.

Virgin Media O2 are one company - VM and O2 merged June 2021.  I don't know
whether they have merged customer accounts such that the same security
details are used for both.  In which case it may be that one set of details
gives access to both mobile and emails.

Theo

[toc] | [prev] | [next] | [standalone]


#45996

FromNick Finnigan <nix@genie.co.uk>
Date2025-03-17 08:53 +0000
Message-ID<vr8nul$3mi0m$1@dont-email.me>
In reply to#45988
On 16/03/2025 18:00, Theo wrote:
> In uk.telecom.mobile Java Jive <java@evij.com.invalid> wrote:
>>
>> No, how would he have known the answers to the security questions to
>> enable the SIM swap, and his emails were from Virgin Media, while the
>> SIM was from O2.  Although not initially, my reading of the original
>> article is now unambiguously that the email hack preceded the SIM swap
>> and provided the initial personal information necessary to accomplish
>> everything that followed.
> 
> Virgin Media O2 are one company - VM and O2 merged June 2021.  I don't know
> whether they have merged customer accounts such that the same security
> details are used for both.  In which case it may be that one set of details
> gives access to both mobile and emails.

"If you've linked your Virgin Media and O2 details to create a new Virgin 
Media O2 ID, sign in with it here."

https://accounts.o2.co.uk/signin

[toc] | [prev] | [next] | [standalone]


#46000

FromJava Jive <java@evij.com.invalid>
Date2025-03-17 13:53 +0000
Message-ID<vr99gp$8osv$1@dont-email.me>
In reply to#45996
On 2025-03-17 08:53, Nick Finnigan wrote:
> On 16/03/2025 18:00, Theo wrote:
>> In uk.telecom.mobile Java Jive <java@evij.com.invalid> wrote:
>>>
>>> No, how would he have known the answers to the security questions to
>>> enable the SIM swap, and his emails were from Virgin Media, while the
>>> SIM was from O2.  Although not initially, my reading of the original
>>> article is now unambiguously that the email hack preceded the SIM swap
>>> and provided the initial personal information necessary to accomplish
>>> everything that followed.
>>
>> Virgin Media O2 are one company - VM and O2 merged June 2021.  I don't 
>> know
>> whether they have merged customer accounts such that the same security
>> details are used for both.  In which case it may be that one set of 
>> details
>> gives access to both mobile and emails.
> 
> "If you've linked your Virgin Media and O2 details to create a new 
> Virgin Media O2 ID, sign in with it here."
> 
> https://accounts.o2.co.uk/signin

But Theo's own transcription of events from the BBC Radio documentary 
makes clear that he had not done so (first and last entries from this 
excerpt):

In brief:
- received a text from O2 (mobile operator) saying he'd changed his password
- contacted O2 straight away and told SIM had been swapped
- told they'd stop that and send out a new SIM card, emailed to confirm
- next morning, email from EDF (energy supplier) asking for feedback on 
recent contact with customer services
- called EDF, told they'd pass it on to the fraud section and get back 
to him
- nothing happened for over a week
- called O2 again to make sure everything was stopped, put through to 
fraud department
- just after received an email saying new SIM card had been sent out,
connected to a different number.  Queried with fraud department, said 
didn't know, need to go to an O2 shop
- O2 shop couldn't do much as account had been stopped, couldn't look at it
- told them to check his emails
- contacted Virgin Media (ISP, merged with O2), told he'd changed his 
password, had to go through changing password back again, told they'd 
pass it to the fraud section

It's difficult to deduce from this the exact ordering of events ...

Because he had to contact VM to find out that he'd changed his email 
password, rather than them contacting him at the time he did so, we 
can't tell when his email password was actually changed.  Further, the 
scammer could have been reading his emails for a while before actually 
deciding that, as unfolding events began to suggest that the scam was in 
danger of being closed down, that it was time to change the password in 
an attempt to prolong it.  Most probably his email account would have 
been compromised around the same time as all the other stages of the 
scam, yet "nothing happened for over a week" before he discovered it, 
and, in between, he received emails from both EDF and O2.

