There is industrial scale fraud being perpetrated on UK customers of the British telecoms company TalkTalk, according to whilsteblowers that have approached the BBC. Three sources claim to have been employed by two front companies set up by a gang of professional fraudsters in India. The sources have described working in call centre environments in two Indian cities, which each housed 60 ’employees’ working in shifts, saying their reason for being there was to call TalkTalk customers and attempt to fool them into giving them access to their computers and ultimately their finances. The whistleblowers also claim they were issued with a script to follow in order to successfully do this and were told to claim that they were calling from the broadband and phone provider TalkTalk.
During the scripted conversation, they said they would attempt to trick the unsuspecting customers into installing a virus on their computer. The malicious program was then allegedly used by a separate team to gain access to the victim’s online banking. The source’s claims have not been independently verified but the highly detailed accounts of the fraudulent activities the individuals have given tally closely with existing reports of this kind of fraud; particularly that which has targeted TalkTalk customers in the past.
The software the two individuals named also matches that which TalkTalk itself has identified in guidance on its own website. Also, a victim of successful fraud by callers claiming to be from TalkTalk confirmed that the script the sources revealed matched that which was read to her when she was duped out of £5,000.
TalkTalk has been in the fraud limelight recently following a cyber attack in 2015, but there is little evidence to suggest that it was related to the scam described here. Instead, and perhaps even more sinisterly, this scam is allegedly linked to problems within a company hired by the British broadband provider itself.
In 2011, TalkTalk began outsourcing much of its call centre work to Kolkata (Calcutta) and to the offices of Wipro, one of India’s biggest IT service companies. Last year, three Wipro employees were arrested on suspicion of selling TalkTalk customer data. This was followed by an unnamed source in Kolkata alleging that that same data was obtained by a criminal gang and that USB sticks containing customers’ data would even change hands at parties.
The source alleges that this data would then be used by criminal gangs in at least three call centres that were set up for the purposes of defrauding British broadband customers. They also say that staff at these call centres would use the personal data to convince a TalkTalk customer that they were genuine employees from the company, and would then tell the victims that their computers were infected with a virus but they could fix the problems.
It is alleged the victim is then convinced to install a piece of software on their system that gives the caller complete access to the computer. The source says the fraudster then offers the victim a compensation payment, for which they must access their online bank account. With the virus now installed, the fraudsters would be able to gain access to those bank accounts once the user has logged in for the first time.
The BBC news website is unable to independently verify the claims but do state that they were approached by the sources independently of each other and that the individuals had with them copies of the quoted script and one even attempted to share the details of UK victims they had called, with a view to warning them before they fell for the scam. The full article can be read here.