30-06-2023 15:21 - last edited on 04-03-2024 10:20 by Dave-O2
⚠️ Been called and offered a discount or free gift? ⚠️ ⚠️ Been called and asked for a 6-digit code?⚠️ |
Welcome to our new Scam Alert Megaguide. There is a LOT of detail and info here, and if you've just been called by a scammer or if you've ever fallen for a scam, then my hope is that you'll learn how to spot these scams, learn how to stay one step ahead of them, and what to do if you've become a victim. The Scams Advice thread will continue to live on and receive updates as and when we see new scams or trends we want to highlight, so make sure to bookmark that thread as well as this one.
ℹ️ Use the index below to jump straight to a specific section
ℹ️ Click on any animated banner to come back to this index
Scammers use various formats to try and scam you and these are typically:
Smishing used the be the most prominent form of scam but in recent months we've seen more reports around vishing scams, where someone claiming to be from O2 will call – usually about one of these things:
ℹ️ OTAC stands for one-time authorisation code, meant for you and you alone, as a way to authenticate yourself and prove you are who you say you are. If you give this code to a scammer, they can commit fraud, drain your bank account, ruin your credit score, or cause other damages. You can see what these SMS look like here. |
The way these vishing scams work are usually the same. Here's how one of these 'discount scam' vishing calls might typically go if you fell foul of the scam:
The OTAC SMS's you receive are from O2 and are legitimate but the caller is a scammer and they have zero affiliation with O2 or our partners. Before or during the call, they'll be on the O2 website and click on the 'forgotten password' option, which then triggers the OTAC messages to be sent to you; because anybody, anywhere can input your number into that 'forgotten password' option, this is not proof the caller works for O2 or has access to your account or our systems.
The OTAC is everything and is the entire basis on how this scam works, so it's imperative you treat your OTAC like your bank card PIN number... Never give it out to anybody under any circumstance. If you provide the scammer with your OTAC, it's akin to you giving a robber the keys to your home. With your OTAC, they can use it to:
ℹ️ Someone calling from an official number, but it's still suspicious? You should be aware that sophisticated scammers can now clone the phone numbers of organisations they want to impersonate. Just because the number on your caller display matches an official number or even displays the name of the company you’re calling; it might not be real. If you’re calling back the company, find the number yourself and don’t use the number the suspected scammer may supply. The safest way to contact most UK banks after a supposed fraud call is using the new 159 service. Jump to information about the service here |
Sometimes scammers may try to demonstrate their legitimacy by providing you with info or details you’d think only O2 has – such as your name, number, what phone you have – or something else. If during the call you provided the scammer with your OTAC, they will have access to a lot of this information, including your tariff cost, bill history, address info and more, that they can use to try and convince you that they're legitimate. If during a call you haven't provided the scammer your OTAC and they repeat some details to 'prove' they're from O2, it may often be impossible to know how and where this info came from, but we assure you it didn’t come from O2.
Scammers use various methods and tactics to extract data and piece a profile of you together – often from countless sources that when combined, could make it convincing that they’re legitimate. Some examples of how and where scammers may have found your data or info:
I have covered this in more detail in a previous update, but as convincing as some scams are, there’s a lot you can look out for and hopefully identify them with, including:
Long story short is to please take notice of the first SMS you receive before the one with the code arrives. You can see here what these OTAC messages say, but this is the first one you receive prior to the code arriving:
We cannot stress enough that these OTAC’s are for you, and for you alone. They are a way for you to authenticate yourself and to prove to us that you are who you say you are, so that you can make account changes, order devices legitimately or do anything else you’d want to within your account. By giving this code to anyone else, you are compromising your own security and information and you could cause yourself untold hassle and damage to your credit file which could then impact mortgages, loans, banking products and more.
