"Scammers stole £40k after EDF gave out my number" https://www.bbc.co.uk/news/articles/ckg885lxd3jo
[An unfortunate choice of photo of the victim, he looks really cheerful
about it.]
"A man targeted by fraudsters who got his mobile phone number from an
energy company said he often woke up in the night thinking "what next?".
Stephen, from Hertfordshire, had more than £40,000 taken from a savings account after his name and email address was used to get the information
from EDF.
Within 48 hours of his mobile phone number being divulged, his accounts
with O2, Nationwide Building Society and Virgin Media had all been compromised.
EDF said such incidents were rare but it took them seriously and added:
"We are sorry for the difficulties this fraudulent caller has caused Stephen."
...
'£50 to close the case'
After more than a week, EDF finally responded about the call it thought Stephen made at 11:00 GMT on 3 February.
EDF explained the fraudster had his name and email address and had asked
EDF to give them his mobile number, which the company did.
"I said, 'Why would you do that?' They said the person had gone through security. 'With a name and email address', I asked?," he said.
"EDF said, 'Yes' - and then offered me a £50 goodwill gesture to close
the case."
So, EDF allowed them to go from his email address to obtaining his
mobile phone number for a SIM-swap scam, but I wonder how they managed
to go from either to all his savings accounts, unless they'd also
compromised his PC or phone as well; if the latter, why did they need to
go via EDF?
"Scammers stole £40k after EDF gave out my number" https://www.bbc.co.uk/news/articles/ckg885lxd3jo
"A man targeted by fraudsters who got his mobile phone number from an
energy company said he often woke up in the night thinking "what next?".
Stephen, from Hertfordshire, had more than £40,000 taken from a savings account after his name and email address was used to get the information
from EDF.
Within 48 hours of his mobile phone number being divulged, his accounts
with O2, Nationwide Building Society and Virgin Media had all been compromised.
So, EDF allowed them to go from his email address to obtaining his mobile phone number for a SIM-swap scam, but I wonder how they managed to go from either to all his savings accounts, unless they'd also compromised his PC
or phone as well; if the latter, why did they need to go via EDF?
On 3/3/2025 7:27 AM, Java Jive wrote:
"Scammers stole £40k after EDF gave out my number"
https://www.bbc.co.uk/news/articles/ckg885lxd3jo
[An unfortunate choice of photo of the victim, he looks really
cheerful about it.]
"A man targeted by fraudsters who got his mobile phone number from an
energy company said he often woke up in the night thinking "what next?".
Stephen, from Hertfordshire, had more than £40,000 taken from a
savings account after his name and email address was used to get the
information from EDF.
Within 48 hours of his mobile phone number being divulged, his
accounts with O2, Nationwide Building Society and Virgin Media had all
been compromised.
EDF said such incidents were rare but it took them seriously and
added: "We are sorry for the difficulties this fraudulent caller has
caused Stephen."
...
'£50 to close the case'
After more than a week, EDF finally responded about the call it
thought Stephen made at 11:00 GMT on 3 February.
EDF explained the fraudster had his name and email address and had
asked EDF to give them his mobile number, which the company did.
"I said, 'Why would you do that?' They said the person had gone
through security. 'With a name and email address', I asked?," he said.
"EDF said, 'Yes' - and then offered me a £50 goodwill gesture to close
the case."
So, EDF allowed them to go from his email address to obtaining his
mobile phone number for a SIM-swap scam, but I wonder how they managed
to go from either to all his savings accounts, unless they'd also
compromised his PC or phone as well; if the latter, why did they need
to go via EDF?
 It sounds like some of the story is missing. (Not least of which is an explanation of what "EDF" means.)
On 03/03/2025 15:47, Newyana2 wrote:
  It sounds like some of the story is missing. (Not least of which is an >> explanation of what "EDF" means.)
Electricité de France.
I used to have an electricity supply account with them in France.
"Scammers stole £40k after EDF gave out my number"
Java Jive wrote:
"Scammers stole £40k after EDF gave out my number"
Clearly EDF shouldn't go about giving out customer information, but I
ought to be able to paint my mobile number in 1ft high letters on the
side of my house and not have my SIM "swapped"
All UK networks should take extra security measures, such as writing to customers at known address to confirm such a drastic action.
On 2025-03-03 17:13, David Rance wrote:
On 03/03/2025 15:47, Newyana2 wrote:
It sounds like some of the story is missing. (Not least of which
is an
explanation of what "EDF" means.)
Electricité de France.
I used to have an electricity supply account with them in France.
And they do business in the UK also.
 I think the problem is a balance between security and convenience.
If you lose your cellphone, you don't want to have to go somewhere
with a certified letter and drivers license to confirm you are who
you say you are.
Why would I legitimately ever need to be told my own
mobile number?
 So the weak point here, which was supposed to be the strong point,
is 2FA. The secondary weak point is people having online accounts in
the first place. If you're banking online then you're vulnerable. But it's not easy to avoid. I had to call my bank's corporate offices in order
to block the possibility of creating an online account. For most people that's out of the question. People want convenience. Walk to the bank? Fuggetaboutit!
Java Jive wrote:
"Scammers stole £40k after EDF gave out my number"
Clearly EDF shouldn't go about giving out customer information, but I
ought to be able to paint my mobile number in 1ft high letters on the
side of my house and not have my SIM "swapped"
All UK networks should take extra security measures, such as writing to customers at known address to confirm such a drastic action.
Newyana2 wrote:
  I think the problem is a balance between security and convenience.
If you've been careless enough to lose or damage your phone, you deserve
a bit of hurt :-)
If you lose your cellphone, you don't want to have to go somewhere
with a certified letter and drivers license to confirm you are who
you say you are.
I'm envisaging something like you (or the criminals) phone the service provider, they say "fine we'll send a letter with a code to the address
we have on file, call us back tomorrow when you get it", they could even include a new SIM while they're at it. The criminal is therefore cut
out of the loop (if they try to organise post redirection to intercept
the letter, the post office will send notification of the redirection in
the post before they actually start the redirection, so the criminals
can't short circuit it that way.
Chris wrote:
Why would I legitimately ever need to be told my own
mobile number?
But why is knowing my mobile number sufficient to rip off my mobile account? I'd say hundreds of people know my mobile number ...
I'd be stupendously annoyed at any company giving my phone number to anyone including myself. Why would I legitimately ever need to be told my ownTrue enough, but why should knowing anyone's phone number let the
mobile number?
Andy Burns <usenet@andyburns.uk> wrote:
Java Jive wrote:
"Scammers stole £40k after EDF gave out my number"
Clearly EDF shouldn't go about giving out customer information, but I
ought to be able to paint my mobile number in 1ft high letters on the
side of my house and not have my SIM "swapped"
You can. But if you /also/ add your full name and email address, then all bets are off.
All UK networks should take extra security measures, such as writing to
customers at known address to confirm such a drastic action.
I'd be stupendously annoyed at any company giving my phone number to anyone including myself. Why would I legitimately ever need to be told my own
mobile number?
They managed to did a SIM swap. For this they needed to trick some
agency that duplicates SIMs into thinking it is really you who requests
the duplicate SIM.
It is not a choice for us, they are removing physical offices, and they
have fewer employees. I even have to book an appointment to get inside
the bank office. Even if I want to cash a big cheque into my account!
Ironically, unless someone can hack into my computer they have
virtually zero chance of taking over my accounts. First, I don't have
online accounts, generally. Second, since I don't use 2FA an attacker
would have to somehow get my email passwords.
How does that work? 2FA requires a code *and* the password. You're removing
a layer of security.
On 3/3/2025 3:35 PM, Carlos E.R. wrote:
It is not a choice for us, they are removing physical offices, and   I didn't know that. There are somewhat less banks here,
they have fewer employees. I even have to book an appointment to get
inside the bank office. Even if I want to cash a big cheque into my
account!
but I can easily walk to mine. There are banches in most local
towns, so I can easily get to an ATM. My bank is open 7 days,
usually with 2 tellers on duty. And I can deposit checks in the
ATM, too.
 It's scary to me how fast people are accepting online banks.
They pay better interest, but what are the guarantees? I would
never get an online bank account. There are safer ways to get
interest.
On 3/3/25 1:35 PM, Carlos E.R. wrote:
On 2025-03-03 20:04, Newyana2 wrote:
  So the weak point here, which was supposed to be the strong point,
is 2FA. The secondary weak point is people having online accounts in
the first place. If you're banking online then you're vulnerable. But
it's
not easy to avoid. I had to call my bank's corporate offices in order
to block the possibility of creating an online account. For most people
that's out of the question. People want convenience. Walk to the bank?
Fuggetaboutit!
It is not a choice for us, they are removing physical offices, and
they have fewer employees. I even have to book an appointment to get
inside the bank office. Even if I want to cash a big cheque into my
account!
I always cash checks using my bank's phone app. No physical bank necessary. You don't have that capability there ??
