Solved: Re: How to contact BT Fraud Team - Page 6

Jane2018 · ‎01-02-2024

When you get some answers do post here as I am sure a lot of us are interested in the answers. I didn't even know anyone could divert a call to their home on a landline to somewhere else until I read this. Presumably all those of us who work from home quite a bit since covid are also at risk that fraudsters could do the same con to get work calls diverted,

tarbat · ‎02-02-2024

@Jane2018wrote:
When you get some answers do post here as I am sure a lot of us are interested in the answers.

I will do if I eventually get an explanation from BT.

tarbat · ‎05-02-2024

So, according to call from BT mod this morning, all the hacker needed was the Account Number to be able to report the fault online, and divert calls to their mobile. Shocking!

Since the hacker obviously still knows the account number, presumably they can repeat this hack whenever they want, so I’m now always at risk of this happening again. Not happy.

tarbat · ‎05-02-2024

Reading back through my transcript of the phone call from BT, their explanation is that:

Firstly, the hacker had the account number based on a previous hack on February 2022. I was never informed about this previous hack!!
Then when the hacker phoned BT on 10th January, because the hacker already had the account number, when the call was listened back, the advisor actually did go by the correct procedure.
And that was how he was able to get in and change the BT ID.
Asked for further clarification, it was explained to me that if they have the account number, they can get into your BT ID, and make changes in there.

I find this absolutely shocking. That BT just take the account number as adequate authentication of the person that then allows the hacker to divert all your phone calls. SHOCKING!!

So, I'm now in the process of writing a formal complaint to BT (on paper!!).

tarbat · ‎05-02-2024

I'm wondering if what was described to me as the February 2022 hack, where my account number was hacked, actually refers to the 2021/2022 ongoing Lapsus$ threat group attacks, which was reported at the time as being targeted at BT?

Jane2018 · ‎06-02-2024

BT should change their authentication requirements to divert calls. If all that is needed is the one thing - account number - to divert all phone calls that is pretty poor security. Hackers could report faults and put up a divert. At the very least BT should allow all customers to log on and in an instant click a box to indicate they would not consent to call diversion under any circumstances.

tarbat · ‎09-02-2024

So following a couple of further phone calls up to Executive Complaints level, it's been confirmed that simple knowledge of just the BT Account Number and Address is enough to get BT to divert your landline phone calls. I'm going to deadlock letter, and will then complaint to the Ombudsman Services - Communications

I remain SHOCKED at how little validation BT carry out to divert all landline calls.

Re: How to contact BT Fraud Team

Re: How to contact BT Fraud Team

Re: How to contact BT Fraud Team

Re: How to prevent malicious fault report and call divert

Re: How to prevent malicious fault report and call divert

Re: How to prevent malicious fault report and call divert

Re: How to prevent malicious fault report and call divert