Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail
From: Nick Finnigan <nix@genie.co.uk>
Newsgroups: comp.mobile.android,uk.telecom.mobile
Subject: =?UTF-8?Q?Re=3A_=22=27Scammers_stole_=C2=A340k_after_EDF_gave_out_m?=
 =?UTF-8?Q?y_number=22?=
Date: Sat, 15 Mar 2025 09:53:49 +0000
Organization: A noiseless patient Spider
Lines: 18
Message-ID: <vr3ind$34sjd$1@dont-email.me>
References: <vq478a$1a6p9$1@dont-email.me> <m2sdlgF2fjiU1@mid.individual.net>
 <vqc9e4$30gdm$1@dont-email.me> <m2u1avF9uqaU1@mid.individual.net>
 <vqcug0$345ts$1@dont-email.me> <vqes1l$3i7oj$1@dont-email.me>
 <vqf0ca$3j5oo$1@dont-email.me> <buh*n6r9z@news.chiark.greenend.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sat, 15 Mar 2025 10:53:50 +0100 (CET)
Injection-Info: dont-email.me; posting-host="8f7d42d782f5ec5daf5faa550a5fc8f4";
	logging-data="3306093"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX18+Uvp5L3QbNY4hbneLBzk8"
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:/4lrBQCb7glymN8qlA1nCTht15k=
Content-Language: en-GB
In-Reply-To: <buh*n6r9z@news.chiark.greenend.org.uk>
Bytes: 2092

On 14/03/2025 18:49, Theo wrote:
> 
> Speculating, I would guess they started with the SIM swap.  I don't know the
> O2 procedure, but it's possible to have SIMs which are unregistered or only
> lightly registered (eg no online account).  In that case there isn't much
> security information the operator has, or it could be easy to find out
> (pet's name, place of birth, etc).  Scammer contacts the provider to say you
> broke your SIM card and need a new one and they don't have very much to
> authenticate you.  

  Is that SIM card in a phone which they can still see on their network?

If they can make that stick they can maybe then do a
> password reset on the email which uses SMS as a recovery mechanism, and then
> they're in.
> 
> Theo