On 2025-03-03 23:58, AJL wrote:
On 3/3/25 1:35 PM, Carlos E.R. wrote:
On 2025-03-03 20:04, Newyana2 wrote:
So the weak point here, which was supposed to be the strong
point, is 2FA. The secondary weak point is people having online
accounts in the first place. If you're banking online then
you're vulnerable. But it's not easy to avoid. I had to call my
bank's corporate offices in order to block the possibility of
creating an online account. For most people that's out of the
question. People want convenience. Walk to the bank?
Fuggetaboutit!
It is not a choice for us, they are removing physical offices,
and they have fewer employees. I even have to book an appointment
to get inside the bank office. Even if I want to cash a big
cheque into my account!
I always cash checks using my bank's phone app. No physical bank
necessary. You don't have that capability there ??
It is not that type of check, see my other reply.
I have not seen a normal check in a decade.
I always cash checks using my bank's phone app. No physical bank necessary. You don't have that capability there ??
Newyana2 <newyana@invalid.nospam> wrote:
On 3/3/2025 4:38 PM, Chris wrote:
Ironically, unless someone can hack into my computer they have
virtually zero chance of taking over my accounts. First, I don't have
online accounts, generally. Second, since I don't use 2FA an attacker
would have to somehow get my email passwords.
How does that work? 2FA requires a code *and* the password. You're removing >>> a layer of security.
If they're able to take over your phone # they can just go
around to accounts and click "I lost my password". A reset
code wll then be sent to the cellphone.
That's not how it works. At best you get sent a reset link to your email. This means the attacker needs to know your email account details as well as the username/login for the service.
You're dependent on a single factor. If your password is exposed or, more likely, the company's security has been compromised via other means then an attacker has free reign.
Yes, the chances are low, but the potential damage is much higher then if
had 2FA.
2FA is not a security improvement. It's a gimmick to enable
far more exptensive tracking of people by linking phone ID and
location to other data.
Your paranoia is clouding your judgement.
On 3/3/25 1:35 PM, Carlos E.R. wrote:
On 2025-03-03 20:04, Newyana2 wrote:
So the weak point here, which was supposed to be the strong point,
is 2FA. The secondary weak point is people having online accounts in
the first place. If you're banking online then you're vulnerable. But it's >> not easy to avoid. I had to call my bank's corporate offices in order
to block the possibility of creating an online account. For most people
that's out of the question. People want convenience. Walk to the bank?
Fuggetaboutit!
It is not a choice for us, they are removing physical offices, and they >have fewer employees. I even have to book an appointment to get inside
the bank office. Even if I want to cash a big cheque into my account!
I always cash checks using my bank's phone app. No physical bank necessary.
You don't have that capability there ??
AJL wrote:
I always cash checks using my bank's phone app. No physical bank
necessary. You don't have that capability there ??
Cheques are almost extinct in the UK, if it wasn't for dealing with
my parents' estates I wouldn't have received any in the past decade.
Yes, we have the ability to photograph a cheque to bank it, but
there are limits on amounts and quantities per week ...
On 3/4/2025 3:13 AM, Chris wrote:
Newyana2 <newyana@invalid.nospam> wrote:
2FA is not a security improvement. It's a gimmick to enable
far more exptensive tracking of people by linking phone ID and
location to other data.
Your paranoia is clouding your judgement.
Famous last words of the ostrich. The whole point of this
thread is about a man who got SIM swapped and lost 40K
pounds! Your neighbor has just been eaten by a lion. Keeping
his head in a hole didn't protect him. What a shocker!
However, the one thing I like about checks is that I can write one out
in a few minutes and hand it (or mail it) to ANYONE. I don't need
complicated account numbers or apps for the transfer.
AJL <noemail@none.com> wrote: [...]
However, the one thing I like about checks is that I can write one
out in a few minutes and hand it (or mail it) to ANYONE. I don't
need complicated account numbers or apps for the transfer.
I understand/appreciate that aspect of using checks, but don't miss
it. Good riddance with checks.
As to "I don't need complicated account numbers or apps for the
transfer.":
I've probably mentioned this before: In our country (NL) - and
probably many others - we can transfer money to a person's phone
number, to their WhatsApp (normally same number) or e-mail address
and can do the same for requests for money. The only 'app' (or
website) needed is one's normal banking app/site.
[...]
Being old fashioned I still send snail mail birthday/graduation/etc
cards to my grand/greatgrandkids locally and around the country. Adding
a check in the card when appropriate takes just a few minutes longer. I
find it handy and so far they've not complained.
But I suspect checks
will eventually go away here as they have elsewhere. I imagine I will
adapt when the time finally comes (if I'm still here)... 8-O
If someone has your emails and your mobile phone number you are royally screwed. Yes, even you.
On 3/4/2025 4:09 PM, Chris wrote:and then delete them from the server. I don't use either for
If someone has your emails and your mobile phone number you are royally
screwed. Yes, even you.
 I'm repeatedly struck by how much cellphone addicts can't
imagine any other way to live. My cellphone has no address book,
no apps to speak of, no passwords. I keep it in case I need to
make a phone call away from home. If someone steals it then
I'd just buy another $40 TracFone amnd another $20 card to
get me 3 months usage. No big loss.
 My emails are not sitting on a server somewhere. I download> them
banking, shopping, transmitting credit card numbers, etc.
 So, no, I would not be "royally screwed". I don't live the reckless e-lifestyle that you believe is unavoidable.
On 05/03/2025 1:43, Newyana2 wrote:
On 3/4/2025 4:09 PM, Chris wrote:and then delete them from the server. I don't use either for
If someone has your emails and your mobile phone number you are royally
screwed. Yes, even you.
  I'm repeatedly struck by how much cellphone addicts can't
imagine any other way to live. My cellphone has no address book,
no apps to speak of, no passwords. I keep it in case I need to
make a phone call away from home. If someone steals it then
I'd just buy another $40 TracFone amnd another $20 card to
get me 3 months usage. No big loss.
  My emails are not sitting on a server somewhere. I download> them
banking, shopping, transmitting credit card numbers, etc.
That is what Oliver North thought happened....
  So, no, I would not be "royally screwed". I don't live the reckless
e-lifestyle that you believe is unavoidable.
In the UK its pretty much unavoidable. Bank branches are closing, so for example if you live on parts of the Yorkshire Dales you nearest branch
might be a 45 minute drive away down country lanes....
https://www.darlingtonandstocktontimes.co.uk/news/23289735.fury-closure- bedale-leyburn-barclays-branches/
... many government tasks have to be done on-line. Watching a TV
program last night, on claiming some pension credits you need to do it on-line. What if you have no on-line access some one asked, the answer,
go to the library or ask a friend...
Now I know to do these things in the UK on-line requires a mobile linked
to an e-mail account, so lose your mobile and buy a new one you are screwed...
So, no, I would not be "royally screwed". I don't live the reckless
e-lifestyle that you believe is unavoidable.
In the UK its pretty much unavoidable. Bank branches are closing, so for example if you live on parts of the Yorkshire Dales you nearest branch
might be a 45 minute drive away down country lanes....
... many government tasks have to be done on-line. Watching a TV
program last night, on claiming some pension credits you need to do it on-line. What if you have no on-line access some one asked, the answer,
go to the library or ask a friend...
Now I know to do these things in the UK on-line requires a mobile linked
to an e-mail account, so lose your mobile and buy a new one you are screwed...
So, no, I would not be "royally screwed". I don't live the reckless
e-lifestyle that you believe is unavoidable.
That's true. Seeing as you don't use 2FA an attacker only needs access to your email account to screw you over.
On 3/4/2025 4:09 PM, Chris wrote:
If someone has your emails and your mobile phone number you are royally screwed. Yes, even you.
I'm repeatedly struck by how much cellphone addicts can't
imagine any other way to live. My cellphone has no address book,
no apps to speak of, no passwords. I keep it in case I need to
make a phone call away from home. If someone steals it then
I'd just buy another $40 TracFone amnd another $20 card to
get me 3 months usage. No big loss.
Now I know to do these things in the UK on-line requires a mobile linked
to an e-mail account, so lose your mobile and buy a new one you are screwed...
It is the same in Spain. I live in a biggish city (~200K inhabitants).
The bank branches are gone, now I have to walk farther. I'm fortunate,
there are still branches at walking distance, villages in the country
side may have no branches at all. Maybe not even an ATM.
If I want to put some savings in a fund, I have to talk over the phone
with someone at their central offices, the people at the branch do
nothing, they no longer do it. And the signing operation maybe done on
the computer or on the phone, reading unreadable tiny documents on the screen. Even if I go to the office to see papers, I have to sign them on
the phone.
It doesn't matter what I think about having a smartphone.
Chris <ithinkiam@gmail.com> wrote:
[...]
Fortunately, the victim has had his 40k refunded.
Do you have a reference - with details - for that? I.e. who accepted responsibility for which fault(s)?
Fortunately, the victim has had his 40k refunded.
But it's changing very quickly. Apple invented
computer cellphones in 2008.
On 2025-03-05 14:25, Frank Slootweg wrote:
Chris <ithinkiam@gmail.com> wrote:
[...]
