Article <vq4isi$1ccn0$1@dont-email.me>

Deutsch English Français Italiano
<vq4isi$1ccn0$1@dont-email.me>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!weretis.net!feeder9.news.weretis.net!news.quux.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail
From: Newyana2 <newyana@invalid.nospam>
Newsgroups: comp.mobile.android,uk.telecom.mobile
Subject: =?UTF-8?Q?Re=3a_=22=27Scammers_stole_=c2=a340k_after_EDF_gave_out_m?=
 =?UTF-8?Q?y_number=22?=
Date: Mon, 3 Mar 2025 10:47:22 -0500
Organization: A noiseless patient Spider
Lines: 66
Message-ID: <vq4isi$1ccn0$1@dont-email.me>
References: <vq478a$1a6p9$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 03 Mar 2025 16:46:27 +0100 (CET)
Injection-Info: dont-email.me; posting-host="57d0c5245e8363e67092187360678c7a";
	logging-data="1454816"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1/oPBeJj8DJYWR3iNYf0na2YmLQ5uXUeDE="
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.3.1
Cancel-Lock: sha1:ZnWPTrKzXeEZQHHpD97qA/1FQk0=
Content-Language: en-US
In-Reply-To: <vq478a$1a6p9$1@dont-email.me>
Bytes: 3996

On 3/3/2025 7:27 AM, Java Jive wrote:
> "Scammers stole �40k after EDF gave out my number"
> https://www.bbc.co.uk/news/articles/ckg885lxd3jo
> 
> [An unfortunate choice of photo of the victim, he looks really cheerful 
> about it.]
> 
> 
> "A man targeted by fraudsters who got his mobile phone number from an 
> energy company said he often woke up in the night thinking "what next?".
> 
> Stephen, from Hertfordshire, had more than �40,000 taken from a savings 
> account after his name and email address was used to get the information 
> from EDF.
> 
> Within 48 hours of his mobile phone number being divulged, his accounts 
> with O2, Nationwide Building Society and Virgin Media had all been 
> compromised.
> 
> EDF said such incidents were rare but it took them seriously and added: 
> "We are sorry for the difficulties this fraudulent caller has caused 
> Stephen."
> 
> ...
> 
> 
> '�50 to close the case'
> 
> After more than a week, EDF finally responded about the call it thought 
> Stephen made at 11:00 GMT on 3 February.
> 
> EDF explained the fraudster had his name and email address and had asked 
> EDF to give them his mobile number, which the company did.
> 
> "I said, 'Why would you do that?' They said the person had gone through 
> security. 'With a name and email address', I asked?," he said.
> 
> "EDF said, 'Yes' - and then offered me a �50 goodwill gesture to close 
> the case."
> 
> 
> So, EDF allowed them to go from his email address to obtaining his 
> mobile phone number for a SIM-swap scam, but I wonder how they managed 
> to go from either to all his savings accounts, unless they'd also 
> compromised his PC or phone as well; if the latter, why did they need to 
> go via EDF?
> 

   It sounds like some of the story is missing. (Not least of which is an
explanation of what "EDF" means.) I don't see how the man could
have been scammed without having at least one password, such as
the email password. Name, email address and cellphone number
don't make for vulnerability. Someone could do something like apply
for a charge card in your name, but they still need access to your
accounts in order to do it.

   Maybe the moral of the story here is to stop thinking that it's
safe to have olnine accounts, especially that one uses via
cellphone. Sensitive info shouldn't be available in the first place.
But it would be interesting to know exactly how this scam worked.

   There are also non-online scams. For example, twice this year someone
has tried to get a credit card in my name. Apparently they call
up after applying and change the mailing address. The only reason
it didn't work is because I have my credit frozen with the 3 credit
reporting agencies in the US.