custom-community-header-logo.text

PollyP · ‎27-11-2024

Whenever I contact O2, one of the things they commonly do is tell me that they will send an OTP to me, to confirm they are talking to me. Then I get an email telling me NOT to give this OTP to anyone, followed by the OTP, that the support person wants me to tell them!

I had a call from a scammer yesterday, telling me I was due a discount (20%) for being a loyal customer etc. Then went on to tell me he would send an OTP... just like the real O2 people do. I knew it was a scam so obviously did not give the code (just wasted their time for as long as possible). If I had given the OTP to a scammer, they could have accessed my account.

My point though is that O2 should not break their own rule of not giving the OTP to them, they should use another way to confirm the customer is real, such as sending a link to click on.

Enlli · ‎27-11-2024

You are told not to pass on the OTP when someone phones you up asking for it.

If you initiate the call to O2 then it is perfectly OK to respond

This is not O2 and we are all customers here similar to yourself and cannot answer account type queries.

View solution in original post

Enlli · ‎27-11-2024

You are told not to pass on the OTP when someone phones you up asking for it.

If you initiate the call to O2 then it is perfectly OK to respond

This is not O2 and we are all customers here similar to yourself and cannot answer account type queries.

madasaf1sh · ‎27-11-2024

@PollyP

If you read the sms that come from o2, it actually says if someone is calling you to never give out the code, if you are calling them then it is fine to give it the agent

The bit at the bottom is if someone calls you from o2, and I have never had anyone calling me from o2 asking for the OTP code, the verification is done differently, so if they ask for it, then don't give it to them..

I and a threat actor can form a malicious link that would spring up an official looking page and asks for lots of personal data, which would be worst and would cause more issues for you.. I think Ill stick to OTP or ones generated in the App...

--
iPhone 16 Pro Max - o2 and Spusu
Xperia 1V - Spusu

--
This is not customer services and we dont have access to your account
I do not work for o2 or any VMo2 /Telefonica/Liberty Global Company

MI5 · ‎27-11-2024

and this is exactly why OTP codes are a waste of space and should be outlawed immediately.

Use Authenticator or some other secure method.

I have no affiliation whatsoever with O2 or any subsidiary companies. Comments posted are entirely of my own opinion. This is not Customer Service so we are unable to help with account specific issues.
Please select the post that helped you best and mark as the solution. This helps other members in resolving their issues faster. Thank you.

japitts · ‎27-11-2024

@MI5 wrote:
and this is exactly why OTP codes are a waste of space and should be outlawed immediately.

I don't see this correlation. SMS-OTP are as secure as any other authentication mechanism, but are always reliant on some vigilance from the end user.

They have the great advantage of not being reliant on smartphones or additional apps, so are a universal method.

gmarkj · ‎27-11-2024

@japitts wrote:

@MI5 wrote:

and this is exactly why OTP codes are a waste of space and should be outlawed immediately.

I don't see this correlation. SMS-OTP are as secure as any other authentication mechanism, but are always reliant on some vigilance from the end user.

They have the great advantage of not being reliant on smartphones or additional apps, so are a universal method.

They are dependant on having some sort of phone signal though...

Please note, this is not customer services and we cannot access your account. Do not publish personal details (email, phone number, bank account).

Link to our guide on how to contact them can be found here

MI5 · ‎27-11-2024

Phishing attacks

Hackers can use social engineering to gain access to OTPs through spoofed emails.

Malware

Malware can compromise OTP delivery methods.

SIM swapping

Hackers can call a mobile service provider and activate a new SIM with a user's number. This gives them access to any 2FA that uses the phone number.

One-time password interception bots

There are kits that can steal OTP security codes for targets using an automated bot service.

The National Institute of Standards and Technology (NIST) removed SMS authentication from its list of recommended authentication methods in 2016 because it's so vulnerable, yet O2 still insist on using them.

I have no affiliation whatsoever with O2 or any subsidiary companies. Comments posted are entirely of my own opinion. This is not Customer Service so we are unable to help with account specific issues.
Please select the post that helped you best and mark as the solution. This helps other members in resolving their issues faster. Thank you.

madasaf1sh · ‎27-11-2024

To be fair as most UK banks, and other institutions as its cheap to implement, but then again so is using an Authenticator App...

--
iPhone 16 Pro Max - o2 and Spusu
Xperia 1V - Spusu

--
This is not customer services and we dont have access to your account
I do not work for o2 or any VMo2 /Telefonica/Liberty Global Company

custom-community-header-logo.text

Why do O2 support people ask for the OTP, that the email tells you not to disclose to anyone?

What are my rights?

Payments

Request pac code

PAC

I want to cancel