Fortunately, the victim has had his 40k refunded.
Do you have a reference - with details - for that? I.e. who accepted responsibility for which fault(s)?
Quote: «National Savings and Investments said it had refunded him the
money taken from his account.»
And that's the £40000, because earlier it reads (quote):
«Worse news was to come, when he learned his National Savings and
Investments password had been changed.
"After an hour of talking to different people there, they said, 'You've actually taken out a very large amount of premium bonds, over £40,000',"
said Stephen.»
On 05/03/2025 13:47, Newyana2 wrote:
But it's changing very quickly. Apple invented
computer cellphones in 2008.
Could somebody clarify the exact meaning of "But it's changing very
quickly. Apple invented computer cellphones in 2008" ?
On 3/5/2025 7:15 AM, Carlos E.R. wrote:
It is the same in Spain. I live in a biggish city (~200K inhabitants).
The bank branches are gone, now I have to walk farther. I'm fortunate,
there are still branches at walking distance, villages in the country
side may have no branches at all. Maybe not even an ATM.
If I want to put some savings in a fund, I have to talk over the phone
with someone at their central offices, the people at the branch do
nothing, they no longer do it. And the signing operation maybe done on
the computer or on the phone, reading unreadable tiny documents on the
screen. Even if I go to the office to see papers, I have to sign them
on the phone.
It doesn't matter what I think about having a smartphone.
 It sounds like you could live without a cellphone, just as
I can.
can't call an Uber or rent an AirBnB. The cellphone has
become the only accepted ID for those. On the other hand,
I have no interest in either service. They're parasites.
 But it's changing very quickly. Apple invented
computer cellphones in 2008.
told me not to call their cellphone because it cost too
much. Only in recent years has it become a lifestyle
of constant texting and cellphone-everything. Maybe it's
less dramatic in the US
because here the cellphone lifestyle is still an urban
lifestyle. Rural areas just don't have the coverage.
Though Musk may end that limitation with his new
satellite service.
 Eventually I suppose we'll have embedded chips,
with ear and cornea implants. All voice activated.
Then we'll all be convening here to discuss the best app
to stop from hearing tampon ads at 3 AM.
David Wade <dave@g4ugm.invalid> wrote:
[...]
Now I know to do these things in the UK on-line requires a mobile linked
to an e-mail account, so lose your mobile and buy a new one you are
screwed...
Why would you be screwed? Yes, a new phone costs money, it's -
rightfully so - a hassle to get a replacement SIM and restoring your
apps and data is not all that easy, but "screwed"?
On 3/5/2025 9:27 AM, Abandoned Trolley wrote:
On 05/03/2025 13:47, Newyana2 wrote:
But it's changing very quickly. Apple invented
computer cellphones in 2008.
Could somebody clarify the exact meaning of "But it's changing very quickly. Apple invented computer cellphones in 2008" ?
Why did you snip the rest of my description of rapid change?
Today most people -- as evidenced in this group -- are living
their lives from a kind of personal control booth, which is their
cellphone.
Computer phones have only existed for about 17 years.
So, how long have cellphones been assumed as the common
exchange of social and business interaction? In my experience it's
only been maybe 5 years since people started asking to text me,
and getting annoyed when I told them I don't text. 2FA is newer
still.
On 3/5/2025 9:27 AM, Abandoned Trolley wrote:
On 05/03/2025 13:47, Newyana2 wrote:
But it's changing very quickly. Apple invented
computer cellphones in 2008.
Could somebody clarify the exact meaning of "But it's changing very
quickly. Apple invented computer cellphones in 2008"Â ?
 Why did you snip the rest of my description of rapid change?
Today most people -- as evidenced in this group -- are living
their lives from a kind of personal control booth, which is their
cellphone. Computer phones have only existed for about 17 years.
For much of that time they were limited in both their functionality
and their ubiquity. Apps were what made them especially useful,
not phone calls.
 So, how long have cellphones been assumed as the common
exchange of social and business interaction? In my experience it's
only been maybe 5 years since people started asking to text me,
and getting annoyed when I told them I don't text. 2FA is newer
still. We've now reached a point where most people assume that
all other people can be reached anytime by text and are conducting
their lives via DoorDash, Uber, texting, Venmo, and so on. The
youngest adults have grown up with virtually no experience
of solitude, constantly engaged in a social circle.
 That's what I mean by changing very quickly. As a babyboomer
who uses a cellphone mainly as a portable phonebooth, the lifestyle
of GenZ is almost unrecognizable to me. Yet it wasn't even possible
a few years ago.
 Uber, DoorDash, Venmo.... Those are all fairly new. The landscape
of social and business interaction is changing quickly. Without using
a cellphone, I can't use any of those services. It's a kind of parallel
world that's gradually becoming the only option. That's what we've
been talking about. Carlos is saying that already it's nearly impossible
for him to conduct his basic life without a computer cellphone. For me
in the US it's not quite so extreme. Aside from a few cellphone addicts
who want to text me, I have no use for Venmo or Uber. I know
how to read maps... So there's not much that I'm actually missing in
practice by not living via cellphone. But most young people now
would be lost. They'd likely have a mental breakdown simply at being disconnected from their social hive, like Star Trek's Borg.
On 05/03/2025 14:29, Frank Slootweg wrote:
David Wade <dave@g4ugm.invalid> wrote:
[...]
Now I know to do these things in the UK on-line requires a mobile linked >>> to an e-mail account, so lose your mobile and buy a new one you are
screwed...
  Why would you be screwed? Yes, a new phone costs money, it's -
rightfully so - a hassle to get a replacement SIM and restoring your
apps and data is not all that easy, but "screwed"?
because where you have no local branch of a bank, as is now common in
the UK, you are forced to use on-line services. UK law now requires that
such on-line services use some form of 2FA, most send a text to your
mobile. However if you consider your PAYG SIMM disposable you now have a
new number and have the hassle of trying to update it on the banks
records...
Dave
I "snipped out" the rest of your description of rapid change (whatever
that is) in the hope that somebody might clarify the claim that "Apple invented computer cellphones in 2008"
Abandoned Trolley wrote:calling them "computer cellphones" just sounds odd.
I "snipped out" the rest of your description of rapid change (whatever
that is) in the hope that somebody might clarify the claim that "Apple
invented computer cellphones in 2008"
 Is that wrong? I just looked it up. It was actually 2007.
Was there another computer cellphone before that? I'm
not aware of any. There were cellphones that could make
phone calls. But there were not apps, browsers, and so on,
as far as I know. I welcome correction if I'm mistaken.
On 05/03/2025 14:29, Frank Slootweg wrote:
David Wade <dave@g4ugm.invalid> wrote:
[...]
Now I know to do these things in the UK on-line requires a mobile linked >> to an e-mail account, so lose your mobile and buy a new one you are
screwed...
Why would you be screwed? Yes, a new phone costs money, it's - rightfully so - a hassle to get a replacement SIM and restoring your
apps and data is not all that easy, but "screwed"?
because where you have no local branch of a bank, as is now common in
the UK, you are forced to use on-line services. UK law now requires that
such on-line services use some form of 2FA, most send a text to your
mobile. However if you consider your PAYG SIMM disposable you now have a
new number and have the hassle of trying to update it on the banks
records...
On 3/5/2025 12:21 PM, Abandoned Trolley wrote:
I "snipped out" the rest of your description of rapid change (whatever
that is) in the hope that somebody might clarify the claim that "Apple
invented computer cellphones in 2008"
 Is that wrong? I just looked it up. It was actually 2007.
Was there another computer cellphone before that? I'm
not aware of any. There were cellphones that could make
phone calls. But there were not apps, browsers, and so on,
as far as I know. I welcome correction if I'm mistaken.
 In other words, people could make phone calls on wireless
phones back in the 80s. But the cellphone lifestyle of banking,
shopping, getting directions, texting, etc is fairly recent.
(Remember that there's also the lag between when iPhone
came out and when computer cellphones became ubiquitous.)
On 3/5/2025 12:21 PM, Abandoned Trolley wrote:
I "snipped out" the rest of your description of rapid change (whatever
that is) in the hope that somebody might clarify the claim that "Apple invented computer cellphones in 2008"
Is that wrong? I just looked it up. It was actually 2007.
Was there another computer cellphone before that? I'm
not aware of any. There were cellphones that could make
phone calls. But there were not apps, browsers, and so on,
as far as I know. I welcome correction if I'm mistaken.
In other words, people could make phone calls on wireless
phones back in the 80s. But the cellphone lifestyle of banking,
shopping, getting directions, texting, etc is fairly recent.
(Remember that there's also the lag between when iPhone
came out and when computer cellphones became ubiquitous.)
Carlos E.R. <robin_listas@es.invalid> wrote:
On 2025-03-05 14:25, Frank Slootweg wrote:
Chris <ithinkiam@gmail.com> wrote:
[...]
Fortunately, the victim has had his 40k refunded.
Do you have a reference - with details - for that? I.e. who accepted >>> responsibility for which fault(s)?
