I got a very clever scam call that exposes the lack of security in O2's 2FA verification text.
The guy said along the lines of 'Hi.. we've just noticed the plan your using is outdated because it's still from 2015', simple and believable - didn't ask for any bank information, just suggesting an upgrade.
Then he said 'Yeah I'll just text a code through to you and if you could confirm it'. He pulled this off very smoothly just as an official text from O2 with a easy to read security code comes through. Which is the SCAM.
The text reads 'O2: Your verification code is XXXX'
(The scam is, this is just him pressing 'Forgot Password' to trigger this official O2 text to me, once he has the 2FA code he will log into my account and order a bunch of phones).
Many people will fall victim especially how neatly it was pulled off, and how easy it is to read 4 digits before your eyes.
This scam can be practically eliminated if this 2FA text is reworded to:
'Attempted log-in, never give this code to anyone one the phone. However, if you are trying to log in:'
Or something more concise. That's my suggestion.
Many thanks
