This topic

How to prevent malicious fault report and call divert

tarbat — Mon, 15 Jan 2024 10:38:39 GMT

I'm looking for advise on how I can prevent someone maliciously reporting a fault on my landline and then having a divert setup to their mobile phone.

I ask because that's what happened to me last Wednesday (10th Jan). Someone reported my landline as faulty and got BT to setup call divert to their mobile phone. They then used this to attempt to gain access to my Halifax online service, but fortunately Halifax spotted the suspicious activity and prevented it.

Log of events:

Date	Time		Action
10/01/2024	16:34		Reported Fault : Problem : Landline - Cant make or receive calls : Reference number : VOL053-************
10/01/2024			Other products affected
Date	16:42		Text from BT about repair appointment on 19th January
10/01/2024	16:45		Text from Openreach about repair appointment on 19th January
10/01/2024	16:50		You've set up call divert : You've diverted your incoming calls to : 07********
10/01/2024	18:45		Text from Openreach about repair appointment
10/01/2024	19:08	00:00:32	Outgoing call to 07*******
10/01/2024	19:09	00:00:49	Outgoing call to 07*******
10/01/2024	19:09		Alert Text from Halifax
10/01/2024	19:10		Alert Text from Halifax
10/01/2024			Appointment Cancelled
10/01/2024			Fault fixed
10/01/2024	19:40		Call divert changed : You've stopped diverting your incoming calls to : 07********

So, my main question is how can I prevent this happening again?

But other questions remain:

Why did BT allow this to happen? What checks do they carry out to ensure that a stranger isn't reporting a fault and diverting the calls?
Will I have been charged for the call divert service, as it's not something that I currently include in my package.
How was the hacker able to make two OUTGOING calls from my landline, I thought call divert only affected incoming calls?
Who at BT do I write to about this? Halifax have advised me to put this in writing in an email it to BT, but I can't find an appropriate email address.

I have to say that I was shocked at how easy it is for someone to take-over my landline.

Re: How to prevent malicious fault report and call divert

NeilO — Mon, 15 Jan 2024 10:54:51 GMT

Hi @tarbat Thanks for posting and welcome to the community, I'm sorry this has happened and I'm glad your bank noticed the suspicious activity. I've removed the fault reference number and mobile from your post as it's not advisable to publically post this on the community, especially in light of what has recently happened.

When a divert is set up as part of a fault report high validation checks should be completed by the advisor who is handling the call. This is done via security validation questions or by sending a PIN to a contact number or email address that's already on your account. We can also password-protect an account, I would recommend that this is set up to add another layer of security to your BT account if it has not already been done.

Call divert is free when a fault is reported but you may still have to pay for the diverted part of the call, is that related to the question about the outgoing calls as it's not possible to make a call from someone else's landline?

I would like to take a closer look at this for you and will send you a private message in a moment so you can contact the community moderation team with your details.

Thanks

Neil

Re: How to prevent malicious fault report and call divert

tarbat — Mon, 15 Jan 2024 11:02:17 GMT

Thanks for the quick response. I'll await the message.

Yes, this hacker was able to make TWO outgoing calls from my landline, or at least that's what appears on my usage page. These were definitely NOT made from my house, as we were in at the time and made no such calls. My Call Recording device confirms this.

Re: How to prevent malicious fault report and call divert

garybs29 — Mon, 15 Jan 2024 11:13:25 GMT

The 2 outgoing caalls you mention are to mobiles so i suspect they were calls being received then diverted to that mobile

Re: How to prevent malicious fault report and call divert

tarbat — Mon, 15 Jan 2024 11:59:06 GMT

@garybs29wrote:
The 2 outgoing caalls you mention are to mobiles so i suspect they were calls being received then diverted to that mobile

Thankyou, that makes sense. I'd been worrying about how someone could make outgoing calls. Presumably the Caller-ID would have appeared as my landline number at the receiving phone? How can I find out who these two calls were from, just in case the callers have inadvertently talked to the hacker?

Re: How to prevent malicious fault report and call divert

wkirkman — Mon, 15 Jan 2024 11:34:37 GMT

Hello,

I'm just curious. In order to gain access to a bank account, you will need a lot more information than just the 'one time code' sent over mobile or landline, such as account number, sort code, name, that kind of thing.

So we can only assume that the 'hacker' had the account holder name, account number, sort code and home phone number? This doesn't sound like a random chancer. It sounds more like someone who has access to these details already, but just doesn't have access to the house to grab that phone call.

One would also assume that BT would run checks on the line supposedly faulty and found it not faulty before randomly diverting calls to random people's mobile numbers? If BT were to actually find the line faulty when it shouldn't have been, then someone needs access to the property to 'make it faulty' by loosening some wires.

