cancel
Showing results for 
Search instead for 
Did you mean: 

Suspect vat refund email

Anonymous
Not applicable
Today I receved an email saying "In response to an increase in VAT in the EU and currency changes, and as a result of last week's VAT-related price change, it has come to our attention that between Oct 2012 and Oct 2014 there was a system error which resulted in some of our customers paying the incorrect rate of VAT on some services.

This email had all my personal information, but asked me to follow a link to log into my account, has anyone else seen an email like this? The email looked legitimate, if anyone from O2 monitors this thread, please let me know how to report this.
Message 1 of 374
15,459 Views
373 REPLIES 373

Cleoriff
  • 122117 Posts
  • 823 Topics
  • 7456 Solutions
Registered:

@Beenherebefore wrote:

@Cleoriff wrote:

@Beenherebefore wrote:

I agree but ICO will not look upon O2 as having released the data if a 3rd party was hacked.

 

I believe that's why O2 have phrased their statements as they have. Also probably explains why O2 have notified ICO "out of courtesy" because although it involved their customers' data, O2 did not release it.


Sorry to disagree here but I will, purely on a matter of principle. I didn't sign up with anyone else but O2... Therefore if my secure details have been released by whatever means... it is O2 I would be holding responsible


You obviously missed the bit in red above


No I didn't miss it at all @Beenherebefore  In fact it was that part I was specifically responding to.

Regardless of what the ICO or other bodies 'state' I stubbornly remain of the opinion that O2 are responsible. They had my data. I only gave it to them. I did not give them permission to share it with anyone else. Therefore blah blah blah....case closed.....   

You can think me naive if you wish. ....:smileywink:

Veritas Numquam Perit

Girl in a jacket
Message 341 of 374
2,412 Views

Anonymous
Not applicable
I agree on the most part with @Cleoriff on this. I give my data to o2. No doubt in the terms and conditions there is something on there about sharing with so called trusted partners but the key is that o2 hold the responsibility to their customer.

When signing contracts worth third parties it is one of the things I am expected to consider.
Message 342 of 374
2,411 Views

Cleoriff
  • 122117 Posts
  • 823 Topics
  • 7456 Solutions
Registered:

To be honest, I know that @Beenherebefore has far more knowledge than I could ever aspire to have... in relation to business and their practices.......That being so ....I still will fight my lone corner Fear

Veritas Numquam Perit

Girl in a jacket
Message 343 of 374
2,408 Views

Beenherebefore
Level 32: Blockbuster         
  • 5063 Posts
  • 113 Topics
  • 12 Solutions
Registered:

The point I am making is that each organisation is responsible (under DPA) for its own data security even that data supplied to them legitimately in the course of normal commercial business by another organisation.

 

No doubt the O2 data was shared with other O2 partners but it is those partners who are responsible for the security of that data once it lands on their system.

 

"My life is a facsimile of a sham"
Message 344 of 374
2,377 Views

Anonymous
Not applicable
That is not how my Data Protection Managers see it @Beenherebefore
Message 345 of 374
2,373 Views

Cleoriff
  • 122117 Posts
  • 823 Topics
  • 7456 Solutions
Registered:

@Beenherebefore wrote:

The point I am making is that each organisation is responsible (under DPA) for its own data security even that data supplied to them legitimately in the course of normal commercial business by another organisation.

 

No doubt the O2 data was shared with other O2 partners but it is those partners who are responsible for the security of that data once it lands on their system.

 


@Beenherebefore ....OK..I accept that. So who will be held responsible then? ....As all these other companies are obviously going to shout 'not me guv'....

Are we expecting a long drawn out investigation...(giving the offenders time to plug leaks and get rid of the evidence?) As you see, I am cynical.

I am not as knowledgeable as yourself re big business... I admit to that.

However, I do have an idea about the sorts of practices that were undertaken by some NHS trusts to give an 'improved' perception of waiting times and bed management for audit purposes . Rolleys

Veritas Numquam Perit

Girl in a jacket
Message 346 of 374
2,371 Views

Beenherebefore
Level 32: Blockbuster         
  • 5063 Posts
  • 113 Topics
  • 12 Solutions
Registered:

@Cleoriff wrote:
Are we expecting a long drawn out investigation...

