“BT” phone scam update

The long running “This is BT” telephone scam has reached new heights of sophistication.

We had a client in for help today who almost lost a lot of money, but thankfully caught on at the last minute and was able to freeze bank accounts before anything was taken.

This time it was the usual telephone call to begin with, claiming that the person called had a problem with their online security, their IP address had been “hacked” and the router compromised. A new router was allegedly en route, but in the meantime all of the security software on the (Windows based) computer had to be replaced with new and better versions in order to end the hacking.

The client then installed the perfectly legitimate TeamViewer remote access software, and the thieves then took control of the computer, removing all security software and then asking the client to access their online banking to process a “refund” from BT for the inconvience.

At this point our client became very suspicious, and ended the call, or so she thought. The scammers kept the line open, and when she called back to what she thought was a legitimate BT number was reconnected with them again (the call had never ended; it was merely muted by the robbers and a dialling tone played down the line), to the extent of a “press 1 for x, press 2 for y” system being the first thing she heard when “connected”.

She then asked them to disconnect the TeamViewer remote access while she logged in to her online banking to process the “refund”. They supposedly did, but we strongly suspect that the remote connection remained open in order to harvest the login details for the bank in question.

The “refund” was then processed, but was a far larger amount than had been previously stated on the telephone (the call was ongoing throughout the whole process, as well as the remote access) – several thousand pounds instead of the £200.00 promised. This appeared on the online banking summary screen, and when our client mentioned the amount the thieves then said that a mistake had been made in the amount of the “refund” and our client would have to repay the excess back to “BT”.

What had really happened is that the scammers had transferred our clients savings to her current account, then claimed that it was a mistaken “BT refund”, and were about to get her to transfer her savings and current account balance to them.

At this point our client became very suspicious, more so when the account details for the transfer were in an individual name and not a BT account, and thankfully was able to end the conversation and remote access to the computer before any money was taken.

The matter was reported to the PSNI, who have heard of at least £80,000 being stolen in this manner over the last two weeks. The bank account in question was also frozen, and all of the security settings will be changed before it is released.

The computer is currently with us to remove all of the remote access software planted on it and to have the security software reinstalled.

The scam has become very professional and sophisticated over recent months. The thieves now have a plausible answer for every question that the average computer user will put to them, and it seems now have a very clever means of having the money transferred to them by the account holder rather than stealing it directly. In a case like this the banks will wash their hands of the whole thing (not that they have been much help in our experience anyway) as the transfer was not done by a third party.

As we’ve said before, and will continue to shout from the rooftops, BT, Microsoft, Talk Talk or anyone else WILL NEVER, EVER, EVER contact you by telephone to advise you of a computer or telephone fault.

Anyone who claims to by from any of these – or any other – organisation is a liar and a thief, and the best thing you can do is to hang up without confirming any details.

Comments are closed.