Quote: «National Savings and Investments said it had refunded him the
money taken from his account.»
And that's the £40000, because earlier it reads (quote):
«Worse news was to come, when he learned his National Savings and
Investments password had been changed.
"After an hour of talking to different people there, they said, 'You've
actually taken out a very large amount of premium bonds, over £40,000',"
said Stephen.»
Thanks for that! I apparently overlooked the first quote. I only saw
the £50 "goodwill gesture" from EDF, which was a clear insult and so was
the £125 "goodwill gesture" from O2 Virgin Media.
On 05/03/2025 14:47, Newyana2 wrote:
On 3/5/2025 7:15 AM, Carlos E.R. wrote:
It is the same in Spain. I live in a biggish city (~200K
inhabitants). The bank branches are gone, now I have to walk farther.
I'm fortunate, there are still branches at walking distance, villages
in the country side may have no branches at all. Maybe not even an ATM.
If I want to put some savings in a fund, I have to talk over the
phone with someone at their central offices, the people at the branch
do nothing, they no longer do it. And the signing operation maybe
done on the computer or on the phone, reading unreadable tiny
documents on the screen. Even if I go to the office to see papers, I
have to sign them on the phone.
It doesn't matter what I think about having a smartphone.
  It sounds like you could live without a cellphone, just as
I can.
I think you missed the :-
"Even if I go to the office to see papers, I have to sign them on the
phone."
It very hard to exist without a Spanish cell phone in Spain. I also own
a house there and own a Spanish mobile number as well as a uK one. I got
it because the local white goods store won´t deliver without a cellphone number. Most places are the same.
The bank branches are closing so I need to rely on on-line access. Again
the bank won´t give me on-line access without a cell phone. It wants to
send me texts with codes for verification. So when I sign into the banks
web site, every time I want to do something "new", it still sends a text
to my mobile with a different pin number which I need to type into the
web site.
But there are lifestyle limitations. For example, I
can't call an Uber or rent an AirBnB. The cellphone has
become the only accepted ID for those. On the other hand,
I have no interest in either service. They're parasites.
  But it's changing very quickly. Apple invented
computer cellphones in 2008.
Pretty sure I had a Nokia which could send e-mails before that. Whilst
not strictly a Smart Phone COMPAQ iPaqs hand held PCs from pre-2000
could take a GSM card and browse the web...
For several years people
told me not to call their cellphone because it cost too
much. Only in recent years has it become a lifestyle
of constant texting and cellphone-everything. Maybe it's
less dramatic in the US
because here the cellphone lifestyle is still an urban
lifestyle. Rural areas just don't have the coverage.
Though Musk may end that limitation with his new
satellite service.
The lack of mobile coverage in rural UK is also a problem. Many without coverage struggle to use the on-lines services because they need to
receive the SMS messages needed to log into banks, government services
on a normal connection.
  Eventually I suppose we'll have embedded chips,
with ear and cornea implants. All voice activated.
Then we'll all be convening here to discuss the best app
to stop from hearing tampon ads at 3 AM.
na, it will be low cost cremations to drive you suicidal.
On 05/03/2025 16:38, David Wade wrote:
On 05/03/2025 14:29, Frank Slootweg wrote:
David Wade <dave@g4ugm.invalid> wrote:
[...]
Now I know to do these things in the UK on-line requires a mobile
linked
to an e-mail account, so lose your mobile and buy a new one you are
screwed...
  Why would you be screwed? Yes, a new phone costs money, it's -
rightfully so - a hassle to get a replacement SIM and restoring your
apps and data is not all that easy, but "screwed"?
because where you have no local branch of a bank, as is now common in
the UK, you are forced to use on-line services. UK law now requires
that such on-line services use some form of 2FA, most send a text to
your mobile. However if you consider your PAYG SIMM disposable you now
have a new number and have the hassle of trying to update it on the
banks records...
Dave
I manage my online banking with a web browser on a desktop computer
(with no wireless connection) and my bank doesnt have my mobile phone
number.
I have one of those PIN sentry things for when they want to get personal
Newyana2 wrote:
calling them "computer cellphones" just sounds odd.
Before smartphones, there were e.g. the Nokia 9000 series
"communicators" which had email and web-browsing in mid '90s.
On 05/03/2025 17:37, Newyana2 wrote:
On 3/5/2025 12:21 PM, Abandoned Trolley wrote:
I "snipped out" the rest of your description of rapid change
(whatever that is) in the hope that somebody might clarify the claim
that "Apple invented computer cellphones in 2008"
Is that wrong? I just looked it up. It was actually 2007.
Was there another computer cellphone before that? I'm
not aware of any. There were cellphones that could make
phone calls. But there were not apps, browsers, and so on,
as far as I know. I welcome correction if I'm mistaken.
In other words, people could make phone calls on wireless
phones back in the 80s. But the cellphone lifestyle of banking,
shopping, getting directions, texting, etc is fairly recent.
(Remember that there's also the lag between when iPhone
came out and when computer cellphones became ubiquitous.)
That assumes that the only definition of a computer cellphone is your definition.
I believe that web browsing and email applications were available on
some handsets using GPRS / WAP - before wifi standards were established
(and before CSS got sorted out)
Lots of old Nokia handsets had gaming applications and other utilities
like alarm clock / calendar /calculator etc
"texting, etc" is NOT fairly recent - I think it came in with release 2
of GSM in the early 90s.
NTT DoCoMo introduced iMode in Japan some time in the late 90s - which provided a browsing service and some multi user games, along with text chatting and possibly some sort of press to talk facility.
i-Mode users also have access to other various services such as: sports results, weather forecasts, games, financial services, and ticket booking.
The Blackberry Messenger platform provided a global text service based
on the PIN of the individual handset - regardless of location or network operator
Basically, the Apple / Android "axis of evil" may not be the only gig in
town - and I dont think it was the first
On 3/5/2025 1:23 PM, Abandoned Trolley wrote:
On 05/03/2025 17:37, Newyana2 wrote:Â Â Â Â You're missing the whole point. Read the thread.
On 3/5/2025 12:21 PM, Abandoned Trolley wrote:
I "snipped out" the rest of your description of rapid change
(whatever that is) in the hope that somebody might clarify the claim
that "Apple invented computer cellphones in 2008"
  Is that wrong? I just looked it up. It was actually 2007.
Was there another computer cellphone before that? I'm
not aware of any. There were cellphones that could make
phone calls. But there were not apps, browsers, and so on,
as far as I know. I welcome correction if I'm mistaken.
  In other words, people could make phone calls on wireless
phones back in the 80s. But the cellphone lifestyle of banking,
shopping, getting directions, texting, etc is fairly recent.
(Remember that there's also the lag between when iPhone
came out and when computer cellphones became ubiquitous.)
That assumes that the only definition of a computer cellphone is your
definition.
I believe that web browsing and email applications were available on
some handsets using GPRS / WAP - before wifi standards were
established (and before CSS got sorted out)
Lots of old Nokia handsets had gaming applications and other utilities
like alarm clock / calendar /calculator etc
"texting, etc" is NOT fairly recent - I think it came in with release
2 of GSM in the early 90s.
NTT DoCoMo introduced iMode in Japan some time in the late 90s - which
provided a browsing service and some multi user games, along with text
chatting and possibly some sort of press to talk facility.
i-Mode users also have access to other various services such as:
sports results, weather forecasts, games, financial services, and
ticket booking.
The Blackberry Messenger platform provided a global text service based
on the PIN of the individual handset - regardless of location or
network operator
Basically, the Apple / Android "axis of evil" may not be the only gig
in town - and I dont think it was the first
On 3/5/2025 1:03 PM, Andy Burns wrote:
Newyana2 wrote:
calling them "computer cellphones" just sounds odd.
  Not as silly as "smartphone". :)
It's basically a computer that can make phone calls.
Mainly they're used for apps and online operations. Mine
has Firefox installed.
Before smartphones, there were e.g. the Nokia 9000 series
"communicators" which had email and web-browsing in mid '90s.
 I'm sure there were all sorts of niche items. But that's not
the context here. The point was that only in recent years
have most people been using texting and apps on computer
phones, to such an extent that everyone is assumed to
have one handy at all times. That's what we've been talking
about -- how hard it is to not use a cellphone. Some Brits and
Spanish people are claiming they can't live at all in the modern
worls without a cellphone. I don't believe that's true, but I
do know that more and more things require a cellphone.
So, EDF allowed them to go from his email address to obtaining his
mobile phone number for a SIM-swap scam, but I wonder how they managed
to go from either to all his savings accounts, unless they'd also
compromised his PC or phone as well; if the latter, why did they need to
go via EDF?
On 03/03/2025 12:27, Java Jive wrote:
So, EDF allowed them to go from his email address to obtaining his
mobile phone number for a SIM-swap scam, but I wonder how they managed
to go from either to all his savings accounts, unless they'd also
compromised his PC or phone as well; if the latter, why did they need
to go via EDF?
