---

@tarbatwrote:

Thinking aloud, when this hacker reported a fault and diverted all my calls, why wouldn't BT have:

1. Called my landline to see if it was working?
   If they'd done that, I would have picked up the phone and talked to them, as the landline was working.
2. Called my registered mobile number to verify?
3. Texted to my registered mobile number to verify?
4. Emailed to my registered email address to verify?
5.  Etc.......................

---

So now that my complaint has been closed (again!), how do I get answers to the questions I asked?

1. What information did the hacker have about me that enabled them to convince BT to divert my landline calls and so perpetrate this fraud attempt? How did BT verify the hackers identity?

2. What can I do to prevent this happening again?

3. Why did BT send an email about this complaint to a false email address (the hackers?) rather than my registered email addresses?

4. Why did a BT staff member try to phone me about this complaint on the hackers mobile number instead of the registered landline number?

5. When this hacker reported a fault and diverted all my calls, why didn't BT:
- Call my landline to see if it was working? If they'd done that, I would have picked up the phone and talked to them, as the landline was working. There was NO fault.
- Call my registered mobile number to verify?
- Send a text to my registered mobile number to verify?
- Send an email to my registered email address to verify?

No excuse for BT not following whatever the procedure is for verification that a caller is who they claim to be , but if in a genuine case of a faulty line where the customer were unable to make or receive calls , then obviously BT calling the ‘faulty’ line number to confirm the identity would be pointless , and not all ‘faults’ are detectable from a line test , so responding to a request for a call divert to a mobile , claiming ‘I’m expecting an important call ‘ with a refusal along the lines of ‘ your line tests fine , so No , we won’t be doing that divert ‘ could cause other issues , and asking for a divert to a mobile for incoming calls on the face of it doesn’t immediately seem worrying, it’s only if financial institutions use calling your landline as some sort of security check that it becomes a security issue .

At a more basic level , what information did the hacker obtain first , the fact you were a Halifax customer and some info gleaned from that breach that you were a BT customer ( possibly from the email address on record  ) seems most likely, as the other way around seems more a long shot , the hacker knows you are a BT customer and out of the hundreds of financial institutions you could use , they get lucky in trying the Halifax .

As stated , I’m not seeking to minimise this , it is a worrying failure 

I’m just saying that it seems an obvious check for BT to do first is to check that there really is a fault on the line, by trying to phone the account holder on the landline number that the fault is being reported against. They didn’t do that, we were home all the time and no call was received. I’m surprised BT accepted that there was a fault without verifying that, and went as far as booking an Openreach Engineer to attend this week.

And yes, I suspect that the hacker had some details about my Halifax accounts that linked back to my landline number, and used that to first get a call divert put on the line, and then attempt to get credentials changed at Halifax using the “forgotten password” route, which involves the bank phoning on the phone number that is registered for the Halifax accounts. Halifax detected this as suspicious activity, and prevented the attempted fraud.

We can all only speculate but I'd be more inclined to suspect that this whole fraud originated within BT. Assuming you pay you BT bill from your Halifax account then BT would have the bank account details on record. They would also know your email address & home number, so they have all the information without any speculation. It would also explain why they were happy to divert your line without due diligence.

I obviously don't know what the result of you conversations with the Mods were but as I said on the other thread, I'd be pursuing this with the ICO.

I’m holding off going to the ICO for the moment in the hope that BT provide an explanation, with some evidence.

Although it’s not looking hopeful as I now see that the complaint has been updated to say “Letter sent Alternative Dispute Resolution Letter”, whatever that means?

So that sounds like the letter where BT have closed the complaint but you're not happy so it's the details to take it further.

FWIW I'd be more worried about how the hacker got the info. If BT have followed their processes & contacted the info on the account which someone else has been able to change BT have no idea how they came by this info & quite frankly some of the questions make it sound as though you're blaming BT entirley instead of the hacker.

I despair.  How can I get BT to update the contact details of my complaint, as there's now a message on the complaint saying "We're sorry we haven't called you yet. We'll contact you on 07591****** as soon as possible ."

That is the HACKERS phone number!!!!  Does that mean that the hacker has now hacked the complaint as well?  No wonder BT haven't been in contact 😞

And now I’ve just received an email saying that I’ve updated my recovery details.

“We're just confirming that you've updated your recovery details.”

I haven’t. Does this mean the hacker is into my account in some way? I’m now seriously worried that BT are maybe talking to the hacker thinking that they’re talking to me.

How do I view these recovery details?  And why can’t BT contact me on the landline number instead of the hackers mobile number? Why can’t BT tell me how the hacker is doing this?