Up until the start of 2023, a large proportion of the scams being reported to us via social media were smishing based, with the most common scams being:
Though we’re seeing much less of these than we used to, all the scams above are still around so it's important to remain cautious and think twice about clicking links. Here’s some common signs (but not a guarantee) that a text may be a scam:
Similar to smishing, we’ve not seen a lot of new changes here but we’ve recently seen some new email scams and spam. One such email says “we’re updating your O2 login” with a number to call if you need to discuss it. That number is a scammer, who will then attempt to scam you or extract further info from you they can then use to either sell to other scammers, or use it to commit fraud in your name.
The other email appears to be more spam than scam, but in both this example and the one above, the biggest tell-tale sign it's not from O2 is the email address both emails were sent from, neither of which are legit O2 email addresses.
ℹ️ Take notice than in both example emails below, they state the last 4 digits of a mobile number at the top. Sometimes these may be random, but the email content may come across urgent enough you might not fully notice it's not your number. And sometimes the last 4 digits will actually be yours - to be clear, this does not mean the email is legitimate, just that a scammer knows your number and has used it to make their email look legit. See here for more info as to how these scammers may know your mobile number. |
Example 1: Take note of the fake email address and contact number in use here
Example 2: Take note of the fake email address in use here
Another email to be aware of, which is actually a legitimate email and not from a scammer, is where you've been told "Your O2 account has been locked due to 5 failed login attempts". I'll include a screenshot of this email below - if you've received one that's identical, is also from the same email address, and it's not asking you to click any links or call any numbers, then it's more than likely legitimate. If it does ask you to call a number or click a link, or looks different from below, then it may be a phishing email and you should be cautious.
You'll have received this email either because:
Some scams might pretend to be from O2, or from an organisation you already deal with. It's important that we see examples of phishing emails, texts and websites so we can investigate and shut down scammers.
To report a suspicious email:
To report a suspicious text:
ℹ️ Information shared to 7726 will be available to all UK mobile operators, the Information Commissioner’s Office and various approved organisations that are involved in criminal investigations, to enable the to identify the senders. These approved organisations include the National Cyber Security Centre (NCSC) and the Serious Fraud Office (SFO).
ℹ️ Information may also be shared with the organisations who are being targeted by the smishing attacks, to help them protect their customers from fraud. |
To report a suspicious call:
Additional steps
You should also report your phishing experiences to report@phishing.gov.uk. The information provided lets law enforcement organisations remove fraudulent sites and identify patterns of attack used by scammers to help us all defend against them.
ℹ️ Think a fraudster might have access to your O2 account? See our fraud advice, and report it to us straight away. |
Here we'll attempt to answer some common questions we've seen asked via our social media channels. If you have any questions not covered below, or in all of the information above, then let us know in the comments below and one of our Community experts may be able to assist or explain, or drop us a message on Twitter, Facebook or Instagram.
Q. These scammers had all my info - my name, address, how much I pay. How did they have that?
A. If during the call, or on a previous call, you gave the scammer your OTAC code, they could have logged into your account and had access to all of this and more. With access to all of this info, these scammers can make it very convincing that they work for O2 when they don't.
Q. But I didn't give them my OTAC, so how did they know?
A. As covered here, some scammers employ a number of tactics in order to create a profile of you. In some cases, they maybe even purchased such a profile on the dark web - part of a massive database someone may have pieced together using various sources and leaks, none of which may have any links or ties to O2.
Q. How can I better protect myself against scammers and hackers?
A. There is no one thing you can do that will protect you - instead, you need to approach online safety and security with a wide field of view and consider many aspects such as, but not limited to:
Those are just some of the main ways you can help keep yourself safe and secure from scammers, but these criminals are cunning. They will evolve and find new ways to scam you or steal your information or identity to commit fraud, so please be vigilant, take notice of warnings, and trust your gut.
Q. What are you doing about these scammers?
A. We act upon reports submitted to 7726 and act accordingly – either to ban the number and take action if it’s on our network, or report it to the network it belongs to and block it from further contact with our customers.
