on 27-11-2024 11:24
Whenever I contact O2, one of the things they commonly do is tell me that they will send an OTP to me, to confirm they are talking to me. Then I get an email telling me NOT to give this OTP to anyone, followed by the OTP, that the support person wants me to tell them!
I had a call from a scammer yesterday, telling me I was due a discount (20%) for being a loyal customer etc. Then went on to tell me he would send an OTP... just like the real O2 people do. I knew it was a scam so obviously did not give the code (just wasted their time for as long as possible). If I had given the OTP to a scammer, they could have accessed my account.
My point though is that O2 should not break their own rule of not giving the OTP to them, they should use another way to confirm the customer is real, such as sending a link to click on.
Solved! Go to Solution.
on 27-11-2024 11:36
You are told not to pass on the OTP when someone phones you up asking for it.
If you initiate the call to O2 then it is perfectly OK to respond
on 27-11-2024 11:36
You are told not to pass on the OTP when someone phones you up asking for it.
If you initiate the call to O2 then it is perfectly OK to respond
on 27-11-2024 11:36
on 27-11-2024 11:36
If you read the sms that come from o2, it actually says if someone is calling you to never give out the code, if you are calling them then it is fine to give it the agent
The bit at the bottom is if someone calls you from o2, and I have never had anyone calling me from o2 asking for the OTP code, the verification is done differently, so if they ask for it, then don't give it to them..
I and a threat actor can form a malicious link that would spring up an official looking page and asks for lots of personal data, which would be worst and would cause more issues for you.. I think Ill stick to OTP or ones generated in the App...
on 27-11-2024 11:47
and this is exactly why OTP codes are a waste of space and should be outlawed immediately.
Use Authenticator or some other secure method.
on 27-11-2024 17:36
on 27-11-2024 17:36
@MI5 wrote:and this is exactly why OTP codes are a waste of space and should be outlawed immediately.
I don't see this correlation. SMS-OTP are as secure as any other authentication mechanism, but are always reliant on some vigilance from the end user.
They have the great advantage of not being reliant on smartphones or additional apps, so are a universal method.
on 27-11-2024 17:50
on 27-11-2024 17:50
@japitts wrote:
@MI5 wrote:
and this is exactly why OTP codes are a waste of space and should be outlawed immediately.
I don't see this correlation. SMS-OTP are as secure as any other authentication mechanism, but are always reliant on some vigilance from the end user.
They have the great advantage of not being reliant on smartphones or additional apps, so are a universal method.
They are dependant on having some sort of phone signal though...
Please note, this is not customer services and we cannot access your account. Do not publish personal details (email, phone number, bank account).
Link to our guide on how to contact them can be found here
on 27-11-2024 18:05
on 27-11-2024 19:19
on 27-11-2024 19:19
To be fair as most UK banks, and other institutions as its cheap to implement, but then again so is using an Authenticator App...