However, I still think that some identifying personal information would 
have been necessary to enable the SIM swap, and most probably this came 
from the email hack occurring earlier.  A search for "what is the 
minimum personal information required to be a victim of a SIM swap scam" 
using both DuckDuckGo and Google didn't yield anything definitive or 
that probably most of us didn't know already, but did yield preventative 
advice ...

 From the Met:

https://www.met.police.uk/SysSiteAssets/media/downloads/force-content/met/campaigns/fraud/cyber-protect_protect-yourself-from-sim-swap-fraud.pdf

 From Which:

https://www.which.co.uk/news/article/sim-swap-fraud-doubles-year-on-year-how-scammers-steal-your-phone-number-aB0TF1O6hUrv

-- 

Fake news kills!

I may be contacted via the contact address given on my website: 
www.macfh.co.uk

[toc] | [prev] | [next] | [standalone]


#46002

FromNick Finnigan <nix@genie.co.uk>
Date2025-03-17 14:53 +0000
Message-ID<vr9d22$3mi0m$3@dont-email.me>
In reply to#46000
On 17/03/2025 13:53, Java Jive wrote:
> On 2025-03-17 08:53, Nick Finnigan wrote:
>> On 16/03/2025 18:00, Theo wrote:
>>> In uk.telecom.mobile Java Jive <java@evij.com.invalid> wrote:
>>>>
>>>> No, how would he have known the answers to the security questions to
>>>> enable the SIM swap, and his emails were from Virgin Media, while the
>>>> SIM was from O2.  Although not initially, my reading of the original
>>>> article is now unambiguously that the email hack preceded the SIM swap
>>>> and provided the initial personal information necessary to accomplish
>>>> everything that followed.
>>>
>>> Virgin Media O2 are one company - VM and O2 merged June 2021.  I don't know
>>> whether they have merged customer accounts such that the same security
>>> details are used for both.  In which case it may be that one set of details
>>> gives access to both mobile and emails.
>>
>> "If you've linked your Virgin Media and O2 details to create a new Virgin 
>> Media O2 ID, sign in with it here."
>>
>> https://accounts.o2.co.uk/signin
> 
> But Theo's own transcription of events from the BBC Radio documentary makes 
> clear that he had not done so (first and last entries from this excerpt):

  That does not make it clear to me (he would still have an O2 password as 
well as a VM/O2 password).

> In brief:
> - received a text from O2 (mobile operator) saying he'd changed his password
> - contacted O2 straight away and told SIM had been swapped
> - told they'd stop that and send out a new SIM card, emailed to confirm
> - next morning, email from EDF (energy supplier) asking for feedback on 
> recent contact with customer services
> - called EDF, told they'd pass it on to the fraud section and get back to him
> - nothing happened for over a week
> - called O2 again to make sure everything was stopped, put through to fraud 
> department
> - just after received an email saying new SIM card had been sent out,
> connected to a different number.  Queried with fraud department, said 
> didn't know, need to go to an O2 shop
> - O2 shop couldn't do much as account had been stopped, couldn't look at it
> - told them to check his emails
> - contacted Virgin Media (ISP, merged with O2), told he'd changed his 
> password, had to go through changing password back again, told they'd pass 
> it to the fraud section
> 
> It's difficult to deduce from this the exact ordering of events ...
> 
> Because he had to contact VM to find out that he'd changed his email 

  'his password' may be 'his account password' rather than 'his email app 
password'.

> password, rather than them contacting him at the time he did so, we can't 
> tell when his email password was actually changed.  Further, the scammer 
> could have been reading his emails for a while before actually deciding 
> that, as unfolding events began to suggest that the scam was in danger of 
> being closed down, that it was time to change the password in an attempt to 
> prolong it.  Most probably his email account would have been compromised 
> around the same time as all the other stages of the scam, yet "nothing 
> happened for over a week" before he discovered it, and, in between, he 
> received emails from both EDF and O2.
> 
> However, I still think that some identifying personal information would 
> have been necessary to enable the SIM swap, and most probably this came 
> from the email hack occurring earlier.  

