mobile phone fraud / new handset - Orange

dwjoll

dwjoll

dwjoll

Associate
Joined
1 Dec 2008
Posts
69
Hi all,

Here's the story so far...

(I've been with Orange for many years and I'm on a pay monthly contract)

On 18/10/12 I noticed I had no signal on my phone, figured the phone was just playing up so ignored it. Still had no signal the following day so called Orange up. The lady on the phone informed me my handset had been 'blacklisted' as it had been reported as lost/stolen. I said this is not the case and she lifted the blacklist - both assuming it was just a rare error made by Orange.

However, the following day - still no signal. I called up again. This time I spoke to another lady. She did a bit more digging this time around and discovered a new handset had already been billed to my account (£220) and the claim was still being processed by Orange. I explained something must be very wrong here. Either Orange had mucked up or someone was calling up pretending to be me. It was the latter.

Whoever was calling up as me had my DOB, address, full name and knew how I paid my bill (and the dates of when it gets paid which was even more worrying). With these basic bits of information, they are able to bypass Oranges' 'account password' and reset it.

I was shocked to see how easily this is 'account password' can be bypassed. As I said, all Orange need is your full name, address, DOB and how you pay your bill (which for 99% of pay monthly customers is direct debit).

The lady informed me that Orange would have to credit the amount of the new handset, but only after their fraud people had looked at it. So, I left it with her. My signal returned after I got off the phone.

Today I receive a called from Orange (on my mobile number) asking me to confirm that I am still requesting a new handset! The guy on the phone seemed a bit confused when he heard my voice as it differed from the mystery caller. They actually had the fraudster on the other line while he was talking to me. The man on the phone informed me they would talk to the fraudster and 'pretend' to put the order through, gathering his details and passing them on to the fraud people.

I'm worried whoever is doing this won't stop there and will try to get in to my accounts elsewhere. Does anyone have any advice on what I should do?

I'm also not happy at Orange's poor security checks and will be leaving them once this is all sorted.

Thanks for reading.
 
I have This is handset request fraud I suspect, a huge pain in the arse for networks (although it's not so common to do it during upgrades and even more bizarre for them to blacklist the first device...). I've seen a few variations on this but this is the first time I've seen this in-life upgrade method. We can assume you've had your identity cloned so I'd suggest you get a creditcheck done (1st month is free with experian, just do that), your bank account is likely compromised in some way too if they have the DD date, it might be only read access (will depend on the bank as to what's possible due to things like the access tool HSBC use) but it's probably worth checking out. If they have that then it's not a far stretch to suggest they have your email too - if you use gmail check the access log system at the bottom of the page.

Can you see any small debits from your account like an itunes single or similar? these are test transactions if so, your card has been compromised if you see anything like this.

From now on you need to check every time "Orange" call you - it could be the scammer getting details out of you, get them to confirm something with you or ask for the operators id etc... and call them back and get put through to that person.

Lastly - all networks use these same checks for p/w recovery, while I can understand your hostility to Orange for not looking after you, they did all that can be reasonably expected. How else would they deal with it?
 
Myshra said:
I have This is handset request fraud I suspect, a huge pain in the arse for networks (although it's not so common to do it during upgrades and even more bizarre for them to blacklist the first device...). I've seen a few variations on this but this is the first time I've seen this in-life upgrade method. We can assume you've had your identity cloned so I'd suggest you get a creditcheck done (1st month is free with experian, just do that), your bank account is likely compromised in some way too if they have the DD date, it might be only read access (will depend on the bank as to what's possible due to things like the access tool HSBC use) but it's probably worth checking out. If they have that then it's not a far stretch to suggest they have your email too - if you use gmail check the access log system at the bottom of the page.

Can you see any small debits from your account like an itunes single or similar? these are test transactions if so, your card has been compromised if you see anything like this.

From now on you need to check every time "Orange" call you - it could be the scammer getting details out of you, get them to confirm something with you or ask for the operators id etc... and call them back and get put through to that person.

Lastly - all networks use these same checks for p/w recovery, while I can understand your hostility to Orange for not looking after you, they did all that can be reasonably expected. How else would they deal with it?
Click to expand...

Thanks for your reply Myshra.

