Not a new scam but one that causes endless problems and pain and one I wanted to make you all aware of.
On the 5th of September 2013 a fraudster rang O2 and setup a call forward on my account. How he managed to do this is a mystery as my memorable word "mothers maiden name" is not in fact her maiden name but one I made up specifically for my O2 account.
The 202 operator told me the fraudster knew the above word, hard to believe as it's only in my head. I'm not a stranger to fraud or identity theft given I'm an IT Professional in IT Security recently supporting a large insurance company previously supporting a bank. So as you might imagine my levels of security on my own systems and accounts are not the same as the average user.
Being required to follow extremely high levels of professionalism and security in your work rubs off, not only that but seeing the issues bad security causes others on a daily basis can be alarming. Thereby motivating you to practice sometimes extreme measures to protect yourself.
The said fraudster had arranged the call forward to receive a call back from my bank, he transferred £15,000 to an account in the USA. It turns out he knew a lot of things about my bank account, so much so that I can't help but wonder if it was an inside job. Now he may have found another way to perform his fraud but had my O2 account not been breached it may have slowed or stopped him in his tracks.
What is more worrying is both the banks and mobile operators are aware of this kind of fraud, which makes me wonder why they haven't implemented a simple second level of security ie text the registered user when a call forward is configured "Your number has just been forwarded to xxxxxx xxxxxx if this is correct reply 1 if not reply 9". Very simple to implement and a process already used by banks etc.
I'm still waiting for O2 to reply to my requests for the incoming fraudsters call to be reviewed 21 days after alerting them to this. I've also made a number of calls to 202 and emailed the complaint review team on more than one occasion. Most of the replies are towing the company line with the usual phrases:
"I understand this episode has been stressful for you. Please treat this situation as a one off, but I'm very sorry that you've had such a difficult time recently."
I'd like to inform you that we work under the confines of the Data Protection Act and to keep our customers details safe is our top most priority. We never compromise on our security checks and ensure that we're dealing with the account holder. It may be possible that the fraudster had access to your details due to which he/she was able to make changes to the account."
But the reply to my last email was very annoying:
"I'm sorry for the trouble I understand your frustration but I'm afraid we won't be able to contact our fraud team. So, I'd suggest you to please contact them directly on the number given in my previous email. They'll then help you with your concern."
Is the complaint review team really unable to contact the fraud team, where I work it can contact anyone even my CEO in the states.
So I rang 202 again a very helpful lady immediately tried to transfer me to the fraud team but as they were busy they would ring me back. Surprise surprise another lady rang me back 2 hours later but didn't even know it was a call forwarding fraud in fact she knew nothing about my case at all. She's going to ring me back, there's a surprise and I've insisted they listen to the fraudsters call and inform me truthfully what happened. By the way they only do that when requested??? Surely any fraud investigation requires knowledge of that call but it seems not.
So an incomplete investigation so far and I'm still waiting.