I estimate that I have received over one hundred scam calls from call centres in India purporting to be TalkTalk technical support. These people clearly have account details that they have obtained through the hacking TalkTalks data systems. The details they have include phone numbers, names and account numbers. They use this information to persuade TalkTalk customers that there is a problem with their router that is slowing their internet connection and they will fix this for them straight away.
Having first disconnected my PC from the Internet I have taken the trouble to 'go along' with this scam to find out what it is that they are looking to obtain. Essentially through some smooth talking they take the unsuspecting customer through a script that, through the use of TeamViewer, gives the scammer full access to the customers PC and with it access to all of their private information including bank account details and all user names and passwords.
I have reported this to Dido Harding and discussed the matter with her staff, it became clear that TalkTalk know about this wide spread scam, however, other than 'working with the authorities', they are not doing anything to protect their customer from the scam.
I suggested that TalkTalk could do their customers a real service by emailing all of their customers advising them of this scam but they seemed unwilling to do this. I feel that it is scandalous that TalkTalk, knowing that thousands of their customers are being targeted every day by very credible scammers, knowing exactly the format of the scam, are not prepared to even attempt to protect their customers from very significant potential financial loss by sending them a simple email or letter.
Perhaps Donna Moore would like to comment on why TalkTalk are not prepared to take this very simple step to help protect the many thousands of people who are receiving these scam calls daily.
Thanks very much for your comments and questions and I am very sorry to hear your getting so many scam calls.
We are working hard to protect our customers from scammers and have already made some good progress;
- Back in June we have contacted all our customers to warm them about scammers tactics and hot to project themselves. We saw a good open rate and a high increase in the number of customers activity their Last Call Barring and Caller Display privacy features.
- We now have another campaign running "Hang Up, Make Tea and Call Back", this includes;
- Emailing our base again with more advice.
- Extensive Digital Awareness with the first video published, this has received over 1 million views and shared with 3.1 thousand.
- Part 2 video will follow soon which will demonstrate the scammers tactics in more detail
- We have trained all our Engineers so they can increase awareness during home visits and leave customers brouchers and a coaster with more information on how to protect themselves.
- This month we are Posting over 700k leaflets to customers to increase awreness.
- We play a message on all our incoming calls to warn customers about scams in the Uk and where to find out more at talktalk.o.cuk/scams
- We have increased the time to block numbers on the network. Now if you report a number online and it meets the criteria, we will block the call on our network within the hour
- We also have a number of new featrues we are building that will hopefully stop the scammers reaching our customers, these are due early next year.
We have lots more we are doing and more than happy to speak to you in more detail if you would like to message me your number.
I hope that helps answer your question.
Thanks for your reply, I must say you make it all sound very positive, however, although I do remember receiving a general communication from TalkTalk around June regarding scams in general I do not believe that I received a letter or email that related to this specific scam but please correct me if I am mistaken.
Regarding your other points;
I have yet to receive your "Hang Up, Make Tea and Call Back" email
Although I quite like your video this is the first time I have been made aware of it so I'm not sure where you have been hiding it.
I haven't received a leaflet from your recent campaign and 700,000, although a large number, is a small proportion of your customer base so its not particularly proactive.
I have just called TalkTalk and did not hear a message warning me of scams so perhaps this hasn't been implemented yet
When you say "we have increased the time to block numbers on the network" I assume you mean 'reduced' the time but that is splitting hairs!
So as I said above, this all sounds positive and proactive but in reality I feel that it is really a matter of 'could do better' as my old teacher frequently told me! I will concede that the initiatives you have written about are worthwhile if a little late, but surly it would be very much easier and more effective to have just written to all customers advising them of the specifics of this particular scam months ago.
Going back to my original post and my question which you have not answered, why is it that TalkTalk are so reluctant to write to all of their customers advising them of this particular scam.