This isn't an upgrade request, the caller claimed the phone as lost/stolen and for a replacement handset to be sent. Hence the blacklist. It sounds like a cold call.

I didn't realise these security checks applied to all networks. How else would they deal with it? Well for a start hold data about me which is a bit harder to get than just DOB, full name and address.

Also I'm annoyed that they can request the replacement handset be sent to a different address, i.e not the billing address. This would solve the matter.

What I'm worried about is what's going to stop the fraudster from calling and requesting the new handset tomorrow, next week, a year down the line? My personal details won't change so he will always be able to get in? How can this be secure?

Contract phones have their advantages but I'm seriously considering PAYG after this.

Touch wood, bank & email seem OK but I will keep a careful eye on them.
 
The handset send point I believe is down to risk assessment profiling, new people get handsets to card registered addresses only etc... not sure for upgrades though, this is a fairly clever variant on the fraud. Was it definately going to a second address? It's more common to try intercept (this has happened to other forum users) although this is getting harder.

Lost and replace handsets are billed to the contract account I'm presuming for this to work, I guess the fraud relies on this turnaround except blacklisting is superfast, it seems like a dificult fraud to pull off well.

Technically they do likely hold more difficult info (password ;), call data etc..) but I'm not sure if they are allowed to use it to be honest, I'm not all that close to this type of work any more. What you can do is ask them to put a not on your account saying you're a victim of fraud and you need higher checks for password recovery as there has been attempted handset fraud on the account. The system they use allows for them to apply notes to your account, I can't see why they couldn't do this at the very least.

Have confidence in the security team over there too - they are very well funded because fraud in telecoms costs a lot and the guys there see many cases of this day to day. If you're ever worried, just call them and ask more questions. They will be more than happy to help. I still suspect your identity might have been cloned if they knew the DD date though - please do other checks to make sure you're safe.
 
Myshra said:
The handset send point I believe is down to risk assessment profiling, new people get handsets to card registered addresses only etc... not sure for upgrades though, this is a fairly clever variant on the fraud. Was it definately going to a second address? It's more common to try intercept (this has happened to other forum users) although this is getting harder.

Lost and replace handsets are billed to the contract account I'm presuming for this to work, I guess the fraud relies on this turnaround except blacklisting is superfast, it seems like a dificult fraud to pull off well.

Technically they do likely hold more difficult info (password ;), call data etc..) but I'm not sure if they are allowed to use it to be honest, I'm not all that close to this type of work any more. What you can do is ask them to put a not on your account saying you're a victim of fraud and you need higher checks for password recovery as there has been attempted handset fraud on the account. The system they use allows for them to apply notes to your account, I can't see why they couldn't do this at the very least.

Have confidence in the security team over there too - they are very well funded because fraud in telecoms costs a lot and the guys there see many cases of this day to day. If you're ever worried, just call them and ask more questions. They will be more than happy to help. I still suspect your identity might have been cloned if they knew the DD date though - please do other checks to make sure you're safe.
Click to expand...

Thanks Myshra, appreciate your words.

Yep the fraudster had asked Orange for the phone to be sent to a different address, which they had OK'd. He had also changed my account password again. The bill was charged to my account and I can see the amount on my latest e-bill. They said they will need to credit this once the fraud department have looked at it. The lady I dealt with on Saturday actually cancelled my direct debit so that it didn't come out of my bank.

I believe notes have been added to me account. I'm still waiting for a call to update me on the situation, but as soon as they call I'll insist they mark my account down as higher security checks required.

The DD date is the one that's got me puzzled. I'm keeping an eye on all log in activity for my online accounts. I take great care with my details and my computer security so I'm just a bit taken back that it's happened to me.

Yeah you're right, this fraud would work but because the blacklist was put on instantly and I lost my signal for over a day I knew something was wrong.
 
You don't want just a note to be added as, unless the advisor checks the notes first then they won't see it.

In T-Mob there is (or was) a way to have a pop-up box appear whenever the account is brought up which can have some free text entered such as "**ensure extra security checks carried out, previous fraud attempt on account**" or the like. The user has to manually dismiss this message.

Not sure if Orange has this but T-Mob does or did (been a while). Ask them. IIRC only a manager can put this on though so you may have to ask for their Team Leader.
 
You must log in or register to reply here.
Back
Top Bottom