Re: My O2 account was hacked! - Page 34

Anonymous · ‎30-09-2011

A couple of weeks ago I received an odd text from O2 informing me that I can upgrade my handset in September 2013. Now, I have a sim-only contract and haven't had a new handset from O2 in a number of years but I knew my contract was due to expire some time in late September so I checked my O2 account online. It seems that I now have a new tariff of £36 a month, which I knew nothing about and checking on down the page I spotted a completed order which turned out to be for an iPhone 4. Naturally I hadn't placed this. The Yodel tracking number revealed that it had been delivered to an address that wasn't mine the previous day.
I called O2 and discovered that my security question had been changed along with my home address and e-mail address. Someone had clearly managed to access my O2 account online and ordered himself a phone at my expense. Since the user name and password are known only to me, either O2's site security is extremely poor or someone inside O2 has accessed my information. Either way, I'm not impressed.
The customer service adviser was very helpful and promised that the fraud department would investigate and call me. However, eight days later I have heard no word from them and in the meantime I can do nothing about changing my contract while there is an issue with my account. I was planning to get a new phone, possibly the new iPhone when it comes out, but now I'm very concerned about O2's security. I've been with them for over ten years but I'm seriously considering whether I want to continue with them now.
The only piece of good news is that the phone was delivered one day and blacklisted the next.
Has anyone else had this happen? If so, how did O2 handle it?

Anonymous · ‎02-06-2013

Just a little something else for everyone to be concerned about.

I've just also found out that somebody has set-up a fraudulent DD on my bank account, and would you believe it.........it's the same account that my o2 payment is taken from.

Never had any problems before my o2 account was hacked.

The bank are investigating at the moment, I’ve asked the question how can somebody do this without me signing a mandate form.

Not surprisingly they don’t have one.

Anonymous · ‎02-06-2013

You can sign up for direct debits online without signing any forms which is a bit stupid I agree

Liquid · ‎02-06-2013

What bank are you with?

Something is wrong here. It really should be remedied.

Out of interest did you use live chat or 202 shortly before you "ordered" a new phone?

Nothing sucks more than that moment during an argument when you realize you’re wrong. So Ive been told

perksie · ‎02-06-2013

People rarely sign DD forms anymore, have you been to the police yet as this is clearly identity fraud?

To support Disasters Emergency Committee: http://www.dec.org.uk/appeals text Nepal to 70000 to send £5

Sky Unlimited Broadband - Windows 10 - Nexus 4 Android 5.1.1

Anonymous · ‎02-06-2013

@Liquid wrote:
What bank are you with?

Something is wrong here. It really should be remedied.

Out of interest did you use live chat or 202 shortly before you "ordered" a new phone?

Rather not say what bank.

No, I'd not used live chat or 202 before the initial scam. The bank have already cancelled the DD's, I'm waiting for an explanation on how it happened.

Anonymous · ‎02-06-2013

@perksie wrote:
People rarely sign DD forms anymore, have you been to the police yet as this is clearly identity fraud?

I've not been to the police yet, I was kind of hoping that getting my contract returned to normal would be the end of it. I'll wait and see what the bank says first, then decide.

Liquid · ‎02-06-2013

Sorry good point in retrospect it was a stupid question.

I'm with Halifax for one of my accounts and they require two step authentication on all DD (presuming its not already set up). I presumed all banks were like that.

Well rules out my conspiracy theory then :D.

Hope you get your result soon.

Nothing sucks more than that moment during an argument when you realize you’re wrong. So Ive been told

Anonymous · ‎03-06-2013

@Liquid wrote:
Sorry good point in retrospect it was a stupid question.

I'm with Halifax for one of my accounts and they require two step authentication on all DD (presuming its not already set up). I presumed all banks were like that.

Well rules out my conspiracy theory then :D.

Hope you get your result soon.

Thanks, the sooner I get this sorry mess over and done with the better.

Anonymous · ‎03-06-2013

A modification to Direct Debit (such as the amount to be paid) does not need authorisation from the account owner.

In the case of 'Soobster' - I suspect that the fraudulent activity was that they had signed up for a new contract and (as is pretty standard across all carriers) the O2 rep asked "do you want me to setup this new account using the old bank details?" - Given this question usually comes after passing account security, it's a perfectly reasonable question IMO. If yes, the existing Direct Debit is edited, and the bank doesn't require authorisation from the account holder for this type of edit.

Only in this case, the account was being setup by a fraudster, so the assumption of permission to change banking details isn't valid.

Somewhat concerning though that every case I've read about (specific to O2, but not specific to this thread) has been a customer who's contract is up for renewal. This points to a pretty significant "data leak" somewhere, in my opinion. O2 are surely aware of it from their own Fraud team (you'd hope), but very little seems to (publicly) be getting done about it.

Liquid · ‎03-06-2013

Ms Ann Robinson

https://ssl.bbc.co.uk/programmes/b006mg74/contact

Nothing sucks more than that moment during an argument when you realize you’re wrong. So Ive been told