/ Technology

Have you been called by a ‘BT technical support’ phone scam?

Has the ‘Microsoft technical support’ phone scam evolved? Is it now the ‘BT technical support’ scam? We’ve heard from people who’ve been called… and we want to see whether there are more of you out there.

02/09/2019: BT technical department call

We continue to receive large numbers of reports of scammers impersonating BT’s ‘technical department’ in order to gain access to victims’ PCs and/or extort money from them:

It would appear that this call is similar in nature to the Visa ‘fraud department’ scam, which has also been plaguing people across the country.

Thanks to you and your frequent comments here on Which? Conversation we’re well aware of the scam and are able to warn others. We’ll also be making BT aware of the volume of comments we’ve been receiving.

As always, if you’re worried about these calls or fear that you may well have fallen for a scam, our guide to phone scams can advise on what you need to do.

These calls can also be reported to Action Fraud online or by phone on 0300 123 2040.

Have you received this scam call? If so, let us know in the comments and help others avoid falling into its trap.

Original convo 22/11/2013

Remember the Microsoft support scam? It starts with a nuisance call, but can end with your PC being compromised and a dent in your bank account.

An unsolicited caller claims to be working for Microsoft’s support team, they ask to remotely access your PC, they ‘prove’ that your computer’s infected with viruses, and they offer to fix it for a fee.

The thing is, they’re not from Microsoft and your computer may be virus free. And even if your PC was infected, you could get it in ship shape condition with free antivirus software.

Hundreds of you have told us that you’ve been subject to this scam. Microsoft’s own survey found that one in five people in the UK have been called by one of these scam callers. Of those who fell victim to the scam, the average amount lost was  £745.

The ‘BT technical support’ scam

We’ve now received reports that the scam has changed, or at least that it’s evolved to be a call from ‘BT’s support team’.

One Which? member told us he thought he was speaking to someone from BT – he was then tricked into paying the best part of £400 to remove viruses from his PC.

Our Twitter follower Brian experienced something similar. He was called by someone claiming to work for BT’s Wi-Fi team. They told him there were problems with the broadband connection in his area and that they needed remote access to his computer to fix it. This took control away from Brian, his computer shut down and now he can’t start it up.

So we want to hear from you – have you been called by someone claiming to be from BT’s support team? Did they remotely access your computer? Share your experiences in the comments below.

Advice on technical support scams

Oh, and some advice for you if you’re called by one of these scammers, whether they purport to be from BT, Microsoft or another company. A caller does not know whether your PC is infected with viruses. Do not ever let a caller remotely access your PC – this hands them the keys to your personal data. And never hand over your bank details to an unsolicited caller.

If you think you’ve been a victim, run a virus scan, alert your bank and contact Action Fraud to report the scam.

One final thing you can do to help call time on scams is sign our stop nuisance calls peitition.

Comments

The latest trick they are trying when they they know a person’s email address as well as their telephone number. They call the number, then, when you ask for proof of who they say they are, i.e. by asking them to give you your BT account number, they go into my BT, put in your email address and click on forgotten password. This triggers BT to email a PIN. This is standard security procedure and there is nothing to distinguish this security generated PIN from a password reset PIN. Once they have the PIN, they can then get into your BT account (and, if course your emails) and tell you your account number, convincing you they are genuine.

I have no idea how long BT have known about this, but I am currently fighting them to get this changed, so, at the very least, the PIN email makes it clear that it is a security check, or password change or whatever. So far I’ve been told they are “in the process of changing it” and that it is “highlighted”!

I was lucky, I didn’t lose any money, but this could be happening to many, many people every day. Disgusting that BT don’t sort it immediately.

Hi Caroline, I am trying to understand this.

Surely scammers would only have access to your pin if they also had access to your email address on your computer or phone.

Or am I missing something?

Sorry, was trying to précis a complicated process, but obviously shortened it too much. Basically, if you ‘phone BT, they take you through security. One item in this process is for them to send you specifically and instantly formulated PIN in an email or text. If you can read this PIN back to them, that verifies who you are, so the conversation can proceed.

However, such a PIN is also sent when you want to change your password. You put the PIN into the box on the “reset email” page and then you can change your password. The major flaw is that the email containing a password changing PIN is identical to the email containing the security PIN. There is absolutely no indication whatsoever as to why the PIN has been sent, for what purpose, i.e. for security check or password change.

In the case of the scam, the scammers had both my telephone number and email address, possibly from a charity website I help with, but who knows. So, while I was on the ‘phone and when I asked them to prove who they were by telling me my BT account number, they (I know now, but didn’t then!) opened up the “My BT” page on the BT website, put in my email address and clicked on “forgotten password”. This generated the emailed PIN sent to my email address. It is absolutely genuine and generated by BT, and comes from them. However, as the scammers said they were sending me a security PIN, it never occurred to me it could be a password change PIN, so when they asked me for the number, I gave it to them.

