Episode 011 - The time I almost got scammed.

So this post isn’t like my others, it’s not related to Linux, Gaming or Laptops. I had a bit of a WTF moment when it came to telephone scams.

I had a call from a ‘private number’ they claimed to be my mobile provider. Alarm bell number 1 🔔. They said that there has been an attempt of upgrades on my account with telephone ending in *64 ( which it does ). OK I thought, could be legit, let’s hear him out. He waffles on for a bit about what phone that is being upgraded etc. To which I politely ask, “is there a number I can call you back on as it’s showing private number”. Hesitant, but the chap on the phone obliged , says , “yea that’s not a problem, these internet phones display private numbers sometimes”.

I thought, yes, got him, not gonna hear back from him, that obviously was a scam. Low and behold, got a call back, it was an 0344 number, ended 0202, ( now I worked in a phone shop and had to call service providers a lot, so memorized customer service numbers, this one seemed legit to come from O2, but to double check got the wife sat next to me to Google it. ) , Regardless, I answered. It started off the same as last time, went through the whole thing again, never onced, confirmed my name, date of birth or secret question that my provider normally asks. (Alarm bell number 2 🔔). A few results down on Google people says scam, scam scam etc but then the number showed up on the O2 website, so it’s got to be legit. Right?

Back to the phone call. He asks “if you have 5 minutes, we have some questions to help identify this fraud and to cancel any upgrades” . At this point I’m 50/50 so cautiously I go along, he asks “are you trying to upgrade your phone.” I’m like “No , I’m sat at home”. He then proceeded to ask if I’m near Bolton, I’m not so say “No”. He then says one thing that a lot of O2 customer services say ” I’m about to send through a code to your phone to confirm your identity” ( Alarm bell number 3 🔔). I genuinely get a SMS from O2 with a code, I’m like WTF!? this could be real and not a scam.

Still, not 100% convinced I’m speaking to someone, actually from O2, I say ” I’m really sorry, my kid has just woke up, I’m going to have to go, can I call back in 5″.

This so when all the bells rang at the same time 🔔🔔🔔🔔. He says “This will only take a second , please read our the code I sent you”. To which I say “Sorry , I really have to go see to my kid” his response is what got me “It will only take a second, what’s the problem”. I again explained that I have to tend to my kid. He said “Fine I will have to put a block on your number which will be in place within 30min”. I replied “No problem, I will see my kid and call back”. I genuinely think if I had of gave the code I received, I would have had several follow up SMS about an upgrade and an email or two about password change for my online O2 account. ( This is were I should do a post about passwords and password managers)

Instead of calling the number that dialled my phone, I called “202” which I know is O2 customer service number from an O2 phone. I go through the automated voice prompts to try get through to a person to see if this was a genuine call. I got through to a person, the first thing I was asked “Am I speaking to the account holder” , then “Can you confirm your name” , then “we have a security question on the account, can you give me the answer to this?”. I complied to these questions as I know was on the phone to an O2 customer service advisor, because “I CALLED THEM”.

O2 confirmed there was nothing on my account that would alert this, no notes left by a previous customer service advisor.

Key points to take away from this:

1. Private numbers – I generally don’t answer but these are not always a bad thing, but should get some Alarm bells going
2. If they call saying they are from “Your Bank” “Your mobile provider “( even if they identify your provider like they did with me , they stated they were from O2)
3. If they are from a “Fraud team” should be an alarm bell. This gives the scammers the element of urgency which a lot of people fall for.
4. Back to number 3, if genuine, the customer service advisor should have no issue if you ask if you can call them (from the number on their website or the number on the back of your bank card)
5. Language, is another key thing, some sound very convincing and ask all the right questions to get what they want, some get frustrated if they don’t get what they want which is a major alarm bell.
6. DPA Questions – most companies would need to ask some basic security question to prove that they are speaking to the account holder. “Full name” “Date of birth” “Post code” “First line of address” “Security question” etc. But if the person calling isn’t who that say they are, you are giving them the answers they need to call your bank or provider and pretend to be you. Bringing me back point 4, if you are not comfortable being called and asked these questions, ask to call them.
7. You can’t confirm that the person calling you is who they say they are, unless you call them. This case is a prime example, they called from a number that was genuine.