the number appears to originate from the USA or Canada
No, it was India. I have only ever used BT chat online which is in India and their accents and agressive manner are a clue.
The code is a San Francisco number - however it's almost certainly spoofed via an IP system.
Possibly, even likely. I know they are automated calls over IP. I still think they originate from BT hacked call centres, there is too much of a coincidence. For all that is said about another provider, who is making headlines recently, they are beginning to admit to similar issues with these call centres, as noted on their Twitter feeds.
I have had multiple scam calls from an Indian call centre, even though I am a non listed ex-directory number.
the worrying twist is that the caller who purports to be from BT technical, also has my full BT account number.
That cannot be a computer generated co-incidence ! And suggests a security breach in BT.
Well, I personally never get a BT scam call, but most of those scammers who called me are claiming to be from Windows or Microsoft. Almost everyday I read people also reporting them at sites like whycall.me and another similar complaint boards. I think people should have been aware of those Indian scammers. They always use similar tricks.
A friend of mine has just been taken in by the same knowledge of account details. These details are only known by BT and in a safe place at her house so I suspect you are correct, BT Indian call centre is responsible for the loss of details or for employees at the call centre being engaged in this criminal activity.
She's normally very dubious about these kinds of calls but was taken in by the account knowledge which should have only been available to BT.
She's bringing her compromised equipment to me later today and I will inspect it to gather as much logging information as I can from it. In theory, the source IP address of the person who remote accessed should still be on that system and I can trace it back to it's origin (country and or business).
It may even be possible (although unlikely) that it'll trace back to a workstation / individual.
It appears as though there are multiple individuals doing this. There is an initial call which authenticates via account number followed by a different person (tech expert) calling and then remoting in.
Note: they will claim that they will lose their jobs if you don't let them in to fix. Also, they'll claim that your anti-virus software will interfere with their work and get you to uninstall before sending you to an infected website.
At the end of the day you pay BT for an INTERNET CONNECTION and not a PC, mobile or other device support. They don't care about your attached equipment/software beyond the router. You get what you pay for from BT and not this level of tech support. The most BT would actually need to do is alter your router settings which they can do remotely without any interaction from the customer.
The simplest and easiest solutions are always the best. Never give anybody who contacts you in an unsolicited phone call access to your computer or any personal details no matter who they say they are or represent.
No legitimate company will contact you and ask for access to your computer without you having contacted them in the first instance to report a fault and even then they would either deal with it there and then when you called them or re-contact you within a very short period.
There is absolutely no legitimate reason for any company, whether it is Microsoft, BT, your bank or anybody else to call you out of the blue and ask to access your computer.
OK, I've taken a look at the device and there's plenty of information on it. I'm deliberately not going to post the names of the legitimate organisations that are part of the laundering chain as they'll be contacted seperately.
The original call likely came from a legitimate BT call centre in India. BT should look into this!! Urgently!!
Second. The accomplice in this instance (follow up call) works out of a coffee shop in Miyako District, Fukuoka Province, Japan - The exact address will be passed on to the police who are investigating, however with it being a multi-national crime I'm not certain that'll get much attention. Of course, where the second person gains access to the internet will be different each time, it won't be their home address.
They then attempt multiple ways to get cash from the victim (who believes it to be genuine due to the account and address details provided by the call centre employee).
They'll set up their remote connection - using legitimate software which conveniently logs everythng forensically for us - but will place a BT TECHNICHAL SUPPORT title - note the incorrect spelling. English isn't their main language.
They try a bank transfer which is from the account holder to an account set up in India. They'll label it as a "Parental Support" transfer to an invented relative of the account holder (or a real one if they can grab that) hoping it will look legit to your bank. Of course they don't tell the victim that, they are told it's just some nominal amount for a security update (£3.50 for example). This uses legitimate online banking sites so should be possible to track - my friend has the transactionID stored in her internet cache which would allow the bank in question to identify the destination account and from there to the persons holding the account. This information has also been passed on.
They will attempt to use the card, complete with all security details they can get off the victim and if you're lucky, your bank will immediately spot that sending £600 (example) to support someone in India is suspect and will block it.
Also, if you have set up additional online card security, they will attempt to get you to give them the three characters from your pass phrase. This would be a REALLY BAD THING TO DO. No company will ever ask for that and is a dead giveaway that they're trying to take money via an online technique!!!!!
Next, they may try to set up a SKYPE (or similar) account as if they were you or a relative. They then add funds to it's wallet (security permitting) which they can reclaim to their own bank accounts later.
Obviously there are many ways they can launder your card, all involving free accounts they can set up in your name to transfer money into (PayPal, Skype etc). You the victim won't see them doing any of this and if successful they'll already have moved the money out to their true account by the time you've noticed it.