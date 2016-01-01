Hacker News new | comments | show | ask | jobs | submit login
Inside the TalkTalk 'Indian scam call centre' (bbc.co.uk)
Dell support has a similar issue. Relatives of mine have been contacted by people claiming to be from Dell support soon after the person actually opened a case with support (so someone has ongoing access to the Dell database). The scammer had the tag of the computer, which I confirmed was correct.

They basically said to check the error log of Windows with instructions. There are always some benign errors, which they'll tell you are proof there's something wrong, and then try to get you to download software to fix it.

Edit: see https://arstechnica.com/security/2016/01/latest-tech-support... and https://krebsonsecurity.com/2016/02/dell-to-customers-report...

Key point - because they outsourced a call center to India, the customer data of TalkTalk was stolen along with their customer care scripts. This was then used to setup a fraudulent call center in India that has been scamming their customers - brutal:

> In 2011, TalkTalk outsourced some of its call-centre work to the Kolkata (Calcutta) office of Wipro, one of India's largest IT service companies.

> Last year, three Wipro employees were arrested on suspicion of selling TalkTalk customer data.

> A source in Kolkata, who did not want to be named, alleges the same data was obtained by a criminal gang, with USB sticks full of data trading hands at parties.

If they had been TalkTalk employees, in India, it could still have happened.

If they had been TalkTalk employees, in the UK or any other country, it could still have happened.

It doesn't seem that its because they outsourced a call centre to India, or even because they outsourced a call centre, but rather because three call centre employees were corrupt.

Anyone following the UK news knows there are plenty of insider-jobs happening on-shore too.

It's quite a clever and elaborate social engineering scam, especially using the stolen data to use as a tool to get the mark to believe the call is genuine.

I've been repeatedly called with 'Support Scam' where they trick you into installing sw that lets them monitor and control your computer. I don't remember this being as prevalent as before. Clearly it is profitable and they are finding enough targets to warrant operations.

My father fell for this scam. As you get older, you lose patience with computers, so he developed a tendency to click on anything to get browser popups to just go away. One of them was a "Your computer is infected and we have the cure" scam. His info was passed to their "customer care desk" which took him for $300 to supposedly clean his PC. They would regularly call back for subscription renewals (more $$$).

I didn't find out until it had been going on for a few years, because dad didn't want to bother me with his computer problems. Make sure you inform your parents about this - they're easy marks for these assholes.

It's a lot easier to pull this off when you have customer records to do it with. That raises the chances that you can convince them you are legitimate.

It could go even further then that. If the TalkTalk data included normal company data you would have the names of previous support members, and from there social media accounts and so forth.