Once they had the PIN, they then put this into the appropriate box on the reset password page and hey presto, they could change my password to one of their own and get into my account. From there they could glean all kinds of information, including my account number. They can also get into my emails as well.

Of course, I didn’t know this, so as they were able to give me the information I asked for I assumed they were genuine.

It was a first line BT telephone answerer who told me this, so they have clearly known about this for some time, yet all they have done is “highlighted” the issue, so it can still happen to someone else. Hence my continuing to fight to get it changed immediately.

Hope this helps to clarify.

Thank you for your detailed explanation Caroline, now I understand.

I completely agree with you that BT should differentiate between the two PINs.

I never divulge personal or account information unless I instigate the call. On the rare occasions I have been called, I always call them back on a number I find from a trusted source making sure the line is clear first.

Have you got another email address you can use? If not, have a look at Proton Mail.

Thanks Caroline, that confirms my understanding of your earlier post.

As you say, it was bad that BT knew about that hole in their system but had not remedied it.

Thanks for the idea. Yes, I had thought of that, but as I don’t look at it that other one much, I’d have to try to remember to, otherwise messages could be sitting there for weeks!! Of course, I don’t know how they got my email address and ‘phone number together. It may not have been that. I was interested to read that BT had been hacked. Didn’t know that, so they could have got the info from there, or, indeed, just about anywhere! Insurance companies, shopping websites etc. anyone who sells on info.

At least I am aware, now!

I was interested to read that Matthew Paris had been deceived a couple of years ago, so if it can happen to him, I don’t feel so bad. I am, usually very aware, and can suss out a scam and/or spam email quickly, but they really got me with this one. Fortunately it only ended badly for them!

Hi Caroline,

One way of getting email addresses is via data breeches, when companies are hacked and customer data is stolen.

You can use this website:-https://haveibeenpwned.com/ to see if your email address was compromised in any of several known data breeches.

Thanks for that. Interesting. Of course in the scam I experienced, the scammers would have to know both email and telephone number, which are rarely together. My emails showed up in a couple of breaches, but both many years ago and neither had my home number.

I did reply to this, but it seems to have disappeared! Thanks for this. Interesting. Nothing here that would give email and ‘phone no. together, but I will keep checking.

Ian Dalling says:
19 July 2021

We have received these calls over a year or so despite blocking the number each time. It starts with an automated call always the same. It has occurred while we had a BT landline and continued when we switched to Virgin Media. We reported it to Virgin and it seemed to improve for a bit but now seems frequent again.

Heidi says:
22 July 2021

Received a call today a young man with an Indian accent by the name of Alex stating he was calling from BT Technical – from a mobile phone 07858 681716. I didn’t give him the option of advising what is supposed to be not working within my home as hung up straight away.

I’ve received so many of these fake calls. What I do is listen to the person, and ask them to send me the details of the fault in writing, with a name and contact number to whom I can respond to, they hang up every time. You should try it, it really works

JIM

Alun says:
27 August 2021

Just had a “IDIOT SCAMMER”on the phone wanting to know if I had central heating or Gas central heating to which my answer was no he then persisted by saying yes I do and that’s when I put the phone down on him he then had the cheek to ring me back but this time I did not answer.
Bear in mind my house is 1500 years old and we have log fires

Rod Laird says:
20 October 2021

BT Internet Technical Department. Called herself Rose Spencer. New who the phone line was registered to but nothing else. Offered to prove her name by telling me her Facebook account. My fail safe for these is saying that I am a Chief Inspector in the Met Police Fraud Squad and asking for the offices they work out of, their managers name, etc. They always put the phone down.

Rod — Instead of fraudulently uttering falsehoods you could just put the phone down. The other party would soon reciprocate.

Caroline, thanks so much for posting this information. I had a call today from a lady with indian accent saying she was from bt and warning that my internet account was being compromised. I immediately thought it was a scam and was about to hung up when she said I should have received and email from bt. I said I couldn’t talk at that moment and that I would call bt later and hung up. I checked and I did in fact had an email from bt with a pin number, it looks completely genuine. I was convinced this was a scam but couldn’t figure out how they could send the email, now I understand!

Linda Gamlin says:
11 November 2021

My friend of 84 has been caught by these people posing as BT personnel twice in two days. And on previous occasions, some years back. Every time he has turned on the computer and did what they told him to do. Every time he was convinced they were from BT – quite what they did to convince him I don’t know, because he doesn’t remember. It is all very well offering these various clever solutions to those who are able to think clearly, but plenty of elderly people are a little bemused by the modern world and very easily taken in. He always emerges from these events ‘wised up’, but it doesn’t last (it didn’t last 24 hours this time….) BT and the police should be taking a much more pro-active role in protecting people from these scammers. They are muggers, no different from those on the street. It really can’t be that difficult to do.