Path: news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail From: Newyana2 Newsgroups: comp.mobile.android,uk.telecom.mobile Subject: =?UTF-8?Q?Re=3a_=22=27Scammers_stole_=c2=a340k_after_EDF_gave_out_m?= =?UTF-8?Q?y_number=22?= Date: Sat, 15 Mar 2025 08:48:27 -0400 Organization: A noiseless patient Spider Lines: 51 Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Sat, 15 Mar 2025 13:47:29 +0100 (CET) Injection-Info: dont-email.me; posting-host="391bf3851301b3f183b40ddf0e7526f2"; logging-data="3733232"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+5LnkTvSo0kXRN6eYUaIfhEF0aBXa9C80=" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.3.1 Cancel-Lock: sha1:tkaV9uQZ/WKj9ynqF/fB73fdsCI= Content-Language: en-US In-Reply-To: On 3/14/2025 2:49 PM, Theo wrote: > Expert says this all started from Ofcom (regulator) making it easier to > change mobile provider in under 2 mins. Some mobile operators thinking in > that way and not thinking about scams - can switch within networks without > even needing the code. > > ---- > > Speculating, I would guess they started with the SIM swap. I don't know the > O2 procedure, but it's possible to have SIMs which are unregistered or only > lightly registered (eg no online account). In that case there isn't much > security information the operator has, or it could be easy to find out > (pet's name, place of birth, etc). Scammer contacts the provider to say you > broke your SIM card and need a new one and they don't have very much to > authenticate you. If they can make that stick they can maybe then do a > password reset on the email which uses SMS as a recovery mechanism, and then > they're in. > This also highlights another increasing problem: More and more companies are cutting corners by hiring cheap phone services in India or even using automated "help" email. I recently had trouble watching movies on Hoopla, an American service that works through libraries. There's no phone number to call. When I emailed support I just kept getting the same response: "Try these steps and let us know if there's still a problem." The steps are posted in a webpage. So basically they have a bot that answers all support questions with "See our support webpage." No one is minding the store. In a similar scenario with AxVoice VOIP, the VOIP device stopped working. As near as I could tell, their support consisted of someone in India who worked 2 hours per day. Each email took 24+ hours to answer. It took 3-4 days to get to the point of "OK. Send the device to this address and we'll close your account." Once responsible humans are removed, things can go very badly because there's no common sense factor. This started with retail stores, where the clerks don't know what they carry because "the computer handles that". Now it's escalated to bizarre scenarios like a news item last week where a woman tried to cancel a Spotify subscription that her husband had set up and forgotten many years ago. She had to call in outside help -- a local news station to embarass Spotify publicly.