cancel
Showing results for 
Search instead for 
Did you mean: 

Why do O2 support people ask for the OTP, that the email tells you not to disclose to anyone?

PollyP
Level 1: Joiner
  • 1 Posts
  • 1 Topics
  • 0 Solutions
Registered:

Whenever I contact O2, one of the things they commonly do is tell me that they will send an OTP to me, to confirm they are talking to me.  Then I get an email telling me NOT to give this OTP to anyone, followed by the OTP, that the support person wants me to tell them! 

I had a call from a scammer yesterday, telling me I was due a discount (20%) for being a loyal customer etc.  Then went on to tell me he would send an OTP... just like the real O2 people do.  I knew it was a scam so obviously did not give the code (just wasted their time for as long as possible).  If I had given the OTP to a scammer, they could have accessed my account.

My point though is that O2 should not break their own rule of not giving the OTP to them, they should use another way to confirm the customer is real, such as sending a link to click on.

Message 1 of 8
415 Views
1 ACCEPTED SOLUTION

Accepted Solutions

Enlli
Level 69: Guiding Light
  • 8911 Posts
  • 65 Topics
  • 1793 Solutions
Registered:

You are told not to pass on the OTP when someone phones you up asking for it.

If you initiate the call to O2 then it is perfectly OK to respond 

This is not O2 and we are all customers here similar to yourself and cannot answer account type queries.

View solution in original post

Message 2 of 8
411 Views
7 REPLIES 7

Enlli
Level 69: Guiding Light
  • 8911 Posts
  • 65 Topics
  • 1793 Solutions
Registered:

You are told not to pass on the OTP when someone phones you up asking for it.

If you initiate the call to O2 then it is perfectly OK to respond 

This is not O2 and we are all customers here similar to yourself and cannot answer account type queries.
Message 2 of 8
412 Views

madasaf1sh
Level 78: King of Kings
  • 12032 Posts
  • 69 Topics
  • 3221 Solutions
Registered:

@PollyP 

 

If you read the sms that come from o2, it actually says if someone is calling you to never give out the code, if you are calling them then it is fine to give it the agent


The bit at the bottom is if someone calls you from o2, and I have never had anyone calling me from o2 asking for the OTP code, the verification is done differently, so if they ask for it, then don't give it to them.. 

I and a threat actor can form a malicious link that would spring up an official looking page and asks for lots of personal data, which would be worst and would cause more issues for you..  I think Ill stick to OTP or ones generated in the App... 

 

Screenshot 2024-11-27 at 11.32.48.png

 

 

--
iPhone 16 Pro Max - o2 and Spusu
Xperia 1V - Spusu

--
This is not customer services and we dont have access to your account
I do not work for o2 or any VMo2 /Telefonica/Liberty Global Company
Message 3 of 8
411 Views

MI5
Level 94: Supreme
  • 151799 Posts
  • 650 Topics
  • 28843 Solutions
Registered:

and this is exactly why OTP codes are a waste of space and should be outlawed immediately.

Use Authenticator or some other secure method.

I have no affiliation whatsoever with O2 or any subsidiary companies. Comments posted are entirely of my own opinion. This is not Customer Service so we are unable to help with account specific issues.
Please select the post that helped you best and mark as the solution. This helps other members in resolving their issues faster. Thank you.
Message 4 of 8
403 Views

japitts
Level 9: Fired up
  • 283 Posts
  • 0 Topics
  • 3 Solutions
Registered:

@MI5 wrote:

and this is exactly why OTP codes are a waste of space and should be outlawed immediately.


I don't see this correlation. SMS-OTP are as secure as any other authentication mechanism, but are always reliant on some vigilance from the end user.

 

They have the great advantage of not being reliant on smartphones or additional apps, so are a universal method.

Message 5 of 8
368 Views

gmarkj
Level 66: Unequalled
  • 12880 Posts
  • 95 Topics
  • 1172 Solutions
Registered:

@japitts wrote:

@MI5 wrote:

and this is exactly why OTP codes are a waste of space and should be outlawed immediately.


I don't see this correlation. SMS-OTP are as secure as any other authentication mechanism, but are always reliant on some vigilance from the end user.

 

They have the great advantage of not being reliant on smartphones or additional apps, so are a universal method.


They are dependant on having some sort of phone signal though...

Please note, this is not customer services and we cannot access your account. Do not publish personal details (email, phone number, bank account).


Link to our guide on how to contact them can be found here

Message 6 of 8
359 Views

MI5
Level 94: Supreme
  • 151799 Posts
  • 650 Topics
  • 28843 Solutions
Registered:
Phishing attacks
Hackers can use social engineering to gain access to OTPs through spoofed emails. 
Malware
Malware can compromise OTP delivery methods. 
SIM swapping
Hackers can call a mobile service provider and activate a new SIM with a user's number. This gives them access to any 2FA that uses the phone number. 
One-time password interception bots
There are kits that can steal OTP security codes for targets using an automated bot service. 
 
The National Institute of Standards and Technology (NIST) removed SMS authentication from its list of recommended authentication methods in 2016 because it's so vulnerable, yet O2 still insist on using them.
I have no affiliation whatsoever with O2 or any subsidiary companies. Comments posted are entirely of my own opinion. This is not Customer Service so we are unable to help with account specific issues.
Please select the post that helped you best and mark as the solution. This helps other members in resolving their issues faster. Thank you.
Message 7 of 8
357 Views

madasaf1sh
Level 78: King of Kings
  • 12032 Posts
  • 69 Topics
  • 3221 Solutions
Registered:

To be fair as most UK banks, and other institutions as its cheap to implement, but then again so is using an Authenticator App...

--
iPhone 16 Pro Max - o2 and Spusu
Xperia 1V - Spusu

--
This is not customer services and we dont have access to your account
I do not work for o2 or any VMo2 /Telefonica/Liberty Global Company
Message 8 of 8
344 Views