Since my personal data wasn't hacked in the big hack and there was of course nothing to worry about our talk talk phone number has been incessantly called at times on multiple calls per day daily basis and never less than several times per week. The callers always claim to be from talk talk, they know the account holders name and phone number, the most likely have other account holders information. Talk Talk has never come clean to me about what personal data was lost and has never offered any help.
Since Talk Talk announced just a tiny number of customers have a DSL3780 and that no-one was affected I guess our variable connection and connection loss over the following 3 weeks was just my imagination. And obviously there is nothing to worry about. No chance of anyone exploiting the non-loss of account data and / or the router hack to get into our wi-fi devices.
But what am I saying, nothing happened and no-one was affected. There was only one DSL3780 customer in the UK and they were on holiday and anyone who thinks it was tens of thousands of DSL 3780 customers or so would be completely deluded. What a wonderful firm. I 'm so pleased to be a Talk Talk customer.
I've just received a scam call from a pakistani sounding man using this number: 07709 467857 He was claiming to be calling from Talk Talk and that he was calling to 'fix wifi and router issues which were compromising security on my account.' I asked how I would know he was from Talk Talk and he went on to confirm my name, account number and postcode but I was still very dubious.
Firstly he was calling from a mobile number and secondly he was asking me to change things on my computer. I said 'why would you need me to change settings via my computer when its a wifi issue?' I told him I would call Talk Talk myself. Following this he became quite aggressive and said he would cut off my broadband.
I then reported the number to Talk Talk and asked them how the scammer had my personal information. The lady replied that they must have found some paperwork in the rubbish but I said that's impossible as I burn anything with personal information on. With that there was no response. I like the way Talk Talk are completely denying the whole security breach!
Before switching providers, I'm going to request that my account number is changed as I think that's the least they can do!
Still no sign of that "Hang Up, Make Tea and Call Back" campaign mentioned in November...
Guess they meant by saying "Emailing our base again with more advice." they meant sending an email around their office rather than their customers...
Did anyone ever get the email / contact sent by TalkTalk in June? I didn't.....
What I can’t understand is why people don’t take more responsibility for their own security. Many seem too trusting and take as valid proof of identity things which they have been told should not be so taken. TT states “TalkTalk will never use your TalkTalk account number to prove a call is genuine" and "Scammers are becoming increasingly sophisticated, so you should also be wary of the following: Calls or emails about a technical issue that you're not aware of". It also states that it will never ask for a full password, bank details or ask you to send money through services such as MoneyGram or Western Union but people still ignore this advice. Banks, on their websites, also draw people's attention to what they will and will not do and yet people still get caught out by ignoring those instructions which could have prevented them from being scammed.
Some people take what they are told on trust despite knowing that there are those whose motives are not benign. They could so easily buy thinking time by thanking the caller for drawing their attention to a problem but, because they don't have time at present to deal with the problem (e.g. there is a caller at the door with a delivery or there is a taxi waiting or whatever), they must end the call and will call the organisation the caller claims to represent and will arrange for the problem to be addressed. Of course, they must then put down the phone to prevent the scammer from fobbing them off with some story which would seek to control their actions.
Some people make a link between receiving scam calls and what they perceive to be the source of the scammer’s information. That link may or may not be correct. They think that they should be safe because they assume that they have never given out their email address or telephone number or whatever. Whenever one establishes a communication link then the address or number is available to the recipient if one expects to receive a reply. What the sender does not know is what happens to that information. Can a person be really sure that their number has never belonged to someone else previously? Can they be sure that it has never been given to any person or organisation which may have been hacked? Can they be absolutely sure that they have never picked up the phone in response to a call only to find nobody there, thereby telling a computer making random calls that the number it has called is valid?
Unfortunately hacking, scamming, spamming and other devious actions are as much a part of the electronic communications world as junk mail is to the postal service. There is no compulsion to respond to an unknown caller so why do people with caller display even bother to pick up the phone when there is a call from an unknown source? Let it go to an answer service where the caller can leave a message if it is important. On the other hand it can be fun to give a scammer a run-around and listen to him trying to get back on track. What's more the entertainment is free.