Tech support scams are not new
Tech support scams are not new

TalkTalk customers are reportedly facing new breaches ‘on an industrial level'. TalkTalk customers have complained of calls from individuals armed with alarming knowledge of their private credentials.

Customers have complained to a variety of outlets that these callers, who claim to be employees of TalkTalk, knew private details such as their router number and passwords. These callers would say that there was some problem with the TalkTalk customer's service and ask that they install a piece of software on their computer that would fix the problem. In reality that software would give full control over to the person on the other end of the line. The affected customers claim that the callers had such a deep knowledge of their personal details, that the information could only have come from TalkTalk itself.

One TalkTalk customer who was contacted told the Guardian that, “I am absolutely furious. The fraudsters knew everything about my account – including my router password – that can only have come from the company. I want to leave, but TalkTalk has demanded a £386 early termination fee.”

The BBC reported that a gang from India is behind the scam calls. Three sources approached the broadcasting service saying that they had been employed by the gang whichsupposedly runs call centres in two separate indian cities. The sources said that the gang's 60 employees use stolen information on TalkTalk customers to convince their victims that they are legitimate employees of the company. Victims are then tricked into installing malware on their computers that hands control over to the gang.

This is nothing too original. The Windows Tech Support scam have been common for a while now.  This type of fraud supposedly overtook identity theft in 2016, with the US Federal Trade Commission's Consumer Sentinel project logging threemillion consumer complaints of such fraud in that year. Another source told the BBC that a criminal gang stole information from a call centre set up by TalkTalk in 2011.

TalkTalk was breached in October 2015, leading to the theft of up to 150,000 customers' details. The telecommunications giant was roundly damned by the security industry. Singled out for criticism was Dido Harding, TalkTalk's chief executive, whose Newsnight interview on the breach was considered an example of exactly how not to publicly react to a breach. Marketing Magazine ran an article at the time titled “Talk Talk boss Dido Harding's utter ignorance is a lesson to us all.” The breach eventually ended up costing the company £42 million and over a 100,000 customers.

TalkTalk told SC that these new claims are unrelated to TalkTalk's 2015 breach. Pointing to the company's anti-fraud campaign, ‘Beat the Scammers', a spokesperson told SC Media UK that, “We are aware that there are criminals targeting a number of UK and international companies, and we take our responsibility to protect our customers very seriously.”

The Information Commissioner's Office (ICO) which oversees and regulates data protection in the UK fined TalkTalk £400,000 in 2016 for its failure to protect customer data. The full investigation is only just coming to an end.

A spokesperson for the ICO told SC, “This has been a complex and detailed investigation involving outsourced processing with an international dimension, the investigation into which is now coming to an end.”

It is not quite clear whether these new reports are related to the 2015 breach, but the ICO added, that while it can issue fines for serious contraventions of the Data Protection Act, “the law doesn't allow us to issue compensation to affected individuals or to order organisations to pay compensation.”