3,060 Views
Message 111 of 122

reporting.

hi report them  to  ICO. go to the ico websit.

0 Ratings
Reply
3,037 Views
Message 112 of 122

Re: reporting.

I presume you mean https://ico.org.uk/

Best of luck with that.

My experience of dealing with any public bodies in the last few years is they just fob you off for a while then allow you to make a complaint, then decide it's not applicable, suggest you can go to the Onbudesmen/man who appoint an ombudesman (ombudesmen don't need to have any professional qualifications) take 6 months at least to come up with a judgement which will inevitably be in the businesses favour.

Bigger BT Business companies will have upgraded their own Exchange servers (as per M$'s requirements)

0 Ratings
Reply
2,627 Views
Message 113 of 122

Re: Scams: Information about scams currently circulating

scam calls report the calls to  ico. 

0 Ratings
Reply
2,559 Views
Message 114 of 122

Re: Scams: Information about scams currently circulating

all i can say is get it report. to ico. 

0 Ratings
Reply
2,528 Views
Message 115 of 122

Re: Scams: Information about scams currently circulating

ICO appears to be concerned only with Data misuse, but it would be good to know of some body that can take effective action. The " Hello, your bill is ready......etc." has been circulating since at least 2020 and I have received, and reported, at least 4 identical messages in the past week. The only variation is in the Email address of the sender, which all look unlikely, they vary including @gmail and  @hotmail addresses -I have lost count of the number I have forwarded to phishing@bt.com . They are still being 'signed' by Nick Lane at the old BT Office Address - not very clever!

The 'You have a BT Voice Mail' has also recently re-appeared, which gets the same treatment, as have the 'Your Email will be shut down' giving a link to click on, if you want to stay on-line. The 'cut off' is usually about 2 days from the date of the Email.
I have been reporting all such Emails, before permanently deleting them, for years, but they still keep coming. 

 

0 Ratings
Reply
1,667 Views
Message 116 of 122

Re: Scams: Information about scams currently circulating

A strange popup, obviously a scam. A panel telling me I had exhausted my "session" and would have to fill in email name and password. I've never come across having to "restart" like that. Email is locked up in both iPhone and iPad; the webpage (via Safari) works as normal.  

The panel, which hides all the email window, shows my email address @ btinternet.com (almost greyed out), a line for Password, followed by "Forgotten login details?" and "Difficulty signing in?" and then a "pressbutton" panel for Sign In. 

It has caused my mobile emails to be locked up and haven't found a way of deleting it. 

I would appreciate help in getting my mobiles back on line 😉

 

0 Ratings
Reply
1,636 Views
Message 117 of 122

Re: Scams: Information about scams currently circulating

Switch them off and then back on.

0 Ratings
Reply
1,625 Views
Message 118 of 122

Re: Scams: Information about scams currently circulating

if the above makes no difference try going to Settings>Safari and down to Clear all history and website data.

0 Ratings
Reply
876 Views
Message 119 of 122

Re: Scams: Information about scams currently circulating

Had the same scam call repeatedly over the past few days, from 01529249746 and 01287634439  - caller claiming to be BT and warning about dangerous foreign devices they've discovered accessing my broadband and wanting me to offer remote access to my pc so they can block dangerous IPs and protect me from hackers trying to steal my information. 

0 Ratings
Reply
872 Views
Message 120 of 122

Re: Scams: Information about scams currently circulating

Repost from my post: 

https://community.bt.com/t5/BT-com-Community-feedback/Scam-Aware-amp-How-Easy-It-Is-To-Scam/m-p/2326...

I had a phone call this morning from a woman claiming to be BT, spouting random stuff about people using my Internet connection without my knowledge because of random IP Address detection. Now, coming from the IT world I knew that this was nonsense and a scam (although it is important to note that a lot of people wouldn't). But I continued to stay on the call and played along a little to see what would happen.

They said they wanted to verify my details and would send me a code to my mobile and could I just confirm the numbers back to them for security purposes. They quoted back to me the 'last few digits' of my mobile number.

Here is where the problems start. The code was sent to my mobile and looks like it came from BT. And worse still, BT themselves do in fact do this as part of their security process. So, it looks like it is legitimate. Of course, I did not give them the code and claimed that was not my mobile number, to which she proclaimed she knew I wasn't the account holder, and when I told her that I knew she wasn't BT, she got into a back and forth about how she knew I wasn't the account holder… very 'professional'.

Anyway, this got me thinking, how had this come about? How did she have my phone number, mobile number, and was able to spoof a BT text message (that joined the flow of previous messages from BT in my Messages App, so I was pretty sure it was in fact spoofed well). After a quick search I found someone on this community (and forgive me, but I didn't take note of the thread) that this actually comes from the 'Forgotten Password' function on the BT login.

So, the scammer had just gotten hold my BT ID and clicked on Forgotten Password, and it sends a code to my mobile phone (quoting the last few digits to the scammer on the webpage so they know to use that).

Right, but how did they get my BT ID?

Turns out, if you go through the process, you can also claim that you have forgotten your BT ID, and instead can use your home phone number.

Doh!

So, how clever are these scammers? As it turns out, not very clever at all. It isn't that sophisticated.

All they need is a database of BT Phone numbers, then they just spend all day on the 'Forgotten Password' page.

- They phone your BT Phone number

- They claim they are BT

- They click the link to say 'Forgotten Password'

- They quote part of your mobile number back to you to legitimise it

- They ask you for the code that is received

- They log into your account by changing your password, and they're in

 

This seems 'legit' because BT in fact use the same type of system where they send you a code and ask you to quote it back to them.

 

2 Factor Authentication at this point becomes a liability, but, when you really boil it down, the true vulnerability here is that they allow you to attempt a login with your BT Phone number, that could be gotten from a Phone Book, and if Ex-Directory, is still sold by so many companies out there looking to try to scam or con you.

If BT STOPPED allowing you to login to change passwords with your BT Phone number, then what do the scammers have?

- They would not have a phone number and a BT ID to even attempt a Forgotten Password

- If they have your BT ID they would not have a phone number to call you on to attempt to get the code from you

- If they have your phone number, they have no BT ID to attempt to use Forgotten Password on

EE currently does not have 2 Factor Authentication, BUT, they also do not allow you to login with a BT Phone Number to reset your password (from what I tried anyway), so even though their login is technically less secure, it is actually MORE secure as there is no way for the scammer to call you, and attempt to login and pretend to be the supplier all at the same time.

So if nothing else, I would urge BT to go to their 'Forgotten Password' section and remove the ability to also 'Forgotten BT ID' and use the BT Phone number instead. It is a huge security flaw and the basis for many scams - because to honest, if I wanted to, I could go and place a call to a random number in just the same way, do the same things, and gain access to someone's BT account… and all I would need would be a phone number and zero morals.