Once you've got the email and done the SIM swap scam or hacked SS7 to
read someone’s incoming SMS, that's enough, or almost enough, to get in
to all sorts of things via the I've forgotten my password link on their websites.
On 3/5/2025 1:03 PM, Andy Burns wrote:
Newyana2 wrote:
calling them "computer cellphones" just sounds odd.
Not as silly as "smartphone". :)
It's basically a computer that can make phone calls.
Mainly they're used for apps and online operations. Mine
has Firefox installed.
Before smartphones, there were e.g. the Nokia 9000 series
"communicators" which had email and web-browsing in mid '90s.
I'm sure there were all sorts of niche items. But that's not
the context here. The point was that only in recent years
have most people been using texting and apps on computer
phones, to such an extent that everyone is assumed to
have one handy at all times. That's what we've been talking
about -- how hard it is to not use a cellphone. Some Brits and
Spanish people are claiming they can't live at all in the modern
worls without a cellphone. I don't believe that's true, but I
do know that more and more things require a cellphone.
On 2025-03-06 01:56, Brian Gregory wrote:
On 03/03/2025 12:27, Java Jive wrote:
So, EDF allowed them to go from his email address to obtaining his
mobile phone number for a SIM-swap scam, but I wonder how they
managed to go from either to all his savings accounts, unless they'd
also compromised his PC or phone as well; if the latter, why did they
need to go via EDF?
Once you've got the email and done the SIM swap scam or hacked SS7 to
read someone’s incoming SMS, that's enough, or almost enough, to get
in to all sorts of things via the I've forgotten my password link on
their websites.
But how would they know which banks, savings accounts, etc, to target
without additional information? Just knowing his email address on its
own would not be enough for this, there must be hundreds of people who
know my email address, because they send me emails via it, but that fact alone doesn't make me vulnerable to hacking.
At very least, they would have had to be able to read his emails
But how would they know which banks, savings accounts, etc, to target
without additional information?
Think of the average person. First there was the SIM swap,
so
now the scammer is getting all texts. They're also getting
2FA codes. With the email address they go to that and say they
forgot their password. Then there are two possiiblities. They may
need to know security questions, or they may have a password
reset link sent to their cellphone.
If it's the latter then they have
email access. That's part of the lesson here. 2FA is not safer. It's
riskier.
It's bringing an insecure, portable device into the mix and
trusting that device fully.
Anyone who assumes they're safe conducting their life online
is simply an ostrich who doesn't want to know the facts. In
their defense, the facts are well hidden. But it's still ostrich
mentality, driven by laziness.
Anyone who assumes they're safe conducting their life online is
simply an ostrich who doesn't want to know the facts. In their
defense, the facts are well hidden. But it's still ostrich
mentality, driven by laziness.
On 3/6/2025 8:54 AM, Java Jive wrote:
On 2025-03-06 01:56, Brian Gregory wrote:
On 03/03/2025 12:27, Java Jive wrote:
So, EDF allowed them to go from his email address to obtaining his
mobile phone number for a SIM-swap scam, but I wonder how they
managed to go from either to all his savings accounts, unless they'd
also compromised his PC or phone as well; if the latter, why did
they need to go via EDF?
Once you've got the email and done the SIM swap scam or hacked SS7 to
read someone’s incoming SMS, that's enough, or almost enough, to get
in to all sorts of things via the I've forgotten my password link on
their websites.
But how would they know which banks, savings accounts, etc, to target
without additional information? Just knowing his email address on its
own would not be enough for this, there must be hundreds of people who
know my email address, because they send me emails via it, but that
fact alone doesn't make me vulnerable to hacking.
At very least, they would have had to be able to read his emails
  Think of the average person. First there was the SIM swap, so
now the scammer is getting all texts.
They're also getting
2FA codes. With the email address they go to that and say they
forgot their password. Then there are two possiiblities. They may
need to know security questions, or they may have a password
reset link sent to their cellphone. If it's the latter then they have
email access. That's part of the lesson here. 2FA is not safer. It's
riskier. It's bringing an insecure, portable device into the mix and
trusting that device fully.
 And most people use webmail, or at least IMAPwith email left
online so that they can read it from multiple devices. So all email
is there. It's not farfetched to think that they might find enough
data there to log into banking. No one has to bank online. No one
has to leave email on someone's server. Texts can be deleted. But
how many people follow such simple security guidelines? You can
see from the posts here that a lot of people will argue "'til the
cows come home" rather than admit that e-lifestyle is risky.
 Another possible factor is online data hacks, which have become
very common. There was a case awhile back of a company in Florida
that was just a data wholesaler, buying and selling personal info.
They got hacked. So getting security question info that way is
possible.
  The mystery here is why anyone thinks that dealing with
things like banking online, or putting important info in email left indefinitely on servers, or leaving texts on one's phone, might be
safe. It's convenient. Period.
  Anyone who assumes they're safe conducting their life online
is simply an ostrich who doesn't want to know the facts. In
their defense, the facts are well hidden. But it's still ostrich
mentality, driven by laziness.
Newyana2 <newyana@invalid.nospam> wrote:
On 3/5/2025 1:03 PM, Andy Burns wrote:
Newyana2 wrote:
calling them "computer cellphones" just sounds odd.
Not as silly as "smartphone". :)
Doesn't matter. It's the common, accepted, <whatever> name. Using some *other* made up name (like "computer cellphones") is silly. (BTW, most
non-US countries say 'mobile phone' instead of 'cellphone'. The 'cell'
aspect is mostly irrelevant and often hardly applies.)
Analogy: I have a laptop, which hardly ever if ever, is on my lap. 'Notebook' isn't really ay better. So everybody says 'laptop', end of
story.
It's basically a computer that can make phone calls.
And many, many things which a normal computer can't do, so while it obviously is a computer - many non-computer things are - it's only
confusing to call it a computer.
Mainly they're used for apps and online operations. Mine
has Firefox installed.
Before smartphones, there were e.g. the Nokia 9000 series
"communicators" which had email and web-browsing in mid '90s.
I'm sure there were all sorts of niche items. But that's not
the context here. The point was that only in recent years
have most people been using texting and apps on computer
phones, to such an extent that everyone is assumed to
have one handy at all times. That's what we've been talking
about -- how hard it is to not use a cellphone. Some Brits and
Spanish people are claiming they can't live at all in the modern
worls without a cellphone. I don't believe that's true, but I
do know that more and more things require a cellphone.
I don't think "Some Brits and Spanish people" have claimed that, but
yes, many say that smartphones have a lot of useful functionality, which
is often not available in other devices / by other means. So that's why
they buy them and use them.
See Carlos' resonse where he describes that at first he was 'against' smartphones and smartwatches and now he has his (at least) second
generation of both.
My story is about the same and so is my wife's.
All this brings me to your frequent [1] 'smartphone-addicts' rants:
Could you please explain how it's OK for you to use your computer 'all
the time', but in some mysterious way, it's not OK for others to use
their smartphone 'all the time'?
I use my car 'all the time'. I use my watch 'all the time'. I watch TV 'all the time'. I read the newspaper 'all the time'. I hope that's
allright with you.
[1] Not so much the one I'm responding to, but also that has a bit of
it. To be fair, I seem to notice a slight change to the positive.
On 06/03/2025 13:54, Java Jive wrote:
But how would they know which banks, savings accounts, etc, to target
without additional information?
They're hackers after money. They are not lazy. They try them one by
one. Why would you think they wouldn’t bother to do that?
Java Jive <java@evij.com.invalid> wrote:
On 2025-03-06 16:37, Brian Gregory wrote:
On 06/03/2025 13:54, Java Jive wrote:
But how would they know which banks, savings accounts, etc, to target
without additional information?
They're hackers after money. They are not lazy. They try them one by
one. Why would you think they wouldn’t bother to do that?
Doesn't sound likely to me, they want the money, but they wouldn't want
to take unnecessary risks of getting caught,
How would they get caught? They're using stolen identities after all. Worst case scenario is that access is blocked.
Also if the email account is webmail, they will have access to the old
emails from e.g. your bank.
and randomly trying banks
and financial organisations without the necessary identifying
information such as account numbers would likely fail,
Correct. Then move onto the next.
and perhaps cause
the police to be contacted.
And they would do what, exactly?
On 2025-03-06 16:37, Brian Gregory wrote:
On 06/03/2025 13:54, Java Jive wrote:
But how would they know which banks, savings accounts, etc, to target
without additional information?
They're hackers after money. They are not lazy. They try them one by
one. Why would you think they wouldn’t bother to do that?
Doesn't sound likely to me, they want the money, but they wouldn't want
to take unnecessary risks of getting caught, and randomly trying banks
and financial organisations without the necessary identifying
information such as account numbers would likely fail, and perhaps cause
the police to be contacted.
On 3/6/2025 9:09 AM, Newyana2 wrote:
Anyone who assumes they're safe conducting their life online is
simply an ostrich who doesn't want to know the facts. In their
defense, the facts are well hidden. But it's still ostrich
mentality, driven by laziness.
Perhaps the ostrich is anyone who thinks their life is not online these
days.