Possibly....especially if the source of the release is no longer trading.

 

If O2's partners were given access into the O2 customer database then O2 would still be respsonsible but if O2 provided data to their partners either in paper or digital format then it's down to those partners.

"My life is a facsimile of a sham"
Message 347 of 374
2,367 Views

Anonymous
Not applicable

It would appear that another raft of emails is being sent. This is now my 3rd one, and this one has been modified by the scammers to remove the 24 hour response, which would normaly raise red flags with a savvy recipient. 

 

Here is the email I received on 08/02, with personal details removed.

 

-----

 

Dear xxxxxx

 

 

We are contacting you today with regard to the device(s) which are linked to your O2 account and monthly mobile plan.

In response to an increase in VAT in the EU and currency changes, and as a result of last week's VAT-related price change, it has come to our attention that between Oct 2012 and Oct 2014 there was a system error which resulted in some of our customers paying the incorrect rate of VAT on some services.

We've recalculated your bills and can confirm that you're owed £46.16.
This amount will be credited to your account and will appear on your next bill

Please confirm that the account holder information as displayed below is correct;
Name: xxxxx
Mobile Number: xxxxx
Monthly Plan: O2 Refresh ultd 24M 8GB 4G £28.00 per month
Date of Birth: xxxxx

In order for the refund to be processed, we request that you click here and log into your O2 account to validate yourself as the account holder.

Regards,
The O2 Team

 

-----

Message 348 of 374
2,295 Views

Anonymous
Not applicable

Yes also I've received another email last night. The sender is noreply@o2mail.co.uk  This looks far more convincing than the previous email, without that 24 hr deadline and the o2 style email address. I wonder how many poor unsuspecting o2 customers will click on that link? I did forward it to phishing@o2.com although their statement which read 'Please do not send us any confidential information such as your account details, PINs or passwords by email' did make me laugh since the scammers have plenty of my account details already Smiley LOL

 

Blaming leaks on trusted partners is a nonsense surely. If I were to lend £5000 of someone's money who'd placed it with me for safe keeping  and I lent that £5000 to my trusted friend who then spent it,  as the original trusted keeper of the £5000 I would have to accept responsibilty for the loss and pay it back since my judgement in my trusted friend was misplaced.

 

Dear mrs Xxxx Xxxxxxx

 

 

 

We are contacting you today with regard to the device(s) which are linked to your O2 account and monthly mobile plan.

In response to an increase in VAT in the EU and currency changes, and as a result of last week's VAT-related price change, it has come to our attention that between Oct 2012 and Oct 2014 there was a system error which resulted in some of our customers paying the incorrect rate of VAT on some services.

We've recalculated your bills and can confirm that you're owed £46.16.
This amount will be credited to your account and will appear on your next bill

Please confirm that the account holder information as displayed below is correct;
Name: mrs Xxxx Xxxxxx
Mobile Number: 0xxxxxxxxxx
Monthly Plan: O2 600 24 month £xx.86 per month
Date of Birth: xx/xx/xxxx

In order for the refund to be processed, we request that you click here and log into your O2 account to validate yourself as the account holder.

Regards,
The O2 Team


Sorry, but we can't write back to you from this address, so please do not reply.

This email was sent to xxxx@xxxxxxx.xx.xx from Telefonica UK Limited
Registered office: 260 Bath Road, Slough, Berkshire, SL1 4DX
Registered number: 1743099

Message 349 of 374
2,273 Views

Cleoriff
  • 122117 Posts
  • 823 Topics
  • 7456 Solutions
Registered:

@Anonymous  Your comment about Trusted Partners is very valid.... I like the analogy used about a friend giving you £5000 for safe keeping etc.

I didn't realise that the phishing team ask that no personal information is included when you pass on emails to them!

Makes a mockery of O2's advice surely...... maybe @Toby would want to comment on this aspect?

Veritas Numquam Perit

Girl in a jacket
Message 350 of 374
2,264 Views