cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Online security

Get answers and information about our security products.

Identity Theft - Attn OCE please

davecm
Whizz Kid
Private Message TalkTalk
Message 6 of 6

My partners details can be found in the private details section of my community profile, and I can provide their Talktalk email address on request, by PM.

On 24th Dec at 9:38, my partner's Talktalk and email account login password was changed but not by the account holder or with their knowledge. There was an email alert at 9:38 warning of the password change, but no details of who had changed it. The TT account and IMAP email were therefore inaccessible.

Later that day I reset the password myself and the alert email contained my own IP address, confirming it was me who had made the later change. I added 2FA to the login, having spotted that a s a new feature. I then updated the passwords on all of my partner's devices IMAP email clients.

I would like to know if your audit trails contain the IP address of the person making the TT account/email password change at 9:38 on 24th. The alert email for that contained no IP address. That would at least tell us the country and ISP of the person who made the change.

This unauthorised change could only have been made in one of 4 ways: 1) by someone else who had the original password, but nobody does, 2) a brute force attack, which should have been blocked if multiple incorrect passwords had been entered, 3) A malicious actor within an organisation who had access to the login credentials, 4) By using a password reset email sent to a recovery email address to which the mailcious actor had access. Such an address exists for some online accounts, but I cannot see that it exists anywhere in my partner's Talktalk account details, or that Talktalk make any provision for a recovery email. Can you confirm that?

I have attempted to pursue this through the normal support chat channels,  but was passed from Account and Billing who fobbed me off, to Technical Support, who never joined the chat. You may have access to the chat record.

The identity theft attempt has been pretty determined, with the compromised Talktalk email address having been used to attempt, but failing, to set up new accounts on various online platforms, and literally hundreds per day of phishing emails suddenly arriving in the TT Inbox. I have installed an email client with good automated Junk filtering and address blocking, so that's now reduced to a minimal level, and I'm monitoring it several time per day.

Windows, Android, Synology NAS
0 Likes
5 REPLIES 5

Message 1 of 6

If you don't see any unrecognised devices that's what I wanted to check with you. So if you have successfully upgraded the mailbox password and kept that safe then I'm confident the mailbox is secure.

 

So, just double check all email devices that have connected to the mailbox to ensure all have been scanned for password capturing viruses, trojans or other malware because I assume at this point you don't know how the password came to be discovered. 

GondolaCommunity Star 2017-2024

  Like below to appreciate my post . . . Mark as solved  Accept as Solution

Message 2 of 6

Thanks again for the reply.

Confirming that the Talktalk user account password was the one with the unauthorised change.

The Security page you refer to only shows currently logged in devices, not a history of who was logged in at a specific date and time, or when and where the password was changed.

I'd like to determine from where the Talktalk account password was changed at 9:38 on 24th if that data is available. I have some IP address location data relating to the other identity theft attempts, and want to see if there is any commonality.

Windows, Android, Synology NAS
0 Likes

Gondola
Philosopher
Private Message TalkTalk
Message 3 of 6

Hi Dave

 

TalkTalk Mail does not currently support Two Factor Login (2FA) so that suggests you're actually referring to a TalkTalk customer MyAccount login that does now support Multi Factor Login (MFA) via an authentication app. This now improves security for the MyAccount login so well done for adding the MFA authentication feature. The Community login is now also linked to the customer MyAccount and therefore uses passwordless authentication.

 

If the MyAccount login does use a TalkTalk Mail email account as the login username then TalkTalk must have fixed the inability to change the password. An incident was being worked on that you can view on the  My Connection dashboard - scroll down to the service status reports page for email. 

 

You can view all devices that have signed in to a TalkTalk mailbox via the Security feature.

 

Select here: Sign in to TalkTalk Mail

Enter your full TalkTalk Mail email address, select Continue and enter the password, select Sign in.

  • Select the cog icon top right (desktop browser) or triple line icon (mobile browser) followed by the cog icon
  • Select the All settings menu item
  • In the modal that opens select Security
  • You can now see 'Your devices'

Are there any that you do not recognise?

GondolaCommunity Star 2017-2024

  Like below to appreciate my post . . . Mark as solved  Accept as Solution

Message 4 of 6

Thanks for your reply. Both mine and partner's Talktalk accounts are linked to my own Community Profile. So we are unable to create a Community Profile for partner, as their TT email address is already linked to my own.

Reason for that: partner technophobe, me, former IT support manager.

I'm pleased to note that 2FA now appiled to Community logins.

On several previous occasions I have communicated with OCEs on partner's behalf and was they who asked me to add partner's details to my profile. If they need any further verification, I'm sure they will let me know.

Windows, Android, Synology NAS
0 Likes

Gliwmaeden2
Community Star
Private Message TalkTalk
Message 5 of 6

In all such cases the Account Holder must post in their own right on the forum, @davecm.

 

It's not enough to have their details in Private Notes.

 

Any Private Messages with secure links will have to go to and from the account holder. 

 

Staff won't be back on here before Wednesday this week. The billing section should have support 27 / 28 / 29 December. The email and security sections won't have regular staff till after the New Year holiday. 

 

In case it's relevant, worth mentioning your thread from earlier in December:

 

https://community.talktalk.co.uk/t5/Email/Warning-Netflix-Extra-Members-feature-open-to-abuse-Don-t-...

Gliwmaeden2, a fellow customer.
0 Likes