Several whistle-blowers’ claim to have revealed details of a significant scam that operated from “call centres” in two Indian cities and involved “hundreds of staff“, many of which had been “hired to scam customers” of UK based broadband and phone provider TalkTalk.
Last year TalkTalk confirmed that three employees for sub-contractor Wipro, which operates the ISP’s outsourced call centre(s) in India, had been arrested by local police in Kolkata (Calcutta) after allegedly stealing personal data from subscribers and using it in call centre scams (here). NOTE: The Wipro incident is not directly related to the 2015 cyber-attack on TalkTalk’s website.
At that point customers’ of TalkTalk were already no strangers to the risk of scam callers and indeed many had been subjected to exactly that sort of con. Since then we’ve not heard much from TalkTalk about the situation, although a new investigation by the BBC, which is based on information supplied by three alleged employees of dodgy call centres, appears to reveal just how big the scam was.
Advertisement
Apparently the whistle-blowers’ were employed by two front-companies that had been established by a gang of professional fraudsters. Both of those companies, which have not been named in the article, deny any wrongdoing.
They say as many as 60 “employees” work in shifts in each office [each earning about £120 per month], phoning TalkTalk customers and duping them into giving access to their bank accounts. The whistleblowers say they were given a script in which they were told to claim they were calling from TalkTalk.
They say they then convinced victims to install a computer virus [trojan that took over part of the computer]. A separate team would use that virus to gain access to victims’ online banking, they add. While it has not been possible to independently verify their claims, the sources have given highly detailed accounts of the scammers’ tactics, which correlate very closely with previous reports of fraud targeting TalkTalk customers.
The article suggests that several of Wipro’s employees allegedly stole at least some of TalkTalk’s personal customer data from the company (putting it on USB sticks) and later traded it to the dodgy fraudsters, who then used the information to cheat customers out of their money. Naturally if a caller appears to have all of your account details then it’s a lot harder to tell a fraudster from an authentic support call.
In fairness this kind of crime is by no means unique to one ISP and other companies have been targeted by similar activity in the past. However at the time TalkTalk was criticised for taking too long to identify and stop the activity (apparently the data itself was stolen from Wipro in 2014 but TalkTalk didn’t begin their review until late 2015).
A Spokesperson for TalkTalk said:
“We are aware that there are criminals targeting a number of UK and international companies, and we take our responsibility to protect our customers very seriously. This is why we launched our Beat The Scammers campaign, helping all our customers to keep themselves safe from scammers no matter who they claim to be, while our network also proactively blocks over 90 million scam and nuisance calls a month.”
The ISP’s campaign reminds consumers that their staff will “NEVER” ask for your full password (they’ll only ask for two digits of it) or your bank details to process a refund. Likewise they won’t ask you to send money through services like MoneyGram or Western Union and they won’t quote your TalkTalk account number to prove the call is genuine.
Advertisement
Today outsourcing isn’t quite as popular as it once was, with operators like BT and EE even choosing to move their support back to the UK. Similarly consumers often complain that outsourced call centres lack the same quality as their UK based counterparts and there remains a general concern about shipping personal data overseas to countries where the laws and security standards might not be quite so good (not that the UK is perfect).
Comments are closed