It may be a bit Columbo, or Miss Marple, but… this sounds suspiciously like someone very familiar with the household who is desperately trying to get around the bank security some way to nab some cash that isn't theirs.

Pure speculation.

But… none of this sounds like the usual 'hoax' call trying to get information out of an unsuspecting householder. It sounds a lot more personal and targeted.

Re: How to prevent malicious fault report and call divert

tarbat — Mon, 15 Jan 2024 11:36:42 GMT

Thinking aloud, when this hacker reported a fault and diverted all my calls, why wouldn't BT have:

Called my landline to see if it was working?
If they'd done that, I would have picked up the phone and talked to them, as the landline was working.
Called my registered mobile number to verify?
Texted to my registered mobile number to verify?
Emailed to my registered email address to verify?
Etc.......................

I wonder what the Openreach engineer is going to make of this when he arrives on Friday to fix the reported fault?

Re: How to prevent malicious fault report and call divert

tarbat — Mon, 15 Jan 2024 11:51:43 GMT

@wkirkmanwrote:
Hello,
I'm just curious. In order to gain access to a bank account, you will need a lot more information than just the 'one time code' sent over mobile or landline, such as account number, sort code, name, that kind of thing.

They didn't gain access. They attempted to register a new device on the bank's app, so that they could reset authentication data (name, password, memorable info, etc), and the bank stopped that because when they made a callback to my registered landline phone number, it looked suspicious. The bank has confirmed that all the person knew was my USER-ID, which is easy to guess from my email address. So presumably I'm on a hacked list with my name and email address listed.

No actual fraud happened, but I had to go through lengthy phone calls with Halifax to get this sorted out, including new bank cards, etc.

None of that excuses BT allowing someone to set up an unauthorised call divert on my landline.

Re: How to prevent malicious fault report and call divert

tarbat — Mon, 15 Jan 2024 11:52:31 GMT

@wkirkmanwrote:
One would also assume that BT would run checks on the line supposedly faulty and found it not faulty before randomly diverting calls to random people's mobile numbers? If BT were to actually find the line faulty when it shouldn't have been, then someone needs access to the property to 'make it faulty' by loosening some wires.

There was no fault on the line. I'm still puzzled as to why BT didn't verify this first. How would the hacker gain access to the wires, other than at the exchange. Our line is underground all the way to the back of our house, and I'd have seen someone tampering with wires there!

Re: How to prevent malicious fault report and call divert

tarbat — Tue, 16 Jan 2024 16:16:51 GMT

Not sure if MODS have seen my reply to their message, but the phone number you tried contacting me on is the HACKER’S phone number, not the contact number I provided. I do hope you haven’t actually spoken to the hacker instead of me 😞

Re: How to prevent malicious fault report and call divert

DavidM — Tue, 16 Jan 2024 16:52:01 GMT

Thanks for taking my call @tarbat , sorry about the confusion there.

Cheers

David

Re: How to prevent malicious fault report and call divert

tarbat — Mon, 22 Jan 2024 15:22:41 GMT

@tarbatwrote:
Thinking aloud, when this hacker reported a fault and diverted all my calls, why wouldn't BT have:
Called my landline to see if it was working?
If they'd done that, I would have picked up the phone and talked to them, as the landline was working.
Called my registered mobile number to verify?
Texted to my registered mobile number to verify?
Emailed to my registered email address to verify?
Etc.......................

So now that my complaint has been closed (again!), how do I get answers to the questions I asked?

1. What information did the hacker have about me that enabled them to convince BT to divert my landline calls and so perpetrate this fraud attempt? How did BT verify the hackers identity?

2. What can I do to prevent this happening again?

3. Why did BT send an email about this complaint to a false email address (the hackers?) rather than my registered email addresses?

4. Why did a BT staff member try to phone me about this complaint on the hackers mobile number instead of the registered landline number?

5. When this hacker reported a fault and diverted all my calls, why didn't BT:
- Call my landline to see if it was working? If they'd done that, I would have picked up the phone and talked to them, as the landline was working. There was NO fault.
- Call my registered mobile number to verify?
- Send a text to my registered mobile number to verify?
- Send an email to my registered email address to verify?

