The London headquartered Telecommunications Company; ‘TalkTalk’ may be looking at a severe reputational loss after the broadband giant confirmed news of a cyber attack. Around the end of the year gone by, there were murmurings of a major data breach in relation to TalkTalk’s customers. These initial rumors have now been put to finality by acceptance of the data breach by TalkTalk.
A spokesperson for the company said, “We are aware of a small, but nonetheless significant number of customers who have been directly targeted by these criminals and we have been supporting (sic) directly.” This data breach that occurred around the last month 2014, compromised data relating to customer’s addresses, contact details and TalkTalk account numbers.
However, such a data breach was only the first step in a list of sinister steps designed by the cyber crooks. Scammers who had obtained TalkTalk’s customer data are now using the compromised data to seek further customer related information such as for e.g., bank account details.
With this development, TalkTalk, which has nearly 4 million customers, may now be facing a major risk of reputational loss and a possible uncontrollable situation. The compromised customer data are already being used to steal other customer related information. Using such information, cyber crooks have already started emptying pockets of TalkTalk’s customers.
In one incident, a customer was defrauded of£2800 ($ 4312) by a telecaller who is alleged to have an Indian accent. The telecaller reassured the defrauded person by speaking of all his TalkTalk account details and pretended to be a TalkTalk employee. After sending a file designed as support software, but which actually corrupted the defrauded person’s computer, the telecaller claimed that he will be able to resolve the problem. Thereupon, the telecaller took the defrauded person through a series of diversionary mechanisms and managed to obtain the secure One Time Password (OTP) from him.
Later, the defrauded person, to his utter shock and surprise found that an amount of £2815 had been deducted from his account. The person’s bank, ‘Santander’ has refused to recompensate citing the reason that ultimately the defrauded person, Mr. Graeme Smith, a semi-retired HR consultant had the volition when it came to sharing the OTP with the telecaller. According to the bank, the sharing of the OTP puts the responsibility on Mr. Smith alone.
Although TalkTalk has tried to play the whole data breach situation by claiming that only non-sensitive information has been compromised, the above incident shows how such non-sensitive data is being used by fraudsters to first develop an initial layer of trust and then seek out further other details in order to defraud TalkTalk’s customers.
[ Source ]