topic Re: Security breach ? in Discussions & Feedback

Security breach ?

KeefyW — Wed, 30 Dec 2020 14:57:42 GMT

In May I was the victim of a scam. The caller knew all my personal details and did not ask for any information but told me my security had been breached. He asked that I allowed an irregular transaction so he "could trace the IP address that it was made from". I rather stupidly did so. This led to three transactions of over £1000 each. I couldn't later cancel the transaction(s). My card provider couldn't cancel it as I had authorised it. It cost over £3000. Luckily my card provider indemnified me but it was a very worrying period, waiting for their decision. They eventually issued me with another card but I don't use it at all.

I contacted the retailer where two of the three scam transactions were made and they told me the scammer had satisfied their 3 level security. They must have had all my card details including the CVV.

A few days later, I got an SMS at 11pm asking me to authorise another transaction on another card from a completely different provider. I declined this one. Next day I contacted the provider asking to cancel the card and issue a new one.

Neither card was used online. Both providers checked my account history and verified this fact. The only thing they had in common was that I had topped up my P'n'G with them both at some point in the past months or years. This has only recently dawned on me !!!

I can find no information about an O2 data breach except the Aerial Direct breach which was for business customers only and, in any case, Aerial state that no financial information was stolen.

Has anyone else experienced anything like this earlier in the year ?

Re: Security breach ?

madasaf1sh — Wed, 30 Dec 2020 15:13:23 GMT

@KeefyW

Not heard of any o2 data breaches or anything of a similar nature.

I have had something similar happen before with an old bank, and someone used my card to place multiple orders with a food delivery company. over £500 worth and order shoes the lot...

In my instance it was a Restaurant who had cloned my card details.

So i would look at somewhere you have used the cards offline.

If you topped up online, then it could be your computer was compromised, with a keylogger or someone has just got lucky with finding your card details on the dark web.

Re: Security breach ?

jonsie — Wed, 30 Dec 2020 15:13:53 GMT

There used to be a lot of issues with O2 P&G for transaction top ups whereby customer details where used by fraudsters

Since then security has been improved and fraud seems to be much less prevalent than before

Maybe you should speak with O2 to raise your concerns so that at least they are aware

Re: Security breach ?

Bambino — Wed, 30 Dec 2020 15:19:05 GMT

@KeefyW If you haven't done so yet, you should report what's happened to you here: https://www.actionfraud.police.uk/

Take a look at this link as well: https://www.o2.co.uk/help/safety-and-security/phishing-and-smishing-advice

Re: Security breach ?

KeefyW — Wed, 30 Dec 2020 16:45:54 GMT

Hi Madasaf1sh.

Nope. One card had only one transaction that year - O2 for £10 topup. The other card was hardly used either. Never used either online at all. Always topped up over the phone on 4444.

I have up-to-date virus protection, OS is bang up-to-date too. I never click on dodgy links etc. etc.. No keyloggers on my machine for sure, regularly scanned. Despite having been scammed I woud say I am very security aware and highly IT literate. I have been building my own machines, installing OS (mostly Windows but have used linux and older Apple OS), installing and customising software of all flavours and administering my own network, all since 2000. All of that is irrelevant as I hadn't used either card online but I have never been scammed on the cards I do use online. Ever.

I am convinced the source of my misused data was O2. Absolutely convinced. I have contacted the ICO but first have to give O2 a chance to answer. I'll let you know what (if anything) they say.

Re: Security breach ?

KeefyW — Wed, 30 Dec 2020 16:56:49 GMT

Hi Bambino. I reported it to (In)Action Fraud immediately. It was not a phis/smishing attack. Far more sophisticated than that. Thanks anyway.

Re: Security breach ?

KeefyW — Wed, 30 Dec 2020 16:53:32 GMT

Hi Jonsie. Thanks for your reply. Indeed I have just posted a letter to O2 (well - Telefonica actually) in Slough. I contacted the ICO who said I had to write to give O2 the opportunity to reply before they would action my complaint. Let's see what happens. I wrote because trying to speak with anyone sensible at O2 is not easy ! Cheers.

Re: Security breach ?

jonsie — Wed, 30 Dec 2020 16:55:30 GMT

Well done @KeefyW and good luck

Re: Security breach ?

KeefyW — Tue, 22 Jun 2021 20:58:47 GMT

Three months after writing to Telefonica Head Office Data Protection Officer I got no reply (what a surprise). Informed ICO. No reply as of yet. It eventually cost me nothing as provider refunded scammed amount. However I am still outraged that I was daft enough to fall for it. The scammers got my details from somewhere. As far as I am concerned the evidence is irrefutable that it was O2 but no one is admitting to it. Again, what a surprise.

Be careful folks. There are some cunning stunts being pulled by some stunning... (fill in the gap).