30-12-2020 14:55 - edited 30-12-2020 14:57
30-12-2020 14:55 - edited 30-12-2020 14:57
In May I was the victim of a scam. The caller knew all my personal details and did not ask for any information but told me my security had been breached. He asked that I allowed an irregular transaction so he "could trace the IP address that it was made from". I rather stupidly did so. This led to three transactions of over £1000 each. I couldn't later cancel the transaction(s). My card provider couldn't cancel it as I had authorised it. It cost over £3000. Luckily my card provider indemnified me but it was a very worrying period, waiting for their decision. They eventually issued me with another card but I don't use it at all.
I contacted the retailer where two of the three scam transactions were made and they told me the scammer had satisfied their 3 level security. They must have had all my card details including the CVV.
A few days later, I got an SMS at 11pm asking me to authorise another transaction on another card from a completely different provider. I declined this one. Next day I contacted the provider asking to cancel the card and issue a new one.
Neither card was used online. Both providers checked my account history and verified this fact. The only thing they had in common was that I had topped up my P'n'G with them both at some point in the past months or years. This has only recently dawned on me !!!
I can find no information about an O2 data breach except the Aerial Direct breach which was for business customers only and, in any case, Aerial state that no financial information was stolen.
Has anyone else experienced anything like this earlier in the year ?
30-12-2020 15:13
30-12-2020 15:13
30-12-2020 15:13
There used to be a lot of issues with O2 P&G for transaction top ups whereby customer details where used by fraudsters
Since then security has been improved and fraud seems to be much less prevalent than before
Maybe you should speak with O2 to raise your concerns so that at least they are aware
30-12-2020 15:19
30-12-2020 15:19
@KeefyW If you haven't done so yet, you should report what's happened to you here: https://www.actionfraud.police.uk/
Take a look at this link as well: https://www.o2.co.uk/help/safety-and-security/phishing-and-smishing-advice
30-12-2020 16:45
30-12-2020 16:45
Hi Madasaf1sh.
Nope. One card had only one transaction that year - O2 for £10 topup. The other card was hardly used either. Never used either online at all. Always topped up over the phone on 4444.
I have up-to-date virus protection, OS is bang up-to-date too. I never click on dodgy links etc. etc.. No keyloggers on my machine for sure, regularly scanned. Despite having been scammed I woud say I am very security aware and highly IT literate. I have been building my own machines, installing OS (mostly Windows but have used linux and older Apple OS), installing and customising software of all flavours and administering my own network, all since 2000. All of that is irrelevant as I hadn't used either card online but I have never been scammed on the cards I do use online. Ever.
I am convinced the source of my misused data was O2. Absolutely convinced. I have contacted the ICO but first have to give O2 a chance to answer. I'll let you know what (if anything) they say.
30-12-2020 16:49 - edited 30-12-2020 16:56
30-12-2020 16:49 - edited 30-12-2020 16:56
Hi Bambino. I reported it to (In)Action Fraud immediately. It was not a phis/smishing attack. Far more sophisticated than that. Thanks anyway.
30-12-2020 16:53
30-12-2020 16:53
Hi Jonsie. Thanks for your reply. Indeed I have just posted a letter to O2 (well - Telefonica actually) in Slough. I contacted the ICO who said I had to write to give O2 the opportunity to reply before they would action my complaint. Let's see what happens. I wrote because trying to speak with anyone sensible at O2 is not easy ! Cheers.
30-12-2020 16:55
30-12-2020 16:55
22-06-2021 21:58
22-06-2021 21:58
Three months after writing to Telefonica Head Office Data Protection Officer I got no reply (what a surprise). Informed ICO. No reply as of yet. It eventually cost me nothing as provider refunded scammed amount. However I am still outraged that I was daft enough to fall for it. The scammers got my details from somewhere. As far as I am concerned the evidence is irrefutable that it was O2 but no one is admitting to it. Again, what a surprise.
Be careful folks. There are some cunning stunts being pulled by some stunning... (fill in the gap).