on 19-07-2024 13:43
I got a very clever scam call that exposes the lack of security in O2's 2FA verification text.
The guy said along the lines of 'Hi.. we've just noticed the plan your using is outdated because it's still from 2015', simple and believable - didn't ask for any bank information, just suggesting an upgrade.
Then he said 'Yeah I'll just text a code through to you and if you could confirm it'. He pulled this off very smoothly just as an official text from O2 with a easy to read security code comes through. Which is the SCAM.
The text reads 'O2: Your verification code is XXXX'
(The scam is, this is just him pressing 'Forgot Password' to trigger this official O2 text to me, once he has the 2FA code he will log into my account and order a bunch of phones).
Many people will fall victim especially how neatly it was pulled off, and how easy it is to read 4 digits before your eyes.
This scam can be practically eliminated if this 2FA text is reworded to:
'Attempted log-in, never give this code to anyone one the phone. However, if you are trying to log in:'
Or something more concise. That's my suggestion.
Many thanks
on 20-07-2024 17:09
on 20-07-2024 17:09
Yes, the messages in your screenshot are just perfect.
However this is not what I received:
Most non-tech people will understand the above as O2 sending them a code (in this case relevant to the phone call), rather than someone trying force entry into their account (which is a lot more clear in your screenshot).
on 22-07-2024 08:53
Bit worrying if you didn't get the first message.
Think this is one that needs more investigating @Kei-M_O2
Please note, this is not customer services and we cannot access your account. Do not publish personal details (email, phone number, bank account).
Link to our guide on how to contact them can be found here
on 22-07-2024 15:16