Re: How to prevent malicious fault report and call divert

iniltous — Mon, 22 Jan 2024 17:18:29 GMT

No excuse for BT not following whatever the procedure is for verification that a caller is who they claim to be , but if in a genuine case of a faulty line where the customer were unable to make or receive calls , then obviously BT calling the ‘faulty’ line number to confirm the identity would be pointless , and not all ‘faults’ are detectable from a line test , so responding to a request for a call divert to a mobile , claiming ‘I’m expecting an important call ‘ with a refusal along the lines of ‘ your line tests fine , so No , we won’t be doing that divert ‘ could cause other issues , and asking for a divert to a mobile for incoming calls on the face of it doesn’t immediately seem worrying, it’s only if financial institutions use calling your landline as some sort of security check that it becomes a security issue .

At a more basic level , what information did the hacker obtain first , the fact you were a Halifax customer and some info gleaned from that breach that you were a BT customer ( possibly from the email address on record ) seems most likely, as the other way around seems more a long shot , the hacker knows you are a BT customer and out of the hundreds of financial institutions you could use , they get lucky in trying the Halifax .

As stated , I’m not seeking to minimise this , it is a worrying failure

Re: How to prevent malicious fault report and call divert

tarbat — Mon, 22 Jan 2024 17:40:16 GMT

I’m just saying that it seems an obvious check for BT to do first is to check that there really is a fault on the line, by trying to phone the account holder on the landline number that the fault is being reported against. They didn’t do that, we were home all the time and no call was received. I’m surprised BT accepted that there was a fault without verifying that, and went as far as booking an Openreach Engineer to attend this week.

And yes, I suspect that the hacker had some details about my Halifax accounts that linked back to my landline number, and used that to first get a call divert put on the line, and then attempt to get credentials changed at Halifax using the “forgotten password” route, which involves the bank phoning on the phone number that is registered for the Halifax accounts. Halifax detected this as suspicious activity, and prevented the attempted fraud.

Re: How to prevent malicious fault report and call divert

Anonymous — Mon, 22 Jan 2024 17:53:05 GMT

We can all only speculate but I'd be more inclined to suspect that this whole fraud originated within BT. Assuming you pay you BT bill from your Halifax account then BT would have the bank account details on record. They would also know your email address & home number, so they have all the information without any speculation. It would also explain why they were happy to divert your line without due diligence.

I obviously don't know what the result of you conversations with the Mods were but as I said on the other thread, I'd be pursuing this with the ICO.

Re: How to prevent malicious fault report and call divert

tarbat — Mon, 22 Jan 2024 18:51:36 GMT

I’m holding off going to the ICO for the moment in the hope that BT provide an explanation, with some evidence.

Although it’s not looking hopeful as I now see that the complaint has been updated to say “Letter sent Alternative Dispute Resolution Letter”, whatever that means?

Re: How to prevent malicious fault report and call divert

garybs29 — Mon, 22 Jan 2024 21:32:30 GMT

So that sounds like the letter where BT have closed the complaint but you're not happy so it's the details to take it further.

FWIW I'd be more worried about how the hacker got the info. If BT have followed their processes & contacted the info on the account which someone else has been able to change BT have no idea how they came by this info & quite frankly some of the questions make it sound as though you're blaming BT entirley instead of the hacker.

Re: How to prevent malicious fault report and call divert

tarbat — Wed, 24 Jan 2024 13:20:21 GMT

I despair. How can I get BT to update the contact details of my complaint, as there's now a message on the complaint saying "We're sorry we haven't called you yet. We'll contact you on 07591****** as soon as possible ."

That is the HACKERS phone number!!!! Does that mean that the hacker has now hacked the complaint as well? No wonder BT haven't been in contact 😞

Re: How to prevent malicious fault report and call divert

tarbat — Wed, 24 Jan 2024 14:21:27 GMT

And now I’ve just received an email saying that I’ve updated my recovery details.

“We're just confirming that you've updated your recovery details.”

I haven’t. Does this mean the hacker is into my account in some way? I’m now seriously worried that BT are maybe talking to the hacker thinking that they’re talking to me.

How do I view these recovery details? And why can’t BT contact me on the landline number instead of the hackers mobile number? Why can’t BT tell me how the hacker is doing this?

Re: How to prevent malicious fault report and call divert

wkirkman — Wed, 24 Jan 2024 14:27:24 GMT

Hello,

The contact name is visible on that screenshot. Is that the ‘hacker’? Or is that yourself?

Seeing as the ‘hacker’ appears to know your name, bank account details, home phone number, how to get into your BT Account and a repertoire with BT themselves to be able to answer all security questions, it makes me curious as to whether you yourself are looking at someone else’s account…? And they are busy trying to protect theirs from you.

Saying ‘hacker’ doesn’t give you a free pass for BT to just accept you as the main person instead of the other person they are obviously talking to.

This ‘hacker’ can obviously prove themselves to BT with all the correct information…