Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[guest]

If their systems are like many others then it'll be the last 4 digits of the card which are visible to whatever CRM system they use.

This probably isn't a good thing as I know I've been asked for the last 4 digits of the card as a "security question" by at least one ISP (not Sky) in the past.

Also aren't the first 8 digits of the card specific to the issuer (ie your bank/CC company)? I guess we'll see if there's an increase in scamming calls asking for the "second-last block of four numbers".

Were it me then I think I'd be calling my bank/CC company to tell them that I was a TT customer & instruct them not to process any new card transactions where a PIN isn't used/cardholder not present.

[Bowdon]

It does make me wonder if TT are telling the full truth. I was reading this article; http://www.dailymail.co.uk/news/article-3287470/TalkTalk-accused-covering-scale-jihadi-cyber-attack.html

These two examples stood out when reading;

"Conmen also sabotaged a TalkTalk customer’s broadband line on Wednesday morning.

Iain Frater, a trainee doctor from Glasgow, said: ‘They slowed my internet down then phoned pretending to be TalkTalk support. They had all the details you would expect, including name, address, phone number and account number. The guy really sounded like he was in a TalkTalk call centre.’

When Mr Frater became suspicious and tried to end the call, the fraudsters warned him his computer was at risk of exploding."

And

"Hilary Foster, a barrister’s clerk from Surbiton, south-west London, found that scammers had tried to go on a shopping spree funded from her bank account.

Many of the payments were declined but thieves still made off with more than £600, which they spent at Tesco and Office shoes.

When she called to block the card, the bank asked her whether she was a TalkTalk customer: ‘I was in a blind panic. I am really, really angry TalkTalk found out about this on Wednesday and didn’t tell customers until a day later.’"

I guess the first example might have just been the computer repair people scamming him. But the second example of Hilary Foster is more worrying. Bank accounts must have been compromised for the bank to be confirming if shes a TT customer. I've seen that theme on a few different stories. But the way the TT representative is saying then a bank account couldnt be directly compromised. So someone isnt tell the full story.

[AArdvark]

If their systems are like many others then it'll be the last 4 digits of the card which are visible to whatever CRM system they use.

This probably isn't a good thing as I know I've been asked for the last 4 digits of the card as a "security question" by at least one ISP (not Sky) in the past.

Also aren't the first 8 digits of the card specific to the issuer (ie your bank/CC company)? I guess we'll see if there's an increase in scamming calls asking for the "second-last block of four numbers".

Were it me then I think I'd be calling my bank/CC company to tell them that I was a TT customer & instruct them not to process any new card transactions where a PIN isn't used/cardholder not present.

As things are going I would withdraw enough cash for a week or so and contact the bank to re-issue new cards (new card numbers and pins) and change passwords on all internet banking etc.
You would be able to track any transactions easily as you will have gone to 'Cash Only' from a known date.
DD transactions should be safe but you will need to monitor your accounts for odd activity.

Q: Has anyone been through this and had to set up all new accounts etc ?
How good are the banks at doing all this without messing up all you DD's and other regular transfers ?

[Weaver]

My wife's elderly mother was frightened half to death by cyber on the BBC. She has no idea what cyber is, but it's something scary and dangerous. She doesn't know what TalkTalk is or whether she might be a customer or not, so she rang the number that the BBC was giving, in terror. The people on the help line, whatever it was, reassured her that she wasn't a customer.

This must be affecting a lot of old folks who are nothing to do with TalkTalk. Giving them a day of fear.

[sevenlayermuddle]

Disregarding, as any scientifically minded person would, anything that is published in the Daily Mail...

Based on latest news releases, providing you are not completely stupid, the worst that can happen is that the hackers would have access to your bank accounts for sole the purposes of depositing their money in your account.

Assuming the above scenario to be unlikely, the words 'storm', 'teacup', 'shame'  'on' and 'BBC' spring to mind.   Meanwhile, TT will be ultimately grateful no doubt, for all the free advertising - exactly as I predicted earlier.

 

[broadstairs]

Whilst in no way trying to diminish this current TT fiasco I do think that some of these stories are probably from earlier hacking successes. As I pointed out earlier in this thread a fiend of mine was targeted some 10 weeks ago and has this been successful he might well have had a problem with his credit card being raided, the virus would not have acquired banking details as he has never used internet banking but had he done it could have. Some of the press (and I suspect the Daily Fail in particular) may well be printing the stories in the way they think best for maximum effect.