[toc] | [prev] | [next] | [standalone]


#46011

FromJava Jive <java@evij.com.invalid>
Date2025-03-17 18:44 +0000
Message-ID<vr9qiq$nfdi$1@dont-email.me>
In reply to#46002
On 2025-03-17 14:53, Nick Finnigan wrote:
> On 17/03/2025 13:53, Java Jive wrote:
>> On 2025-03-17 08:53, Nick Finnigan wrote:
>>> On 16/03/2025 18:00, Theo wrote:
>>>> In uk.telecom.mobile Java Jive <java@evij.com.invalid> wrote:
>>>>>
>>>>> No, how would he have known the answers to the security questions to
>>>>> enable the SIM swap, and his emails were from Virgin Media, while the
>>>>> SIM was from O2.  Although not initially, my reading of the original
>>>>> article is now unambiguously that the email hack preceded the SIM swap
>>>>> and provided the initial personal information necessary to accomplish
>>>>> everything that followed.
>>>>
>>>> Virgin Media O2 are one company - VM and O2 merged June 2021.  I 
>>>> don't know
>>>> whether they have merged customer accounts such that the same security
>>>> details are used for both.  In which case it may be that one set of 
>>>> details
>>>> gives access to both mobile and emails.
>>>
>>> "If you've linked your Virgin Media and O2 details to create a new 
>>> Virgin Media O2 ID, sign in with it here."
>>>
>>> https://accounts.o2.co.uk/signin
>>
>> But Theo's own transcription of events from the BBC Radio documentary 
>> makes clear that he had not done so (first and last entries from this 
>> excerpt):
> 
>   That does not make it clear to me (he would still have an O2 password 
> as well as a VM/O2 password).

I disagree, your own quote shows that if it was a joint account for 
both, he'd only have needed the one password, whereas the Theo's 
transcription makes it plain that there were two.

>> In brief:
>> - received a text from O2 (mobile operator) saying he'd changed his 
>> password
>> - contacted O2 straight away and told SIM had been swapped
>> - told they'd stop that and send out a new SIM card, emailed to confirm
>> - next morning, email from EDF (energy supplier) asking for feedback 
>> on recent contact with customer services
>> - called EDF, told they'd pass it on to the fraud section and get back 
>> to him
>> - nothing happened for over a week
>> - called O2 again to make sure everything was stopped, put through to 
>> fraud department
>> - just after received an email saying new SIM card had been sent out,
>> connected to a different number.  Queried with fraud department, said 
>> didn't know, need to go to an O2 shop
>> - O2 shop couldn't do much as account had been stopped, couldn't look 
>> at it
>> - told them to check his emails
>> - contacted Virgin Media (ISP, merged with O2), told he'd changed his 
>> password, had to go through changing password back again, told they'd 
>> pass it to the fraud section
>>
>> It's difficult to deduce from this the exact ordering of events ...
>>
>> Because he had to contact VM to find out that he'd changed his email 
> 
>   'his password' may be 'his account password' rather than 'his email 
> app password'.

If it is 'his account password', then that completely supports my 
argument, not yours, and 'his email app password' doesn't make any 
sense, perhaps you mean 'his email password', but, unless he has 
multiple email addresses under a single account with VM, of which there 
is no mention, why would he need a separate email password?

>> password, rather than them contacting him at the time he did so, we 
>> can't tell when his email password was actually changed.  Further, the 
>> scammer could have been reading his emails for a while before actually 
>> deciding that, as unfolding events began to suggest that the scam was 
>> in danger of being closed down, that it was time to change the 
>> password in an attempt to prolong it.  Most probably his email account 
>> would have been compromised around the same time as all the other 
>> stages of the scam, yet "nothing happened for over a week" before he 
>> discovered it, and, in between, he received emails from both EDF and O2.
>>
>> However, I still think that some identifying personal information 
>> would have been necessary to enable the SIM swap, and most probably 
>> this came from the email hack occurring earlier. 
> 

-- 

Fake news kills!