Go to the doctor? Your very personal info is online and available to the office staff, the computer service techs, the billing company, the
insurance company, and of course hackers. Pay taxes? All online and
available to many (honest?) government employees. Own a home? Here (AZ
US) hackers are selling them without the owners knowledge using online government title info. Retired? My info is online for both my state and
fed retirement accounts both of which are direct deposited into my
online bank account. Likewise most of my investments. I could fill a
couple of more paragraphs about folks living online these days but I
think even an ostrich would get my point.
And of course if you think keeping your sensitive stuff only on your
home computers keeps you safe then you should talk to my neighbor who
lost all his electronics in a burglary...
They're also getting
2FA codes. With the email address they go to that and say they
forgot their password. Then there are two possiiblities. They may
need to know security questions, or they may have a password
reset link sent to their cellphone. If it's the latter then they have
email access. That's part of the lesson here. 2FA is not safer. It's
riskier. It's bringing an insecure, portable device into the mix and
trusting that device fully.
2FA is safer, provided the bad guys can not clone the SIM.
It seems very likely that I was correct. Rereading the original BBC
report, there is a single sentence which most of us seem to have missed
on first reading ...
"O2 Virgin Media confirmed the scammer telephoned its call centre
requesting a new Sim and had hacked Stephen's emails."
On 3/7/2025 8:24 AM, Java Jive wrote:
It seems very likely that I was correct. Rereading the original BBC
report, there is a single sentence which most of us seem to have missed
on first reading ...
"O2 Virgin Media confirmed the scammer telephoned its call centre
requesting a new Sim and had hacked Stephen's emails."
 It's confusing, but that seems to be backward. The scammer
called the phone company, giving email and name to get the
cellphone number, then initiated a SIM swap. That, then, gave him
the means to change the passwords.
On 3/6/2025 1:36 PM, Carlos E.R. wrote:
  Exactly. But that's what happened. So, let's see,They're also getting
2FA codes. With the email address they go to that and say they
forgot their password. Then there are two possiiblities. They may
need to know security questions, or they may have a password
reset link sent to their cellphone. If it's the latter then they have
email access. That's part of the lesson here. 2FA is not safer. It's
riskier. It's bringing an insecure, portable device into the mix and
trusting that device fully.
2FA is safer, provided the bad guys can not clone the SIM.
we don't need raincoats as long as it never rains, thus
we don't need raincoats... Wait... :)
It would be interesting to see a security expert look at this
in detail.
On 3/6/2025 1:17 PM, AJL wrote:
On 3/6/2025 9:09 AM, Newyana2 wrote:
Anyone who assumes they're safe conducting their life online is
simply an ostrich who doesn't want to know the facts. In their
defense, the facts are well hidden. But it's still ostrich
mentality, driven by laziness.
Perhaps the ostrich is anyone who thinks their life is not online
these days.
My life is not online. Of course there's data online.
What I meant was living through a cellphone and all that entails.
Go to the doctor? Your very personal info is online and available
to the office staff, the computer service techs, the billing
company, the insurance company, and of course hackers. Pay taxes?
All online and available to many (honest?) government employees.
Own a home? Here (AZ US) hackers are selling them without the
owners knowledge using online government title info. Retired? My
info is online for both my state and fed retirement accounts both
of which are direct deposited into my online bank account. Likewise
most of my investments. I could fill a couple of more paragraphs
about folks living online these days but I think even an ostrich
would get my point.
Which is what? That your laziness
is justified because the world has already gone to hell?
That's a good example of ostrich logic. Non-ostrich means simply
relating to your life rather than looking for excuses not to. It's
not a black/white issue. The irony is that ostriches always put a lot
of effort into defending their ignorance:
"My doctor already knows my phone number, and my SS payment is auto-deposited, so why should I care that Google tracks me everywhere
I go?"
And of course if you think keeping your sensitive stuff only on
your home computers keeps you safe then you should talk to my
neighbor who lost all his electronics in a burglary...
You missed the whole point. But I know that you're in a rush to go
buy something you don't need so that you can get some cash back on
your credit card... And I know that you're proud of such clever
consumerism. So I won't bore you with clarifications. :)
Speculating, I would guess they started with the SIM swap. I don't know the O2 procedure, but it's possible to have SIMs which are unregistered or only lightly registered (eg no online account). In that case there isn't much security information the operator has, or it could be easy to find out
(pet's name, place of birth, etc). Scammer contacts the provider to say you broke your SIM card and need a new one and they don't have very much to authenticate you.
password reset on the email which uses SMS as a recovery mechanism, and then they're in.
Theo
Speculating, I would guess they started with the SIM swap.
On 2025-03-14 18:49, Theo wrote:
Speculating, I would guess they started with the SIM swap.
The original report suggests that they started with an email hack, and
used that to facilitate the SIM swap.
Expert says this all started from Ofcom (regulator) making it easier to change mobile provider in under 2 mins. Some mobile operators thinking in that way and not thinking about scams - can switch within networks without even needing the code.
----
Speculating, I would guess they started with the SIM swap. I don't know the O2 procedure, but it's possible to have SIMs which are unregistered or only lightly registered (eg no online account). In that case there isn't much security information the operator has, or it could be easy to find out
(pet's name, place of birth, etc). Scammer contacts the provider to say you broke your SIM card and need a new one and they don't have very much to authenticate you. If they can make that stick they can maybe then do a password reset on the email which uses SMS as a recovery mechanism, and then they're in.
On 3/15/2025 7:46 AM, Java Jive wrote:
On 2025-03-14 18:49, Theo wrote:
Speculating, I would guess they started with the SIM swap.
The original report suggests that they started with an email hack, and
used that to facilitate the SIM swap.
 That's not what it said.
On 2025-03-15 12:35, Newyana2 wrote:
On 3/15/2025 7:46 AM, Java Jive wrote:
On 2025-03-14 18:49, Theo wrote:
Speculating, I would guess they started with the SIM swap.
The original report suggests that they started with an email hack,
and used that to facilitate the SIM swap.
That's not what it said.
Look back directly up thread to my post of 2025-03-06 19:53, where I
quote the single sentence in the original report that stated that an
email hack had occurred before the SIM-swap scam was done.
Hacking his email wouldn't have got the scammers a way to
bypass 2FA via cellphone, but a SIM swap would. So if the man
had not been using 2FA it's unlikely that he could have been
scammed.
My phone company has my pin on file and is not 'supposed' to make ANY
changes without me giving it. Course that's no guarantee but at least it's one more obstacle...
On 3/15/2025 1:53 PM, Java Jive wrote:
On 2025-03-15 12:35, Newyana2 wrote:Â You read it wrong.
On 3/15/2025 7:46 AM, Java Jive wrote:
On 2025-03-14 18:49, Theo wrote:
Speculating, I would guess they started with the SIM swap.
The original report suggests that they started with an email hack,
and used that to facilitate the SIM swap.
  That's not what it said.
Look back directly up thread to my post of 2025-03-06 19:53, where I
quote the single sentence in the original report that stated that an
email hack had occurred before the SIM-swap scam was done.
"O2 Virgin Media confirmed the scammer telephoned its call centre
requesting a new Sim and had hacked Stephen's emails."
 Both things happened. Nowhere does it say or imply that
hacking the email preceded the SIM swap. That wouldn't
make sense.
and went on to hack ...". Further, if you reread the original report in
its entirety, how would he have persuaded EDF to give up the victim's
mobile number without personal identifying information that came from
access to his emails?
Next, how would he have been able to confirm the
request for a replacement SIM without being able to reply to the
confirmatory email?
On 3/16/2025 9:47 AM, Java Jive wrote:
and went on to hack ...". Further, if you reread the original report
in its entirety, how would he have persuaded EDF to give up the
victim's mobile number without personal identifying information that
came from access to his emails?
"
EDF explained the fraudster had his name and email address and had asked
EDF to give them his mobile number, which the company did.
"I said, 'Why would you do that?' They said the person had gone through security. 'With a name and email address', I asked?," he said.
"EDF said, 'Yes' - and then offered me a £50 goodwill gesture to close
the case.
"
Next, how would he have been able to confirm the request for a
replacement SIM without being able to reply to the confirmatory email?
  I think that's the critical point here: Security and convenience
are at odds with each other. If you lose your phone then you
want to get a new one quick. If you forget your email password
then you want to get around that quick. Ditto for CCs. So companies
are faced with finding a compromise between security and
convenience.
In uk.telecom.mobile Java Jive <java@evij.com.invalid> wrote:
It makes perfect sense, what you are claiming makes no sense, and shows
that you have lost the chronological sequence of events. For one thing,
the use of the word 'had' implies that the hack was already in place at
the time of scammer's phone call, otherwise they would have said
something like "... and hacked ..." or "... used it to hack ..." or "...
and went on to hack ...". Further, if you reread the original report in
its entirety, how would he have persuaded EDF to give up the victim's
mobile number without personal identifying information that came from
access to his emails? Next, how would he have been able to confirm the
request for a replacement SIM without being able to reply to the
confirmatory email?