I also doubt very much that any ISP is safe in todays environment. One security expert interviewed (from the USA) on BBC today said he feels that companies need to stop trying to buy protection and start investing detection and mitigation strategies so that when hackers do make it in their access is more easily found and the systems designed in such a way as to make it difficult to get past one system into another.

Stuart

[burakkucat]

The time has come, I think, for Baroness Diana Harding to be "moved on" . . .

Just wondering what would have happened (remembering that we have no real, solid, first hand information) if the ISP/CP targeted had been, say, A&A rather than TalkTalk? 

[sevenlayermuddle]

My own Dad was targeted by a scam call, in his latter years.

I shuddered as he told me, he's had a call about a problem with his AOL account, and how they'd 'helped him to install some software to fix it'.   

Thing is, many's the time I'd spent hours on the phone with Dad, trying to sort out computer problems.   

Dad was a high-flying number-cruncher in his day, and remained so until the end, but  remote computer support  was was never easy.  As it transpired the scammers had got no further that I ever did, Dad's computer was safe, owing to a combination of common sense and blissful ignorance.

[sevenlayermuddle]

Just wondering what would have happened (remembering that we have no real, solid, first hand information) if the ISP/CP targeted had been, say, A&A rather than TalkTalk? 

That is indeed an interesting thought.

I hold A&A in very high esteem and so I hope they would recognise the possibility it might happen, no matter how good their own 'housekeeping'.

Their response to the question posed would therefor be fascinating.

[Weaver]

Why A&A ? Out of interest.

They I think have a “no bullshit” policy of openness. I don't know if A&A have been subjected to a successful attack. RevK's well publicised political opinions regarding censorship net neutrality and openness on the Internet are probably such as to gain A&A some favour with the hacker community, so I would expect they don't have too many enemies amongst hacktivists, but then there are of course all the miscreants who just want money and have no opinions.

[AArdvark]

@weaver
I think you have answered the question.
They are seen as the antithesis of an ISP such as TT and it would be expected they have the right systems in place & know whether their data is encrypted

[burakkucat]

Why A&A ? Out of interest.

Your own comments, below, and the posts of 7LM & AArdvark that precede & follow your own post provide the answers . . . 

They I think have a “no bullshit” policy of openness. I don't know if A&A have been subjected to a successful attack. RevK's well publicised political opinions regarding censorship net neutrality and openness on the Internet are probably such as to gain A&A some favour with the hacker community, so I would expect they don't have too many enemies amongst hacktivists, but then there are of course all the miscreants who just want money and have no opinions.

[sevenlayermuddle]

Actually, despite the BBC's twaddle,  encryption is  largley irrelevant in this scenario.

In the case of an organisation with fundamentally insecure IT, encryption confers no benefit at all as the encryption keys (/passwords) themselves must be assumed to be compromised in any attack.

I'm certainly not defending TT.   They are, to me,  in personal opinion, the root of  much evil.   But I might, just might, be tempted to have a flutter on their shares on Monday morning, as I suspect they are  now on course for financial success. 

I ought to stress, despite the fact I have no idea whether I am required to do so...  I am most certainly not qualified to give financial advice and do not (yet) have any interest in companies concerned.   

[Weaver]

Btw, A&A is a customer of TalkTalk Business or Wholesale or whatever. A&A gets lots of wholesale local loops from TT.

[IMgoRt]

Actually, despite the BBC's twaddle,  encryption is  largley irrelevant in this scenario.

In the case of an organisation with fundamentally insecure IT, encryption confers no benefit at all as the encryption keys (/passwords) themselves must be assumed to be compromised in any attack.

I'm certainly not defending TT.   They are, to me,  in personal opinion, the root of  much evil.   But I might, just might, be tempted to have a flutter on their shares on Monday morning, as I suspect they are  now on course for financial success. 

I ought to stress, despite the fact I have no idea whether I am required to do so...  I am most certainly not qualified to give financial advice and do not (yet) have any interest in companies concerned.   

I'm sure I heard that this was simple SQL insertion on the childish website, so encryption as you said is irrelevant!