I may be contacted via the contact address given on my website: 
www.macfh.co.uk

[toc] | [prev] | [next] | [standalone]


#46076

FromNick Finnigan <nix@genie.co.uk>
Date2025-03-20 10:42 +0000
Message-ID<vrgree$190g9$1@dont-email.me>
In reply to#46011
On 17/03/2025 18:44, Java Jive wrote:
> On 2025-03-17 14:53, Nick Finnigan wrote:
>> On 17/03/2025 13:53, Java Jive wrote:
>>> On 2025-03-17 08:53, Nick Finnigan wrote:
>>>> On 16/03/2025 18:00, Theo wrote:
>>>>> In uk.telecom.mobile Java Jive <java@evij.com.invalid> wrote:
>>>>>>
>>>>>> No, how would he have known the answers to the security questions to
>>>>>> enable the SIM swap, and his emails were from Virgin Media, while the
>>>>>> SIM was from O2.  Although not initially, my reading of the original
>>>>>> article is now unambiguously that the email hack preceded the SIM swap
>>>>>> and provided the initial personal information necessary to accomplish
>>>>>> everything that followed.
>>>>>
>>>>> Virgin Media O2 are one company - VM and O2 merged June 2021.  I don't 
>>>>> know
>>>>> whether they have merged customer accounts such that the same security
>>>>> details are used for both.  In which case it may be that one set of 
>>>>> details
>>>>> gives access to both mobile and emails.
>>>>
>>>> "If you've linked your Virgin Media and O2 details to create a new 
>>>> Virgin Media O2 ID, sign in with it here."
>>>>
>>>> https://accounts.o2.co.uk/signin
>>>
>>> But Theo's own transcription of events from the BBC Radio documentary 
>>> makes clear that he had not done so (first and last entries from this 
>>> excerpt):
>>
>>   That does not make it clear to me (he would still have an O2 password 
>> as well as a VM/O2 password).
> 
> I disagree, your own quote shows that if it was a joint account for both, 
> he'd only have needed the one password, whereas the Theo's transcription 
> makes it plain that there were two.

  He would still have an O2 password, as well as a VM/02 password.
  (See the O2 website)

>>> In brief:
>>> - received a text from O2 (mobile operator) saying he'd changed his 
>>> password
>>> - contacted O2 straight away and told SIM had been swapped
>>> - told they'd stop that and send out a new SIM card, emailed to confirm
>>> - next morning, email from EDF (energy supplier) asking for feedback on 
>>> recent contact with customer services
>>> - called EDF, told they'd pass it on to the fraud section and get back 
>>> to him
>>> - nothing happened for over a week
>>> - called O2 again to make sure everything was stopped, put through to 
>>> fraud department
>>> - just after received an email saying new SIM card had been sent out,
>>> connected to a different number.  Queried with fraud department, said 
>>> didn't know, need to go to an O2 shop
>>> - O2 shop couldn't do much as account had been stopped, couldn't look at it
>>> - told them to check his emails
>>> - contacted Virgin Media (ISP, merged with O2), told he'd changed his 
>>> password, had to go through changing password back again, told they'd 
>>> pass it to the fraud section
>>>
>>> It's difficult to deduce from this the exact ordering of events ...
>>>
>>> Because he had to contact VM to find out that he'd changed his email 
>>
>>   'his password' may be 'his account password' rather than 'his email app 
>> password'.
> 
> If it is 'his account password', then that completely supports my argument, 
> not yours, and 'his email app password' doesn't make any sense, perhaps you 
> mean 'his email password', but, unless he has multiple email addresses 
> under a single account with VM, of which there is no mention, why would he 
> need a separate email password?

  VM use the term 'email app password' (see their website).

[toc] | [prev] | [next] | [standalone]


Page 5 of 6 — ← Prev page 1 2 3 4 [5] 6  Next page →

Back to top | Article view | uk.telecom.mobile


csiph-web