Forum menu
My daughter is on a EE contract coming towards its end, so she went into the EE store in Inverness to upgrade her phone.
It turns out someone in London has already gone into a store in London and done the upgrade and got a new phone using her name.
We've been on to EE and they acknowledge it's fraud etc.
Seeing as daughter lives in Dundee or here in Dingwall (StrathPufferland) and hasn't been near London, we're interested in whether this is a one off or happening more generally.
(She has always stuck to a rigid protocol on passwords etc so I doubt it was phishing)
That's weird. Offhand, I'm struggling to see how that's possible.
Does she throw away unshredded paper statements? Access online accounts on a compromised PC?
Easy if its EE staff or leaked data from staff or a third party call centre .
Insider job, maybe not the person who's got the actual phone but whoever 'processed' it?
Not the same thing but may be related. About 2 weeks ago I had a text overnight from EE saying they had changed the address on my account as per my instruction. I hadn't! Tried to login to my account, both web page and phone app and the password had been changed. Called them and long time on the phone giving many confirmation details, some going back many years (customer 10+ years) ie when and where I've made changes, renewals etc. they got everything sorted.
The address was a London one.
Prompted a lot of new passwords on multiple login accounts.
Their security/verification may not be the best and along with recent price hikes - wife's payg doubled for data! She changed to Tesco. - don't think I'll be a customer for much longer.
Easy if its EE staff or leaked data from staff or a third party call centre .
Ah, good point well made.
Prompted a lot of new passwords on multiple login accounts.
That could be how you got breached in the first place, rather than anything to do with EE's security. A password change on any one important site / app should prompt a password change of precisely "one."
If I wanted to hack your mobile phone account, that's probably quite tricky. But if I could hack a softer target like, say, a popular mountain biking forum running very old software, I could potentially gain your email address and password for that site. If you've reused the same credentials for your phone account, I'm in. If you've reused the same credentials for your email account, I'm in to pretty much everything you've got access to that only needs a password for access.
Use strong, unique passwords for anything you care about, and use two-factor authentication whenever it's available.
Someone did just that to my Vodafone account about 8 or 9 years ago.
Phoned up claiming to be me but forgotten the PIN, changed address and upgraded to the latest BlackBerry with a really expensive business tariff.
First I knew of it was when someone called from Vodafone asking how I was getting on with the new phone.
Vodafone put two extra security questions on my account but didn't asked for them once while trying to get it all resolved, until I queried why I wasn't having to answer the extra questions every time I contacted them.
One of their customer service guys admitted that people can generally just get into their account by claiming they have forgotten their PIN and the staff will let them change tariffs etc because they get commission for new tariffs etc.
They initially accused me of lying and that they were going to investigate the fraud.
They then wouldn't put the original tariff back.
I left Vodafone after this. The whole thing was a complete nonsense.
Cougar - Moderator
That's weird. Offhand, I'm struggling to see how that's possible.
Does she throw away unshredded paper statements? Access online accounts on a compromised PC?
It comes out of my wife's account, and she's paranoid about security and shredding every bit of paper. (Ex criminal prosecutor ๐ )
spence - Member
Not the same thing but may be related. About 2 weeks ago I had a text overnight from EE saying they had changed the address on my account as per my instruction. I hadn't! Tried to login to my account, both web page and phone app and the password had been changed...
That's exactly what happened here.
And what's more when we rang today to check on something, it's been "upgraded" again!
It looks like someone has worked out a great scam. Hit up the phone company just before a contract ends, upgrade, get a brand new iPhone 7 and probably flog it on. Sales staff are probably pretty lax on the security when they think they're making a sale and getting commission.
It's got to be someone with insider info IMO (or EE has been hacked).
Needless to say we've gone to another company and closed off EE access to my wife's account. ๐
Happened twice with EE. Insider job from store personnel suspected. Both times I had a text to say that my package from EE would be delivered the following day, so I rang them to check the address they though they were delivering to and it was a hotel in London for one of them.
The general impression I got from their Cust' Service and fraud teams was that they didn't actually give a stuff about it so I moved all of my phone accounts away from them at the next opportunity after 25 years of continuous. Some of them had been with Orange/EE for over 25 years and again, they didn't give a monkeys or want to know why.
My dad got scammed for a phone via Vodaphone. He had never owned one, no internet or any modern technology. The only coincidence imo was a number of visits and stays in hospital.
I had to get the police and citizens advice involved who gave me some very good and effective information.
What the police "expert" reckoned was that someone had used dad's details to obtain a phone, ran up a bill to the max then gone online to change details!!!! I advised a Vodaphone rep to call the number, if a very angry Scotsman answered he would know it was my dad, if someone with an accent other than Scottish he then had evidence that it may(was)not my dad who was using the phone.
I called the phone number, obtained from the red letter bills!!! The person who answered had an Asian accent!!!!
b r - Member
Insider job, maybe not the person who's got the actual phone but whoever 'processed' it?
^^^ This.