When I've had to do a SIM swap (some time ago) it was all done on security questions, there was no confirmatory email. I don't think the mobile networks required an email address, and if you're on PAYG they still
don't.
I think there is not enough information to be clear about the sequencing, especially since emails and mobile are provided by the same company.
On 3/16/2025 9:47 AM, Java Jive wrote:
and went on to hack ...". Further, if you reread the original report in its entirety, how would he have persuaded EDF to give up the victim's mobile number without personal identifying information that came from access to his emails?
"
EDF explained the fraudster had his name and email address and had asked
EDF to give them his mobile number, which the company did.
"I said, 'Why would you do that?' They said the person had gone through security. 'With a name and email address', I asked?," he said.
"EDF said, 'Yes' - and then offered me a £50 goodwill gesture to close
the case.
"
You seem determined to not know the facts. So that you
can feel safe using 2FA?
On 3/16/2025 9:47 AM, Java Jive wrote:
and went on to hack ...". Further, if you reread the original report
in its entirety, how would he have persuaded EDF to give up the
victim's mobile number without personal identifying information that
came from access to his emails?
"
EDF explained the fraudster had his name and email address and had asked
EDF to give them his mobile number, which the company did.
"I said, 'Why would you do that?' They said the person had gone through security. 'With a name and email address', I asked?," he said.
"EDF said, 'Yes' - and then offered me a £50 goodwill gesture to close
the case.
"
  You seem determined to not know the facts. So that you
can feel safe using 2FA?
Next, how would he have been able to confirm the request for a
replacement SIM without being able to reply to the confirmatory email?
   As far as I can see, that part is not in the article. O2 never details exactly how the SIM swap happened. The article is not
clear about all the details. Did the scammer have access to
security question answers? Was he just a smooth talker? I
don't see anyplace where that's mentioned. It's possible the email
was hacked first, but that's never stated. The implication is that
based on having some personal data, the scammer was able to
do a SIM swap. Once that's done, getting into the email is easy
because 2FA is a weak link.
In uk.telecom.mobile Java Jive <java@evij.com.invalid> wrote:
No, how would he have known the answers to the security questions to
enable the SIM swap, and his emails were from Virgin Media, while the
SIM was from O2. Although not initially, my reading of the original
article is now unambiguously that the email hack preceded the SIM swap
and provided the initial personal information necessary to accomplish
everything that followed.
Virgin Media O2 are one company - VM and O2 merged June 2021. I don't know whether they have merged customer accounts such that the same security details are used for both. In which case it may be that one set of details gives access to both mobile and emails.
On 16/03/2025 18:00, Theo wrote:
In uk.telecom.mobile Java Jive <java@evij.com.invalid> wrote:
No, how would he have known the answers to the security questions to
enable the SIM swap, and his emails were from Virgin Media, while the
SIM was from O2. Although not initially, my reading of the original
article is now unambiguously that the email hack preceded the SIM swap
and provided the initial personal information necessary to accomplish
everything that followed.
Virgin Media O2 are one company - VM and O2 merged June 2021. I don't
know
whether they have merged customer accounts such that the same security
details are used for both. In which case it may be that one set of
details
gives access to both mobile and emails.
"If you've linked your Virgin Media and O2 details to create a new
Virgin Media O2 ID, sign in with it here."
https://accounts.o2.co.uk/signin
On 2025-03-17 08:53, Nick Finnigan wrote:
On 16/03/2025 18:00, Theo wrote:
In uk.telecom.mobile Java Jive <java@evij.com.invalid> wrote:
No, how would he have known the answers to the security questions to
enable the SIM swap, and his emails were from Virgin Media, while the
SIM was from O2. Although not initially, my reading of the original
article is now unambiguously that the email hack preceded the SIM swap >>>> and provided the initial personal information necessary to accomplish
everything that followed.
Virgin Media O2 are one company - VM and O2 merged June 2021. I don't know
whether they have merged customer accounts such that the same security
details are used for both. In which case it may be that one set of details
gives access to both mobile and emails.
"If you've linked your Virgin Media and O2 details to create a new Virgin
Media O2 ID, sign in with it here."
https://accounts.o2.co.uk/signin
But Theo's own transcription of events from the BBC Radio documentary makes clear that he had not done so (first and last entries from this excerpt):
In brief:
- received a text from O2 (mobile operator) saying he'd changed his password - contacted O2 straight away and told SIM had been swapped
- told they'd stop that and send out a new SIM card, emailed to confirm
- next morning, email from EDF (energy supplier) asking for feedback on recent contact with customer services
- called EDF, told they'd pass it on to the fraud section and get back to him - nothing happened for over a week
- called O2 again to make sure everything was stopped, put through to fraud department
- just after received an email saying new SIM card had been sent out, connected to a different number. Queried with fraud department, said
didn't know, need to go to an O2 shop
- O2 shop couldn't do much as account had been stopped, couldn't look at it
- told them to check his emails
- contacted Virgin Media (ISP, merged with O2), told he'd changed his password, had to go through changing password back again, told they'd pass
it to the fraud section
It's difficult to deduce from this the exact ordering of events ...
Because he had to contact VM to find out that he'd changed his email
password, rather than them contacting him at the time he did so, we can't tell when his email password was actually changed. Further, the scammer could have been reading his emails for a while before actually deciding
that, as unfolding events began to suggest that the scam was in danger of being closed down, that it was time to change the password in an attempt to prolong it. Most probably his email account would have been compromised around the same time as all the other stages of the scam, yet "nothing happened for over a week" before he discovered it, and, in between, he received emails from both EDF and O2.
However, I still think that some identifying personal information would
have been necessary to enable the SIM swap, and most probably this came
from the email hack occurring earlier.
On 17/03/2025 13:53, Java Jive wrote:
On 2025-03-17 08:53, Nick Finnigan wrote:
On 16/03/2025 18:00, Theo wrote:
In uk.telecom.mobile Java Jive <java@evij.com.invalid> wrote:
No, how would he have known the answers to the security questions to >>>>> enable the SIM swap, and his emails were from Virgin Media, while the >>>>> SIM was from O2. Although not initially, my reading of the original >>>>> article is now unambiguously that the email hack preceded the SIM swap >>>>> and provided the initial personal information necessary to accomplish >>>>> everything that followed.
Virgin Media O2 are one company - VM and O2 merged June 2021. I
don't know
whether they have merged customer accounts such that the same security >>>> details are used for both. In which case it may be that one set of
details
gives access to both mobile and emails.
"If you've linked your Virgin Media and O2 details to create a new
Virgin Media O2 ID, sign in with it here."
https://accounts.o2.co.uk/signin
But Theo's own transcription of events from the BBC Radio documentary
makes clear that he had not done so (first and last entries from this
excerpt):
 That does not make it clear to me (he would still have an O2 password
as well as a VM/O2 password).
In brief:
- received a text from O2 (mobile operator) saying he'd changed his
password
- contacted O2 straight away and told SIM had been swapped
- told they'd stop that and send out a new SIM card, emailed to confirm
- next morning, email from EDF (energy supplier) asking for feedback
on recent contact with customer services
- called EDF, told they'd pass it on to the fraud section and get back
to him
- nothing happened for over a week
- called O2 again to make sure everything was stopped, put through to
fraud department
- just after received an email saying new SIM card had been sent out,
connected to a different number. Queried with fraud department, said
didn't know, need to go to an O2 shop
- O2 shop couldn't do much as account had been stopped, couldn't look
at it
- told them to check his emails
- contacted Virgin Media (ISP, merged with O2), told he'd changed his
password, had to go through changing password back again, told they'd
pass it to the fraud section
It's difficult to deduce from this the exact ordering of events ...
Because he had to contact VM to find out that he'd changed his email
 'his password' may be 'his account password' rather than 'his email
app password'.
password, rather than them contacting him at the time he did so, we
can't tell when his email password was actually changed. Further, the
scammer could have been reading his emails for a while before actually
deciding that, as unfolding events began to suggest that the scam was
in danger of being closed down, that it was time to change the
password in an attempt to prolong it. Most probably his email account
would have been compromised around the same time as all the other
stages of the scam, yet "nothing happened for over a week" before he
discovered it, and, in between, he received emails from both EDF and O2.
However, I still think that some identifying personal information
would have been necessary to enable the SIM swap, and most probably
this came from the email hack occurring earlier.
On 2025-03-17 14:53, Nick Finnigan wrote:
On 17/03/2025 13:53, Java Jive wrote:
On 2025-03-17 08:53, Nick Finnigan wrote:
On 16/03/2025 18:00, Theo wrote:
In uk.telecom.mobile Java Jive <java@evij.com.invalid> wrote:
No, how would he have known the answers to the security questions to >>>>>> enable the SIM swap, and his emails were from Virgin Media, while the >>>>>> SIM was from O2. Although not initially, my reading of the original >>>>>> article is now unambiguously that the email hack preceded the SIM swap >>>>>> and provided the initial personal information necessary to accomplish >>>>>> everything that followed.
