Security

Whistleblowers Describe Industrial-Scale Indian TalkTalk Scam

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Follow on: Google +
Google + Linkedin Subscribe to our newsletter Write a comment

Scammers reportedly operating at least three call centres in two Indian cities targeting TalkTalk customers

Whistleblowers have described an industrial-scale fraud operation aimed at defrauding TalkTalk customers, with hundreds of staff working in call centres in two Indian cities.

The three sources told the BBC of a scam operation run by two front companies set up by professional criminals, with contact centres staffed by up to 60 employees in each office.

There have been numerous instances of scammers targeting TalkTalk over the past few years and the company suffered a devastating cyber attack in 2015.
Scam

Complex scam

They described in detail the techniques used in the call centres, which match those reportedly used by scammers to defraud TalkTalk customers of thousands of pounds each over the past two years.

If accurate, the reports would shed light on the ongoing series of scams targeting users of the British telecoms giant, about 20 of whom have joined a pending class action against the company brought by solicitors Leigh Day.

According to the sources’ accounts, staff were given a script to read from in which they claimed to be calling from TalkTalk and quoted the user’s account details.

They said they told the users to install software in order to fix a problem, in reality supplying malicious code that gave them full control over the user’s computer.

The user was offered a compensation payment and asked to log into their online banking, after which the malware was used to withdraw funds from the user’s bank account.

A separate team handled the funds transfers, according to the whistleblowers.

Funds siphoned

Various methods were used to obtain the funds, the sources said, including pretending to have made an erroneous overpayment and then asking for the surplus to be repaid, and in some cases setting up a new payee without the user’s knowledge and making a direct funds transfer.

One of the people affected by the scam said the script provided by the sources matched that read to her in an incident that defrauded her of £5,000, according to the BBC.

The sources appeared to confirm suspicions that detailed customer information had been obtained from Indian IT giant Wipro, to whose Kolkata (Calcutta) office TalkTalk has outsourced some of its call centre work since 2011.

A Kolkata-based source said customer data had been obtained by a criminal gang, with USB sticks of data being swapped at parties. A year ago three Wipro staff were arrested on suspicion of selling TalkTalk customer data. At least three call centres were operated to exploit the data, with staff earning about £120 per month, according to the sources.

The BBC said the three sources approached it independently of one another and that many of the details they provided aren’t in the public domain.

It said the unnamed companies named by the whistleblowers strongly denied any knowledge of criminal acts and affirmed their businesses were legitimate.
money-1

No liability

The apparent Wipro breach is not directly related to an October 2015 cyber-attack that resulted in the theft of 1.2 million email addresses, names and telephone numbers, as well as other account data. TalkTalk was fined £400,000 by the Information Commissioner’s Office (ICO) for its failure to protect customer data in that incident.

TalkTalk has consistently denied liability in cases of fraud perpetrated using stolen customer data, and in many cases the the Financial Ombudsman has also sided with the banks, meaning customers are left out of pocket.

The fraud operations are ongoing, with local media reporting a new case in Warwickshire as recently as last week, in which a Wootton Wawen resident in her 60s lost £1,700.

Solicitors Leigh Day said at least 20 individuals, some of whom lost £10,000, have registered an interest in bringing a claim against TalkTalk, but the firm is waiting for the ICO to publish the results of an investigation into the case which will allow it to begin proceedings.

The reported cases of fraud stretch back to December 2014, with TalkTalk reporting multiple data breaches beginning in February 2015.

It wasn’t until the October 2015 cyber-attack, however, that TalkTalk began a “forensic review” that led to the Wipro arrests.

ICO probe

TalkTalk said its network blocks millions of scam and nuisance telephone calls each month and that it is looking to raise scam awareness with its Beat The Scammers campaign.

“We are aware that there are criminals targeting a number of UK and international companies, and we take our responsibility to protect our customers very seriously,” a spokeswoman for TalkTalk said.

The ICO said it has been carrying out a “complex and detailed” investigation into a possible data breach involving TalkTalk’s outsourced processing and that the probe was reaching its conclusion, but declined to say when it might publish its findings.

Wipro did not immediately respond to a request for comment.

Do you know all about security in 2017? Try our quiz!