Hi, just been scammed with a new level of sophistication.
Just got a call from someone pretending to be from BT with the obvious accent and background noise.
He said he was genuine and offered to send me a confirmation text to the number ending in 123 which was my number.
normally I just hang up but he knew my cell number but intrigued I agreed.
He sent the text from 64 364 and it matched all other texts from 64 364, I then confirmed the number with him.
Seconds later while were chatting (I was just wasting his time by now) I got a second text from 64 364 saying my email password had been changed, I hung up on him and immediately went through the password reset for email and account ( both were changed). If it was not for the easy BT password reset I would have been doomed.
The question is , how did he know my cell phone last 3 digits ,how did he sppof text via BT 64 364 , and how did he change my account and email passwords.
Something similar ,but not as sophisticated, has happened once before, both occasions were just days after contacting BT tech support for help. Are these scammers so good now that they have hacked into BT?
Solved! Go to Solution.
It has been suspect for a long time now that there are either scammers working within the BT system or scammers are being given/sold customers details and that it invariably happens after contact with BT Support however BT have always responded by saying it is just a coincidence.
What did the scammer say was the purpose of his call was?
Unlikely but did the scammer tell you the text number or did he just ask you for it?
If he asked you for it and you gave it that is what is needed to confirm the password changes.
Make sure that no forwarding address has been set up in your email.
You can report scam call via this link.
I'm surprised BT haven't investigated this by now as my own theory (for what it's worth) is that this is entirely their fault!
You may recall the Indian call centres? My understanding of these is that they were not operated by BT but by contractors.
My theory then is that the information held by these centres was not securely disposed of when the call centres were brought back to the UK and Ireland and is now being misused.
For clarity, I repeat that this is just my theory and I do not have any evidence whatsoever to support it but I do feel that it warrants investigation by BT and the relevant authorities
GG, no, I did not give them my mobile number, and the text they sent was exactly the same as a genuine pin text in the same thread as other BT pin texts.
I do not know how they knew/associated my land line that they were calling on with my mobile number. I gave them the PIN ( not knowing the consequences) and that let them go into my account and change the account and email passwords. That must be a clue. Thank God BT sent me a password change text so I immediately used the forgot password feature which worked well.
I know how the network works, the network provider can stop spoofing CLID by orig number, and I expect BT has prevented spoofs on their text feed but others have not or don't care.
You should report it in the link I posted and I will advise the moderators who may be able to pass this onto the BT security department for investigation, assuming they have one!
V-M, thank you for your reply, I agree, apparently this has now been escalated . The fix would be for all providers to block texts from BT 64 364 , I expect only BT is blocking extra-networks from using this CLID ..from telecom experience 😉
GG, nice call on the forwarding suggestion, they had not done this but that would have been a nightmare if they had.
I someones account has been hacked and their address book is stollen ( harvested I think they call it ) and your email address, phone and mobile phone numbers are on it then your info. is out there for all to use. These lists, get sold on and on, on the dark web so it’s not difficult for someone in that business to have all that info. You were one of the unlucky ones whose info. was used, but at least you were on the ball.
Thanks Dode, for sure the following was the giveaway, and is everytime.
1) very poor, fast speaking English accent
2) lots of background noise of a busy call center
none of which BT has.
now if only we could detect that in our phones automatically and send it to junk voice mail LOL
I don't think this scam is actually that sophisticated, its rather simple. they went to the BTID forgot password page and put in your email address then you gave them the reset code, there was no spoofing, on that page is actually gives you the first 5 and last 2 digits of your mobile number, They could of got your email address and mobile number for literally anywhere you've used them.
FYI if you get a call from someone sounding Indian saying they are from BT its 99.9% a scam call, BT consumer don't use Indian based call centers anymore, and if they did it wouldn't be for outbound calls. If anyone calls you from "BT" that your not expecting ask what its about then politely tell them you will call back in directly.