| Deutsch English Français Italiano |
|
<vrgree$190g9$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail From: Nick Finnigan <nix@genie.co.uk> Newsgroups: comp.mobile.android,uk.telecom.mobile Subject: =?UTF-8?Q?Re=3A_=22=27Scammers_stole_=C2=A340k_after_EDF_gave_out_m?= =?UTF-8?Q?y_number=22?= Date: Thu, 20 Mar 2025 10:42:21 +0000 Organization: A noiseless patient Spider Lines: 76 Message-ID: <vrgree$190g9$1@dont-email.me> References: <vq478a$1a6p9$1@dont-email.me> <m2sdlgF2fjiU1@mid.individual.net> <vqc9e4$30gdm$1@dont-email.me> <m2u1avF9uqaU1@mid.individual.net> <vqcug0$345ts$1@dont-email.me> <vqes1l$3i7oj$1@dont-email.me> <vqf0ca$3j5oo$1@dont-email.me> <buh*n6r9z@news.chiark.greenend.org.uk> <vr3pav$3eto7$1@dont-email.me> <vr3s4m$3hdbg$1@dont-email.me> <vr4ere$eqk$1@dont-email.me> <vr5git$t0ll$1@dont-email.me> <vr6kqh$1t946$1@dont-email.me> <cuh*FQB9z@news.chiark.greenend.org.uk> <vr6src$23f7c$1@dont-email.me> <duh*2rC9z@news.chiark.greenend.org.uk> <vr8nul$3mi0m$1@dont-email.me> <vr99gp$8osv$1@dont-email.me> <vr9d22$3mi0m$3@dont-email.me> <vr9qiq$nfdi$1@dont-email.me> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Date: Thu, 20 Mar 2025 11:42:25 +0100 (CET) Injection-Info: dont-email.me; posting-host="69e66de31527215d7963caeeb7267a26"; logging-data="1344009"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18/9DZdh0TXyEzYmlIEuQXs" User-Agent: Mozilla Thunderbird Cancel-Lock: sha1:F1cM0f4LrsgcpH4gqohSquozgGM= Content-Language: en-GB In-Reply-To: <vr9qiq$nfdi$1@dont-email.me> Bytes: 5265 On 17/03/2025 18:44, Java Jive wrote: > On 2025-03-17 14:53, Nick Finnigan wrote: >> On 17/03/2025 13:53, Java Jive wrote: >>> On 2025-03-17 08:53, Nick Finnigan wrote: >>>> On 16/03/2025 18:00, Theo wrote: >>>>> In uk.telecom.mobile Java Jive <java@evij.com.invalid> wrote: >>>>>> >>>>>> No, how would he have known the answers to the security questions to >>>>>> enable the SIM swap, and his emails were from Virgin Media, while the >>>>>> SIM was from O2. Although not initially, my reading of the original >>>>>> article is now unambiguously that the email hack preceded the SIM swap >>>>>> and provided the initial personal information necessary to accomplish >>>>>> everything that followed. >>>>> >>>>> Virgin Media O2 are one company - VM and O2 merged June 2021. I don't >>>>> know >>>>> whether they have merged customer accounts such that the same security >>>>> details are used for both. In which case it may be that one set of >>>>> details >>>>> gives access to both mobile and emails. >>>> >>>> "If you've linked your Virgin Media and O2 details to create a new >>>> Virgin Media O2 ID, sign in with it here." >>>> >>>> https://accounts.o2.co.uk/signin >>> >>> But Theo's own transcription of events from the BBC Radio documentary >>> makes clear that he had not done so (first and last entries from this >>> excerpt): >> >> That does not make it clear to me (he would still have an O2 password >> as well as a VM/O2 password). > > I disagree, your own quote shows that if it was a joint account for both, > he'd only have needed the one password, whereas the Theo's transcription > makes it plain that there were two. He would still have an O2 password, as well as a VM/02 password. (See the O2 website) >>> In brief: >>> - received a text from O2 (mobile operator) saying he'd changed his >>> password >>> - contacted O2 straight away and told SIM had been swapped >>> - told they'd stop that and send out a new SIM card, emailed to confirm >>> - next morning, email from EDF (energy supplier) asking for feedback on >>> recent contact with customer services >>> - called EDF, told they'd pass it on to the fraud section and get back >>> to him >>> - nothing happened for over a week >>> - called O2 again to make sure everything was stopped, put through to >>> fraud department >>> - just after received an email saying new SIM card had been sent out, >>> connected to a different number. Queried with fraud department, said >>> didn't know, need to go to an O2 shop >>> - O2 shop couldn't do much as account had been stopped, couldn't look at it >>> - told them to check his emails >>> - contacted Virgin Media (ISP, merged with O2), told he'd changed his >>> password, had to go through changing password back again, told they'd >>> pass it to the fraud section >>> >>> It's difficult to deduce from this the exact ordering of events ... >>> >>> Because he had to contact VM to find out that he'd changed his email >> >> 'his password' may be 'his account password' rather than 'his email app >> password'. > > If it is 'his account password', then that completely supports my argument, > not yours, and 'his email app password' doesn't make any sense, perhaps you > mean 'his email password', but, unless he has multiple email addresses > under a single account with VM, of which there is no mention, why would he > need a separate email password? VM use the term 'email app password' (see their website).