Virgin Media O2 are one company - VM and O2 merged June 2021. I don't >>>>> know
whether they have merged customer accounts such that the same security >>>>> details are used for both. In which case it may be that one set of >>>>> details
gives access to both mobile and emails.
"If you've linked your Virgin Media and O2 details to create a new
Virgin Media O2 ID, sign in with it here."
https://accounts.o2.co.uk/signin
But Theo's own transcription of events from the BBC Radio documentary
makes clear that he had not done so (first and last entries from this
excerpt):
  That does not make it clear to me (he would still have an O2 password
as well as a VM/O2 password).
I disagree, your own quote shows that if it was a joint account for both, he'd only have needed the one password, whereas the Theo's transcription makes it plain that there were two.
In brief:
- received a text from O2 (mobile operator) saying he'd changed his
password
- contacted O2 straight away and told SIM had been swapped
- told they'd stop that and send out a new SIM card, emailed to confirm
- next morning, email from EDF (energy supplier) asking for feedback on
recent contact with customer services
- called EDF, told they'd pass it on to the fraud section and get back
to him
- nothing happened for over a week
- called O2 again to make sure everything was stopped, put through to
fraud department
- just after received an email saying new SIM card had been sent out,
connected to a different number. Queried with fraud department, said
didn't know, need to go to an O2 shop
- O2 shop couldn't do much as account had been stopped, couldn't look at it >>> - told them to check his emails
- contacted Virgin Media (ISP, merged with O2), told he'd changed his
password, had to go through changing password back again, told they'd
pass it to the fraud section
It's difficult to deduce from this the exact ordering of events ...
Because he had to contact VM to find out that he'd changed his email
  'his password' may be 'his account password' rather than 'his email app >> password'.
If it is 'his account password', then that completely supports my argument, not yours, and 'his email app password' doesn't make any sense, perhaps you mean 'his email password', but, unless he has multiple email addresses
under a single account with VM, of which there is no mention, why would he need a separate email password?
On 17/03/2025 18:44, Java Jive wrote:
On 2025-03-17 14:53, Nick Finnigan wrote:
On 17/03/2025 13:53, Java Jive wrote:
On 2025-03-17 08:53, Nick Finnigan wrote:
On 16/03/2025 18:00, Theo wrote:
In uk.telecom.mobile Java Jive <java@evij.com.invalid> wrote:
No, how would he have known the answers to the security questions to >>>>>>> enable the SIM swap, and his emails were from Virgin Media, while >>>>>>> the
SIM was from O2. Although not initially, my reading of the original >>>>>>> article is now unambiguously that the email hack preceded the SIM >>>>>>> swap
and provided the initial personal information necessary to
accomplish
everything that followed.
Virgin Media O2 are one company - VM and O2 merged June 2021. I
don't know
whether they have merged customer accounts such that the same
security
details are used for both. In which case it may be that one set
of details
gives access to both mobile and emails.
"If you've linked your Virgin Media and O2 details to create a new
Virgin Media O2 ID, sign in with it here."
https://accounts.o2.co.uk/signin
But Theo's own transcription of events from the BBC Radio
documentary makes clear that he had not done so (first and last
entries from this excerpt):
  That does not make it clear to me (he would still have an O2
password as well as a VM/O2 password).
I disagree, your own quote shows that if it was a joint account for
both, he'd only have needed the one password, whereas the Theo's
transcription makes it plain that there were two.
 He would still have an O2 password, as well as a VM/02 password.
 (See the O2 website)
On 20/03/2025 12:48, Java Jive wrote:
On 2025-03-20 10:42, Nick Finnigan wrote:
On 17/03/2025 18:44, Java Jive wrote:
On 2025-03-17 14:53, Nick Finnigan wrote:
On 17/03/2025 13:53, Java Jive wrote:
On 2025-03-17 08:53, Nick Finnigan wrote:
On 16/03/2025 18:00, Theo wrote:
In uk.telecom.mobile Java Jive <java@evij.com.invalid> wrote: >>>>>>>>>
No, how would he have known the answers to the security
questions to
enable the SIM swap, and his emails were from Virgin Media,
while the
SIM was from O2. Although not initially, my reading of the >>>>>>>>> original
article is now unambiguously that the email hack preceded the >>>>>>>>> SIM swap
and provided the initial personal information necessary to
accomplish
everything that followed.
Virgin Media O2 are one company - VM and O2 merged June 2021. I >>>>>>>> don't know
whether they have merged customer accounts such that the same
security
details are used for both. In which case it may be that one set >>>>>>>> of details
gives access to both mobile and emails.
"If you've linked your Virgin Media and O2 details to create a
new Virgin Media O2 ID, sign in with it here."
https://accounts.o2.co.uk/signin
But Theo's own transcription of events from the BBC Radio
documentary makes clear that he had not done so (first and last
entries from this excerpt):
  That does not make it clear to me (he would still have an O2
password as well as a VM/O2 password).
I disagree, your own quote shows that if it was a joint account for
both, he'd only have needed the one password, whereas the Theo's
transcription makes it plain that there were two.
  He would still have an O2 password, as well as a VM/02 password.
  (See the O2 website)
So I did ...
https://www.virginmedia.com/support/help/linked-virgin-media-o2-id
"... once you’ve done this you’ll only need to use your new Virgin
Media O2 details to sign in to both My Virgin Media and My O2 (and any
other online spaces you’d usually use your My Virgin Media or My O2
details to sign in to)."
 ... "We’re on a journey to becoming one company – Virgin Media O2. Temporarily your old My O2 sign in details will still work"
The above and their their login page in conjunction with Theo's
transcription makes it clear that in this instance he had two separate
logins for two separate accounts, because with the O2 one he was
advised by a text that his password had been changed, whereas with the
VM one he wasn't advised at all that his password had been changed
until he tried to contact them, whereas if he's been using a single
account for both, one one or the other would have applied, not both.
Further, when he corrected the change of password with the first, O2,
it would have applied automatically to the second, VM, as simply it
would have been the same account.
On 2025-03-20 10:42, Nick Finnigan wrote:
On 17/03/2025 18:44, Java Jive wrote:
On 2025-03-17 14:53, Nick Finnigan wrote:
On 17/03/2025 13:53, Java Jive wrote:
On 2025-03-17 08:53, Nick Finnigan wrote:
On 16/03/2025 18:00, Theo wrote:
In uk.telecom.mobile Java Jive <java@evij.com.invalid> wrote:
No, how would he have known the answers to the security questions to >>>>>>>> enable the SIM swap, and his emails were from Virgin Media, while the >>>>>>>> SIM was from O2. Although not initially, my reading of the original >>>>>>>> article is now unambiguously that the email hack preceded the SIM swap >>>>>>>> and provided the initial personal information necessary to accomplish >>>>>>>> everything that followed.
Virgin Media O2 are one company - VM and O2 merged June 2021. I >>>>>>> don't know
whether they have merged customer accounts such that the same security >>>>>>> details are used for both. In which case it may be that one set of >>>>>>> details
gives access to both mobile and emails.
"If you've linked your Virgin Media and O2 details to create a new >>>>>> Virgin Media O2 ID, sign in with it here."
https://accounts.o2.co.uk/signin
But Theo's own transcription of events from the BBC Radio documentary >>>>> makes clear that he had not done so (first and last entries from this >>>>> excerpt):
  That does not make it clear to me (he would still have an O2 password >>>> as well as a VM/O2 password).
I disagree, your own quote shows that if it was a joint account for
both, he'd only have needed the one password, whereas the Theo's
transcription makes it plain that there were two.
  He would still have an O2 password, as well as a VM/02 password.
  (See the O2 website)
So I did ...
https://www.virginmedia.com/support/help/linked-virgin-media-o2-id
"... once you’ve done this you’ll only need to use your new Virgin Media O2
details to sign in to both My Virgin Media and My O2 (and any other online spaces you’d usually use your My Virgin Media or My O2 details to sign in to)."
The above and their their login page in conjunction with Theo's
transcription makes it clear that in this instance he had two separate
logins for two separate accounts, because with the O2 one he was advised by
a text that his password had been changed, whereas with the VM one he
wasn't advised at all that his password had been changed until he tried to contact them, whereas if he's been using a single account for both, one one or the other would have applied, not both. Further, when he corrected the change of password with the first, O2, it would have applied automatically
to the second, VM, as simply it would have been the same account.
  That does not make it clear to me (he would still have an O2
password as well as a VM/O2 password).
Expect any further replies to be ignored unless you can come up with something both relevant and convincing for this particular case.
On 20/03/2025 13:27, Java Jive wrote:
  That does not make it clear to me (he would still have an O2 >>>>>>> password as well as a VM/O2 password).
Expect any further replies to be ignored unless you can come up with
something both relevant and convincing for this particular case.
 There is nothing convincing, that was my point.
Hasn't this thread reached a point yet where everybody realises they'll
never know what actually happened?
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 496 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 61:38:05 |
| Calls: | 9,762 |
| Calls today: | 3 |
| Files: | 13,744 |
| Messages: | 6,185,605 |