My dad was called by ‘BT security services’. They said that someone was infecting our service box and there were foreign IPs on his PC (there were). He had downloaded AnyDesk by the time I intercepted and asked him to get off the phone.
Now, everything to me indicates this was a scam, but I don’t think anything was done to his laptop. We called BT and they confirmed it was legit. My Dad had received a four digit code on his phone from BT. Which indicates it was legitimate. It was the same number he’d received codes from before, this is why he thought it was real.
now I’m willing to be told otherwise but I still think there’s something off about this. My Dad says it was a 019 number, I doubt BT use that. Why would BT call him first without alerting him through his account? Why would BT be interested in him running AnyDesk? Why would an internet service provider be involved in computer security?
If this is a scam and I think it is, I think there’s something potentially wrong at BT and their account management if they confirmed this to be legitimate.
Its a 100% scam.
BT would never call like that.
Phone numbers can easily be faked.
The four digit code is genuine but it is the scammers that caused BT to send it. They do this by using your father's email address and using the online forgotten password function. This generates the code being sent.
They then ask your father to repeat the code to them to confirm its genuine. Once he does that they have all the info they need to access his account.
I would suggest that you use a different computer to change all his passwords as well as banking passwords, notify the bank what has happend.
Prior to doing the above you should check his email account to see if any forwarding has been set up and change the email accounts password.
You should have his computer checked for any malware and key loggers that may have been installed by the scammers.
That is a serious security issue, as I am sure that lots of people have been fooled by this method. There has to be a better way to reset passwords, or an additional layer of security like a backup email address, or asking the caller what code they have sent, as they would not know it, so that would prove its a fake call.
It does not alter the fact that BT, or any other ISP, would ring people up asking them to download a program.
I wonder how many of these missing inboxes and sent mail reports, are due to scammers getting access to customer login details, and then downloading their accounts, and deleting the contents?
It that long since I set up my account but I seem to remember you could give an email address for the code to be sent to.
I think the code is computer generated and the Customer Services operator would not know it if asked.
The best advice is that BT or any othet ISP will never cold call you about a fault or problem with your service and they will never ask for access to your computer without you having been the instigator of the call.
Personally I would never allow any one regardless of who called who, access to my computer.
If you have problem get them to talk you through what needs done on the computer and you do it. Do not give them access.
My dad called BT again. Apparently they have logs on their system that show it was legitimate. Is this another potentially security breach?
This was 100% scam. BT logs only confirm the 4 digit code was legitimate which makes you think the whole call was OK - as Keith said. Downloading AnyDesk is typical of scammers trying to access the computers remotely. Please check all the passwords you have been advised to do, it only makes sense to be safe and sure rather than gamble all was OK. All cold calls you get like this asking for remote access because they’ve spotted a security issue are DEFINITLY 100% scam calls.
It is obviously up to you what you do.
If you decide to believe it was a genuine call and do nothing regarding passwords etc and your father's bank account or other accounts are compromised make sure you don't tell those places you were advised that you had been scammed and did nothing about it.
This is from BT. Does any of it apply to your dads call.
Don’t be fooled. There are some tell-tale things the fraudsters try that BT will NEVER do:
Fraudsters will demand something urgently – by putting people under pressure, scammers can hurry people into being fooled.
Fraudsters will use phrases like ‘we’re calling from your service provider’ to try to trick people into revealing more information.
But because BT is a large provider, scammers have tried saying they’re from BT in the hope of speaking to a BT customer.
Because of this, it’s even more important you’re vigilant.
thanks for the help and legitimising the fears.
my Dad called BT twice and they confirmed it was legitimate, but I think due to his confusion they confirmed legitimate calls as legitimate and not the issue one, so my Dad was convinced all was well. I called today and spoke to BT and clarified what the call actually was and I was told the call was a scam which was enough to convince my Dad to take action and secure accounts. I mentioned IP addresses, any desk and believing the code to be from forgot password to BT etc. I had already looked at his PC five minutes after the original call and removed anything and ran a full scan for malware (there was none, I think I intercepted at a good time).
I’ll say my Dad did mention AnyDesk to BT (at my insistence) but I don’t think this went through the correct channels, but I think that should have been a warning to the customer service team that this wasn’t legitimate, but they told him it was— hence our continued confusion. Think maybe the general customer service team need more training, I think a bank would have immediatley flagged this, no matter the channel.