Q. But what about preventing the calls in the first place?
A. We regularly explore options available to us to tackle the issue of scammers and spammers head on, and we’ll continue to explore all options to reduce and hopefully eliminate (as much as possible) scams and spam being sent to our customers.
Q. I've been a victim of fraud and would like further support or advice
A. There are other sources available, including:
Q. What steps can I take to ensure a QR code is genuine?
Q. How do you contact genuine competition winners?
We will only contact you from our verified social media pages and we will never redirect you to a website, or ask for your credit card details. Remember to check the tick next to our name – our pages are @o2uk on Facebook and Instagram and @o2 on X and TikTok. If you have any concerns or doubts, please private message our verified pages.
30-06-2023 16:01
Excellent @Chris_K
@Martin-O2or @Breanna could you please put this in the Index of guides. Maybe use Vishing or Phishing as the keyword? (we have a guide using Scam)
Veritas Numquam Perit
30-06-2023 16:38
Will do @Cleoriff! Thanks for the suggestion. 😊
→ COVID-19 support - Help and support from O2 during the lockdown
→ Access for You: Registration - Find out how to register for our Access for You service.
→ Just joined the community or thinking of registering? Check out this handy starter guide!
→ Have a query about your account? login to My O2 for help
If you'd like to take part, why not register?
02-07-2023 18:39
This is great to read and understand things that go on
04-07-2023 11:53
04-07-2023 11:53
Did this get a # added @Martin-O2 ?
Trying to reply on this thread ( https://community.o2.co.uk/t5/My-O2/URGENT-ACTION-NEEDED-VICTIM-OF-FRAUD/m-p/1630222#M20341 ) and nothing coming up...
Please note, this is not customer services and we cannot access your account. Do not publish personal details (email, phone number, bank account).
Link to our guide on how to contact them can be found here
16-07-2023 18:33
How do you avoid the scam where someone takes out a contract in your name, gets a phone and then you get left with a bill to sort out? Don’t worry I already sorted it, but it cost a lot in time and was a nightmare which affected credit rating for months until it was resolved.
14-08-2023 09:54 - edited 14-08-2023 09:55
14-08-2023 09:54 - edited 14-08-2023 09:55
I'm a FRAUD victim. I'm new O2 customer as Virgin moved my service to O2 and I wasn't aware that it can be possible. They knew my name and my O2 number so definitely data leak. They tricked me to give them my O2 access and they bought iPhone under my account!!! I will place official complain as it shouldn't be possible to place order so easily using O2 account. Having only account bank code under account shouldn't be enough to do that! Especially they set my wifes bank account with my name which doesn't match at all but went fine. I'm sure it's not the first time and O2 do nothing to block this precedens - just saying be careful. Block this feature from account! Block buying phone without email confirmation! It cost me a lot of stress and that's not nice start with O2. Now my wife's O2 number is blocked and she's cuteed out from phone and bank access since week. I'm totally shocked
14-08-2023 10:36
14-08-2023 10:36
Hi. What did you do? as I'm in the same situation now ! O2 should definitely do something to prevent buying phones having only bank account added under your account. I didn't even know that it may be possible! Totally shocked. I never know any company letting to order something without providing more details.
14-08-2023 10:44
14-08-2023 10:44
When you gave them your OTP pin they have carte blanche to your account, as you handed over the keys to the castle, although the text tells you specifically not to give it over.. so you are technically liable.
Best thing to do is log with Action Fraud, and then you need to contact customer services and report it as fraud, and then wait for the fraud team to finish there investigations..
Also contact your bank, and keep an eye out for any direct debits been setup.
There is nothing anyone here can do.
14-08-2023 11:10
14-08-2023 11:10
Yes I've reported it as fraud and cancelled Direct Debit. Even with access to my account O2 shouldn't allow to place order if only bank account is added as it's not the first time it happens. I'm using online shops for decades and never had situation to place an order having only Bank Account. I was in the process of moving home totally knackered and wasn't fully mentally awake to catch the fraud alert. The worst moment which could happens...