What's new
Pinball info

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

BT Internet Scam

DRD

Registered
Joined
Oct 26, 2014
Messages
5,421
Location
Newark
This week a friend of 'er indoors lost over £20k to this. They were duped into downloading malicious software onto their NHS work computer. Their bank current account was then emptied in two transactions. The NHS computer was then locked down by the scammers.

The scam was similar to this ....


They are going to complain to the financial ombudsman, but banks seem to have a lot of discretion and often don't pay up.

Does anyone know of an expert in this field who may assist in getting some money back? They are willing to pay a suitably qualified lawyer or similar

Thanks
 
I think the issue lies in the fact that you have to go through a 2-step verification of monies being sent out of your account, usually to a mobile phone which is deemed enough by the banks to count as authorisation of the transaction. The banks deem this to be the user being at fault for the fraud, not a weakness in their system - which they would be liable to pay out. I would imagine if they paid out in full on all scams where the customer "willingly" handed out such information, we would see some form of widespread banking charges to general savings accounts to recoup this cost.
 
There's another that seems to be doing the rounds.....Much simpler tho...

Someone calls up reporting to be... as an example, Virgin Media. Asks for characters 1 3 and 5 of your passcode.

They then say "sorry thats incorrect, lets do that again..." and ask for characters 2 4 and 6....

And Voila... they have all or a big chunk of your passcode.

Whenever they call now, i just refuse to discuss with them until THEY can verify part of their information i.e. the specific package you have, or your last bill amount.. They called me remember...
 
Whenever people call and ask for my details I have always said go do one, like Paul said they called. I will always call back the company.
I did this years ago and they were always shocked at my attitude, idiots.
Good luck with getting the money back🤞
 
Whilst not helping in this situation, I just never answer the phone to numbers I don't know. They can leave a VM if really they need to contact me, and I always look up the number on the internet as 99% of them are scam or sales calls.
 
They are unlikely to get anything back from the bank.

The people who do this are pros, the money would have been transferred out straight away, possibly via several other compromised accounts.

The bank will ultimately say that their customer authorised these transfer(s) and they acted upon their instructions. Banks can't realistically be expected to intercept every money transfer, and how irritating would that be for everyone wanting to send money legitimately.

Sorry to say but in this day and age if you're using a computer or answering the phone to strangers who talk about IT you should be aware of the risks.
 
why's is this a BT Internet scam? nothing to do with BT!

banks won't pay up and in my view shouldn't pay up; people need to take accountability for security.

Neil.
 
Yup it sucks. And where a company is involved they should be providing fraud training, but many don't. What ends up happening is people with money moving privileges who have been in the business 20 odd years but haven't kept pace with technology end up taking emails or phone calls at face value etc.

These types of scams are big business now, they cast a wide net and they only have to find one person who isn't savvy with security to make it worth their while.
 
Sucks. As others have said - I'd be very surprised if you can recover any money at this point. Best you can do now is educate others about these types of scam, and maybe get some small enjoyment from watching people on youtube who spend hours and hours of their lives just wasting the time of these scammers to try and protect others

 
Always have to be super vigilant these days. There's also a big disparity between what banks will payout if you are the victim of fraud or theft. Theft (your account is hacked) means that usually, the banks can recover the money. But fraud, where you actively give your information to a scammer or transfer them money in the hope of getting a return means that the banks do NOT legally have to give you the money back. It would be down to you to take the offender to court to recover it (probably impossible).

Long story short, don't rely on banks having your back. Multi-factor authentication is your friend... for everything. Banks, building societies, online shops, social media and email. They all need securing as much as possible.
 
Is the initial contact from this caper a recorded message saying "from BT, your service is about to be suspended due to suspicious activity.."?

That IS the suspicious activity! I ignored this (does it ask the mark to press some key?) and it came in again a week later - even I don't call that interval 'about to'

As Paul and M4carp point out, the onus is on the caller to prove their identity
 
Never let anyone remotely connect to your computer. I've heard stories where the recipient has realised its a scam and refused to pay any money/provide banking details but because they enabled remote access the scammer has used Syskey to "lock" the computer holding the mark to ransom.
 
We get calls from "BT Internet" telling us about problems with our router fairly often. As the IT manager here it amuses me quite a bit, because we obviously don't have any consumer kit (all Cisco stuff) and it gives me an opportunity to play totally dumb about IT stuff and see how long the call lasts before they hang up or realise I'm too difficult to deal with or are on to them, etc.

That said it's hard to understand people not being IT savvy if you are. I can imagine those kinds of calls catching out people who just "have internet from BT" or something.

As said before it's a big thing now, that and "CEO fraud" where old school bookkeepers are tricked into sending money to random accounts on the pretense of an spoofed email received from the MD. A lot of businesses, particularly small ones, don't give enough consideration to this and other social engineering tricks.
 
im often phoned on the landline to inform us there is a problem with our virgin router and I need to install some software on my pc to sort it out,usually it's an indian person with lots of chatting going on in the background,as im not even with virgin ,I keep them on the phone and say hold on please I need to answer my front door then I usually stick the phone in a kitchen cupboard,close the door and leave it there until they get fed up and go away
 
I too time waste as much as possible, just because it is fun - especially when they start swearing at you :p
 
Someone posted a website on here sometime back (the name alludes me) that was basically transcripts of people playing along email scammers for days/weeks/months. It was entertaining but kind of sad how persistent the scammers are, some wouldn't stand a chance.

