Skip to main content

By now, you’re probably well aware of the cyber-attack that hit telecoms firm TalkTalk last month. In the days since the hack, TalkTalk have said that hackers managed to get hold of the personal details of 157,000 customers.

Of those, 15,000 customers had their bank details accessed and 28,000 obscured credit and debit card numbers were stolen. With such information taken, there’s been an increase in the amount of phishing scams targeted at customers. To help you know what to look out for when contacted by someone claiming to be from TalkTalk, follow our guide.

Phishing scam

An investigation by the Daily Mail found the lengths that fraudsters would go to, to try and scam their victims. A reporter for the newspaper was called by a man claiming to be from TalkTalk and kept him on the line to get as much information out of him as possible.

The fraudster introduced himself as David Jones and told the reporter that someone had been trying to hack into his computer from a foreign location and that he will need to run a scan on it. He explains that in order to do so, he will need the customer to log onto his computer and enter a six-digit code into a website.

If these instructions had been followed, they would have given the fraudster complete access to the computer. This would mean that the caller would have been able to see exactly what’s on the screen and use this to their advantage – having the capacity to search through files, download programs, install viruses and look at the keystrokes that were used when online banking was accessed.

With the reporter not giving in, the fraudster tries to authenticate his story by saying that he had been informed by Microsoft that someone was trying to hack the computer. The call ends with the fraudster getting frustrated and threatening to block the customer’s computer – something they don’t have the ability to do.

What to look out for

• TalkTalk, and other legitimate companies will never call you out of the blue and ask to take over your computer to fix a problem. They will also never call you and ask you to download software onto your PC.

• Similarly, no legitimate company will ever ask you to pay for any viruses to be cleared from your computer or for any issues to be fixed over the phone.

• If you’re redirected to a website from an email or message, take a close look at the site you are taken to. Check the ‘URL’ (the long address in the address bar of the internet browser), if it is not the company web address, or something else on the website looks suspicious (such as poor quality logos, grammar and spelling) then close the browser.

• You should never be rushed into doing anything over the phone, so don’t allow yourself to be pressured or bullied into it – if it doesn’t feel right, it probably isn’t.

• Just because the person on the other end of the line knows your details, it doesn’t mean they’re legitimate – this information is being bought and sold by criminals so any number of people could have access to it.

• Never give out your internet passwords to anyone who calls you. If a legitimate company has a problem with your account, they can just reset the password to protect you.

If you think you’ve fallen victim for a fraud like this, get in touch with your bank or credit card provider immediately and report it to Action Fraud.

Legal Information