Dale Penney – Written evidence (FDF0065)
With yourselves being current clients of mine, you actually received a fake email, supposedly from me, asking for a 50% deposit to be paid to the accounts team, which would secure your slot.
Within a couple of minutes of Jonathan texting/telephoning me to ask if this was correct, I had three other calls from clients with the same email.
Someone had broken into my email account, snooped around, looked to see who were my current clients, and sent out emails asking for payment. Fortunately, all recipients were suspicious, as I had never asked for any payments during face to face discussions.
The scammer even mimicked my signing off. When clients are new I sign off with, Kind Regards. Once we have met a couple of times I change to, Cheers.(just less formal). The scammer had copied this to look genuine.
I immediately got in touch with BT to find out why my account had been hacked. After a lengthy discussion, and re-setting my security, the lady gave me the explanation.
The scammer had called BT and spoken to an operator, saying he had forgotten his password. Now, this is the scary bit. He convinced the operator he was me and the operator gave him a four digit code, two be sent to his mobile phone, to allow him to update the password.
As the scammer didn’t have the correct mobile number, he told the operator he had changed mobile phone. The operator updated my details with the scammer’s mobile number. That is all he needed to access my email account.
I am still seething on how BT could do this without checking more deeply about passwords, mobile numbers etc.
The lady I spoke to at BT, told me, not only do they have the scammer’s email address and Mobile phone number, but also they recorded the conversation with him. I did insist they pursue the scammer, especially with all the data they have.
Fortunately, according to BT, my email account was only hacked for a period of around 30 minutes before I called and reported it. That 30 minutes could have been very costly.
I am very switched on with scams to emails etc, I can spot them immediately. But, I can’t spot them when I don’t see them.
I don’t know if Jonathan still has a copy of the fake email. I have attached an image of one sent to another client for your information. I do have other instances of fake emails if you need any further examples.
I hope this helpful to you, and I am very happy for you to use the above information along with my name.
28 April 2022