this post was submitted on 27 Sep 2024
428 points (98.9% liked)

Technology

59339 readers
5058 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 20 points 1 month ago (2 children)

They likely buy leaked data that would include things like your full name and email, perhaps an address. Even if an address isn't there, legal data brokers often have your address for a small payment anyways. From there they likely use something like Google Street view.

[–] [email protected] 5 points 1 month ago* (last edited 1 month ago)

I worked for an ISP that uses Openreach's infrastructure in the UK. In order to make changes to customer installations or repairs we had to call an Openreach Contact Centre. These were basically big call centres in India. Many of my customers got contacted by scammers from India shortly after me contacting Openreach about their accounts using information like their address, contact details and information about the work they were receiving, and demanding things like card details to ensure the work went forward.

It was obvious Indian workers in those call centres were taking pictures of customer account details and using that info to scam those customers, but my company refused to do anything about it because we "lacked evidence" and just told us to let customers know any communication about their accounts would come directly from us and we'd never ask for any card details etc.

I'm certain any other companies, whether UK or US, that use centralised admin from India and similar places with poor security will be plagued with these exact same issues.