TalkTalk’s security breaches in the UK and the action it’s taken have been widely publicised. What’s less well-known is the aftermath of a breach like that, and how organised criminals can get involved.
That’s what appears to have happened in the TalkTalk case, as a handful of Indian “contact centre” workers have claimed they were hired specifically to persuade TalkTalk customers to hand their data over. They were part of a 60-strong team, they stated.
It was in effect an old scam; they would call and claim to be working for TalkTalk, and suggest there was a problem with the computer, and persuade the customer to install malware that then enabled the criminals to get into the system and raid bank details and other confidential information. The problem is not independently verified but according to a BBC report it appears likely that it is genuine, and related not to TalkTalk but to one of its subcontractors.
Whether this instance is real or not (and it appears to be), it’s certain that people get calls from people claiming there is a problem with a computer and that their company (they might claim to be Microsoft, for example) is the only one that can help.
Naked Security’s standard advice is to hang up when one of these calls comes in, however tempting it is to string along or taunt the caller.
We’d also urge companies to put better controls in place sometimes – banks will never ask for complete passwords, for example, but one of our staff had to call his ISP last week and they wouldn’t act without the complete word rather than individual letters.
We talked to Action Fraud, attached to the City of London Police, which issued an infographic with practical points on it in response to the TalkTalk issue. It points out that legitimate companies will never cold-call requesting remote access to your computer or for financial details. It adds:
Even if the caller is able to provide you with details such as your full name, don’t give out any personal or financial information during a cold call.
If you’re in the UK and have been approached by a scammer, call Action Fraud on 0300 123 2040.