Edit : This is the site https://www.419eater.com/
 
The Register ran a story a while back (https://www.theregister.co.uk/2016/04/29/it_helpdesk_creates_oh_hold_hell/) about someone who created the most hellish hold music , which you can download from that page. It is truly horrible to listen to and suddenly gets louder every so often to split your eardrums. I play that into the phone handset and go make a cup of coffee when I get scammers from BT. (Although obviously not really from BT)

You can hear it here:
 
I too time waste as much as possible, just because it is fun - especially when they start swearing at you :p

I tried that once last year, but it backfired. They had managed to set things so that when you ring 1471 you don't get their number but somebody else's (its legitimate use is for call centres where it gives the same number regardless of the number that was actually used to make the call from). They must change it quite quickly so for 4 hours or so people were trying to ring me thinking I had called them. I expect they are still doing that to hide their actual phone numbers.
 
I tried that once last year, but it backfired. They had managed to set things so that when you ring 1471 you don't get their number but somebody else's (its legitimate use is for call centres where it gives the same number regardless of the number that was actually used to make the call from). They must change it quite quickly so for 4 hours or so people were trying to ring me thinking I had called them. I expect they are still doing that to hide their actual phone numbers.

Whilst doing 'nasty' things to the scam callers may seem appealing, it can and does end up with more hassle in many cases - eg getting lots of extra calls at 3am, or having taxis/pizzas sent through to your address (which as they have your number, they probably have too). Not worth the risk for the 2 minutes of satisfaction you get from it.


As for the Caller ID, it isn't anything fancy or clever and absolutely nothing to do with 1471.

They simply faked the CLI on the outgoing call which is simple to do. Some networks now block known bad CLIs and there's work starting to check/validate CLI, but it won't happen generally until core network is All IP, so several years.

DO NOT EVER TRUST CALLER ID! NEVER!

That applies whether that is for banking stuff, or buying something from someone 'local' or some girl/guy you met on Tinder who says they are in Reading/Bristol etc and gives you a local number to call them on (all of which happen a lot, so beware)
 
Whilst doing 'nasty' things to the scam callers may seem appealing, it can and does end up with more hassle in many cases - eg getting lots of extra calls at 3am, or having taxis/pizzas sent through to your address (which as they have your number, they probably have too). Not worth the risk for the 2 minutes of satisfaction you get from it.


As for the Caller ID, it isn't anything fancy or clever and absolutely nothing to do with 1471.

They simply faked the CLI on the outgoing call which is simple to do. Some networks now block known bad CLIs and there's work starting to check/validate CLI, but it won't happen generally until core network is All IP, so several years.

DO NOT EVER TRUST CALLER ID! NEVER!

That applies whether that is for banking stuff, or buying something from someone 'local' or some girl/guy you met on Tinder who says they are in Reading/Bristol etc and gives you a local number to call them on (all of which happen a lot, so beware)

It's called CLIP _ Calling Line Identity Presentation - Any number can be made to look like another. Some customers have the ability to set their own, however in the UK the are rules and regs around it, and you can really get your asses kicked as a company... outside the UK it's obviously not as easily regulated, if at all!

The example you put with Tinder is different - that's just Voip local access numbers - obviously a different thing, but equally as accessible!
 
Some customers have the ability to set their own, however in the UK the are rules and regs around it, and you can really get your asses kicked as a company... outside the UK it's obviously not as easily regulated, if at all!

That's true Paul, but as a carrier we take calls from other carriers and pass them on. We 'trust' that the CLI is correct, but have no means of checking that is the case, so regardless of Ofcom rules, no-one can validate the CLI is genuine. If STIR/SHAKEN type signatures come in, then we may be able to, but there are issues with it (eg lack of a central porting database) and it isn't imminent.

CLI issues happen on in-country calls, but is very common on calls which originate internationally - but to the consumer picking up the phone, there's no visible difference.

Some carriers in certain countries have now started blocking calls which are signalled as originating outside the country, but have an in-country CLI (for example, we've had issues getting calls into France for our French customers). However, that causes lots of problems as many large companies have consolidated their call processing, or even moved it to cloud, and many call centres are based in one place, servicing many countries.
 
yeah but the point is that no local number can be or should be originated from abroad so I have little sympathy but understand they are trying to provide a better experience. There are international numbers those folks can and should use.

Neil.
 
Last edited by a moderator:
You can have some fun playing around with SIP and Geographic presented numbers [emoji106]

Dood - your idea of fun and my idea of fun clearly is some margin apart [emoji23]


Sent from my iPhone using Tapatalk Pro
 
Back
Top Bottom