Article <vr3st1$3htng$1@dont-email.me>

Deutsch English Français Italiano
<vr3st1$3htng$1@dont-email.me>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail
From: Newyana2 <newyana@invalid.nospam>
Newsgroups: comp.mobile.android,uk.telecom.mobile
Subject: =?UTF-8?Q?Re=3a_=22=27Scammers_stole_=c2=a340k_after_EDF_gave_out_m?=
 =?UTF-8?Q?y_number=22?=
Date: Sat, 15 Mar 2025 08:48:27 -0400
Organization: A noiseless patient Spider
Lines: 51
Message-ID: <vr3st1$3htng$1@dont-email.me>
References: <vq478a$1a6p9$1@dont-email.me> <m2sdlgF2fjiU1@mid.individual.net>
 <vqc9e4$30gdm$1@dont-email.me> <m2u1avF9uqaU1@mid.individual.net>
 <vqcug0$345ts$1@dont-email.me> <vqes1l$3i7oj$1@dont-email.me>
 <vqf0ca$3j5oo$1@dont-email.me> <buh*n6r9z@news.chiark.greenend.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sat, 15 Mar 2025 13:47:29 +0100 (CET)
Injection-Info: dont-email.me; posting-host="391bf3851301b3f183b40ddf0e7526f2";
	logging-data="3733232"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1+5LnkTvSo0kXRN6eYUaIfhEF0aBXa9C80="
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.3.1
Cancel-Lock: sha1:tkaV9uQZ/WKj9ynqF/fB73fdsCI=
Content-Language: en-US
In-Reply-To: <buh*n6r9z@news.chiark.greenend.org.uk>

On 3/14/2025 2:49 PM, Theo wrote:

> Expert says this all started from Ofcom (regulator) making it easier to
> change mobile provider in under 2 mins.  Some mobile operators thinking in
> that way and not thinking about scams - can switch within networks without
> even needing the code.
> 
> ----
> 
> Speculating, I would guess they started with the SIM swap.  I don't know the
> O2 procedure, but it's possible to have SIMs which are unregistered or only
> lightly registered (eg no online account).  In that case there isn't much
> security information the operator has, or it could be easy to find out
> (pet's name, place of birth, etc).  Scammer contacts the provider to say you
> broke your SIM card and need a new one and they don't have very much to
> authenticate you.  If they can make that stick they can maybe then do a
> password reset on the email which uses SMS as a recovery mechanism, and then
> they're in.
> 

  This also highlights another increasing problem: More and
more companies are cutting corners by hiring cheap phone
services in India or even using automated "help" email.

   I recently had trouble watching movies on Hoopla, an
American service that works through libraries. There's no
phone number to call. When I emailed support I just kept
getting the same response: "Try these steps and let us know
if there's still a problem." The steps are posted in a webpage.
So basically they have a bot that answers all support
questions with "See our support webpage." No one is minding
the store.

   In a similar scenario with AxVoice VOIP, the VOIP device
stopped working. As near as I could tell, their support consisted
of someone in India who worked 2 hours per day. Each email
took 24+ hours to answer. It took 3-4 days to get to the
point of "OK. Send the device to this address and we'll close
your account."

    Once responsible humans are removed, things can go very
badly because there's no common sense factor. This started
with retail stores, where the clerks don't know what they carry
because "the computer handles that". Now it's escalated to
bizarre scenarios like a news item last week where a woman
tried to cancel a Spotify subscription that her husband had
set up and forgotten many years ago. She had to call in
outside help -- a local news station to embarass Spotify
publicly.