ROBBED BY CYBER HACKERS
Conmen who stole TalkTalk customers’ details are raiding their bank accounts
CONMEN have been raiding the bank accounts of victims of the TalkTalk mass cyber-attack.
The fraudsters started cold-calling targets even before the broadband firm realised that customer details had been stolen.
The company alerted Scotland Yard and the major banks on Wednesday, going public about the hack on Thursday night. But by then some of the four million TalkTalk customers whose sensitive data may have been leaked were being contacted by criminals.
One victim’s bank card was used for a £600 shopping spree before further purchases were blocked.
TalkTalk admitted yesterday it still had no idea who was behind the attack or exactly what was stolen.
And, as touts offered the personal data for sale online, it emerged that:
A ransom has been demanded for the return of the information;
A group claiming to be Islamic extremists said they were responsible;
Cyber-security experts said TalkTalk should be ashamed;
A formal probe was opened by the
Information Commissioner into the breach.
Last night, victims revealed that scammers had used a range of ploys to try to get hold of their money.
Hilary Foster, a barrister’s clerk from Surbiton, south-west London, found that scammers had tried to go on a shopping spree funded from her bank account.
Many of the payments were declined but thieves still made off with more than £600, which they spent at Tesco and Office shoes. When she called to block the card, the bank asked her whether she was a TalkTalk customer: ‘I was in a blind panic. I am really, really angry TalkTalk found out about this on Wednesday and didn’t tell customers until a day later.’
Conmen also sabotaged a TalkTalk customer’s broadband line on Wednesday morning.
Iain Frater, a trainee doctor from Glasgow, said: ‘They slowed my internet down then phoned pretending to be TalkTalk support. They had all the details you would expect, including name, address, phone number and account number. The guy really sounded like he was in a TalkTalk call centre.’
When Mr Frater became suspicious and tried to end the call, the fraudsters warned him his computer was at risk of exploding.
Chief executive Dido Harding apologised to customers last night but said it was too early to consider compensation.
Asked by Channel 4 if the com- pany had failed to invest in sufficiently tough online security following two previous attacks, she replied: ‘In retrospect – absolutely. I would be the first to admit that.’
She said the significant investment the firm had made had proved i nadequate. She also admitted she didn’t know whether the details accessed by cyber criminals had been encrypted.
The firm shut its website when the attack became apparent.
Miss Harding said: ‘Our email system was running very slowly and that is usually an indication that someone is trying to bombard your systems to get in.’
Most major firms use encryption to ensure data is useless to hackers in the event it is stolen.
David Emm, of the cyber-security firm Kaspersky Lab, said: ‘TalkTalk should be ashamed. It is not their data at risk here. It is the data of other people who have placed their trust in the company.’
TalkTalk does not know how many of its four million mobile and broadband customers have had their details stolen, but their names, addresses, dates of birth, telephone numbers, credit card numbers and bank details are all at risk.
The Metropolitan Police cybercrime unit is investigating the attack but has made no arrests.
‘We are aware of speculation regarding alleged perpetrators; this investigation remains at an early stage; a full assessment of the alleged data theft is ongoing,’ it said in a statement.
The Islamic extremists published a threatening message on the Pastebin website, warning: ‘We will teach our children to use the web for Allah. Your hands will be covered in blood. Judgement day is soon.’
The Russia-based groups published a long list of customer email addresses with some phone numbers and bank account details. The account numbers appear to have been deleted but some branch sort codes remain.
The authenticity of the messages is questionable. The group may be hoaxers passing off data stolen at an earlier date.
Two individuals whose telephone numbers were published said they were no longer TalkTalk customers. Others contacted by the Mail confirmed their details were genuine.
Jayne Snellgrove, detective superintendent at the cyber-crime unit, said: ‘TalkTalk have done everything right in bringing this matter to our attention as soon as possible.
‘The Met has one of the largest cyber- crime and fraud teams in Europe, with up to 500 specialist officers dedicated to tackling this sort of offence.’
Charles Dunstone, founder and chairman of TalkTalk, suggested the amount of information the thieves could get their hands on was restricted.
The technology company has been a repeat winner of MoneyMail’s ‘wooden spoon’ award for worst customer service.
‘I was in a blind panic’