Re: Could o2 worker stealing card details? - Page 2

Wanny89 · ‎19-09-2023

I switched to a sim only deal and they requested my card details including security number.

The lady on the phone sounded south african. It seems too much a coincidence but the day after multiple transactions are attempted on that card I provided details for.

I phoned o2 fraud and they say it's normal to ask for all your card details and don't even want to look into it.

I'm posting this as want everyone to beware of o2 workers possibly doing this.

pgn · ‎30-09-2023

As explained here back in Dec 2022, @Mazz1 and @Wanny89 - https://community.o2.co.uk/t5/Welcome-News/Phishing-Smishing-amp-Scams-Latest-info-amp-advice/m-p/13...

Links to O2 Social Media Team here

Oxonian · ‎30-09-2023

@Mazz1

You said :-

I totally agree. There’s something wrong with o2. I don’t trust them any more. Mazz1.

I had previously said :-

To be absolutely clear, the call that you had on Wednesday was not from O2.

I can only repeat that you were called by a scammer and not by O2.

O2 might have their faults, but this was not one of them !

Mazz1 · ‎30-09-2023

Pgn. Thankyou for the information.
I understand now.
Regards

Mazz1

pgn · ‎30-09-2023

You're welcome, @Mazz1.

Links to O2 Social Media Team here

Wanny89 · ‎01-10-2023

I'm not sure you read my original post correctly. I called o2 directly to set up a new sim only deal. Someone called Cindy told me the system was down and needed to call back later.

The same Cindy called back next day on a number starting 0161. She sent official confirmation emails for the order from o2mail and took my payment details.

The day after, someone makes multiple fraudulent transactions using my card (I hadn't used that card for anything else recently). It appears too much a coincidence that the card was being fraudulently after giving the details over the phone the day before and that these transactions were originating from south africa which is the accent Cindy had.

A coincidence with the timing? A coincidence that the transactions were were taking from where the person I spoke from is probably based?....very suspicious

madasaf1sh · ‎01-10-2023

@Wanny89

Best thing to do is let your bank investigate, and let them to come to a conclusion, rather than wildly speculating on a public forum...

And just to be clear the number that called you could be anywhere in the UK, an area code nowadays means naff all...

- Xperia 1V - o2 and Spusu
- Pixel 8 Pro - o2 and Vodafone UK

Oxonian · ‎01-10-2023

@Wanny89

To add to the comments by @madasaf1sh, a further issue is number "spoofing". This makes it look like you have been 'phoned by a particular number when someone else has called you :-

Number spoofing scams - Ofcom

Hence, you actually don't know what number 'phoned you !

TheTruthStings · ‎05-10-2023

It's not that's O2's system has been hacked, it's that all these companies have either dodgy staff or someone in management is selling off your data.

All these companies are at it, even the banks.

Tell me this, how does someone know the very last transaction on a bank account? Well either you're the owner of the account or someone in the bank is corrupt. Someone rang my misses and pretended they were from her bank. They know her name, phone number, address, email address, and verified themselves with the last transaction on account. Now this transaction was the previous day, so even if someone entercepted a paper bank statement it wouldn't have had that transaction on.

So, the only explanation is the bank staff are either leaking data or they're defrauding people themselves.

Just as worrying, when my partner rang the bank fraud team, they said don't worry about it, no need to change passwords or any other details. All these companies are dodgy crooks .

macstorm · ‎06-10-2023

What should happen, when you submit bank details over the phone is that they should ask you to key in the details via your phone keypad. This uses DTMF, at the same time there should be an automatic hold placed on the call so that the call center operator can not hear the dtmf codes, this is the one part of the call that will not be recorded as you do not want people to be able to replay the call and hear the codes either.

There are some very stringent requirements placed on companies who process financial data/take card payments. This is covered by PCI DSS.

If these systems were in place, then no the agent should not be able to obtain your card details, if however they call back from a number outside of the call center controls, then all bets are off as there will be no restrictions.

An easy way to check if the suspect call was from an O2 call center is to ask for the call recording history, be as accurate as you can on the time of the call. Alos request all calls made to your number as the search term

Oxonian · ‎06-10-2023

@macstorm

That's really interesting, thank you.

Would the PCI DSS legislation still apply if the call centre with whom you are dealing is situated outside of the UK and operated on O2's behalf by a third-party ? That seems to be established legislation and I would be surprised if an organisation the size of O2 were not doing what is required of them.