Sim Swap Fraud

Numbnut01 · ‎19-07-2023

Why won't EE admit fault?

I was working in Germany in October 2022 and someone contacted EE pretending to be me and got through part security. From all of the information I have and from the ICO's investigation, which backed up my claim, they did not follow their own security guidelines and did not confirm that the caller was actually me by ensuring the security code was sent to my phone. Due to this I have had credit taken out in my name which I have had to work hard at getting returned, they blocked my emails with rules so I didn't receive them, they had access to my eBay, PayPal and Amazon accounts too.

I only knew about this once I arrived at my hotel in Germany and got on the WIFI only to receive a PAC request confirmed and that I was moving to O2.

Currently the case is now sitting with solicitors and I ask anyone who has had this issue contact me and I will forward information on to you regarding the case and maybe help you out too.

I found it disgusting that after all I went through and the grief I have had sorting this out I was offered a £50 goodwill gesture. Not good enough. I will be leaving EE very soon, Poor service, over priced rubbish reception and the worst customer service I have ever received.

Alex_M · ‎19-07-2023

Hi @Numbnut01,

I'm assuming that they passed security some other way then, possibly confirming billing date and amount, so your information must have been leaked somewhere or you had been phished in order for them to get your information.

I understand the frustration with EE with them not sending the OTP, but this could have happened with any company - if for some reason you cannot receive the OTP (network outage, broken sim) then they will try and confirm your identity another way. I guess the whole reason this happened is because your data was leaked elsewhere.

If you are making a complaint about EE, please follow the complaints code of practice to ensure it is dealt with correctly.

Thanks,
Alex

If I solved your issue, please click the solution button below!

If you found my post useful, click the thumbs up button!

Northerner · ‎19-07-2023

Hi @Numbnut01

Sorry to hear about your situation, my worse nightmare tbh. Good luck and keep us updated.

Sadly the easiest way into an EE user account is the EE App which has no two stage authentication or authentication app security check. Sadly in this digital age the damage somone can do is horrendous (as you have encountered) yet still in 2023 the EE app security is woeful.

Thanks

To contact EE Customer Services dial 150 From your EE mobile or 0800 956 6000 from any other phone. You can call Freephone +44 800 079 8586 on Skype

EE standard opening hours are Monday to Friday, 8am to 9pm - Saturday and Sunday, 8am to 8pm.

hoochmanza · ‎30-10-2023

Hi Numbnut01 - exactly the same has happened to me. With me, they do seem, on the phone, to have admitted fault.

I'd love to know how you've been progressing your case. I've started off in the right way I think (I have a complaint in process about how the PAC number was generated without my request and without 2FA and also about EE customer service in general around the way that all this has been handled.)

Any insights you can share will be greatly appreciated - I want to make sure I'm properly tooled up for this.

regards

hoochmanza

Numbnut01 · ‎30-10-2023

Whilst I understand what you are saying I have to disagree that any person impersonating should ever be able to get past the 2nd security stage. This was also found as an EE failing in my case by the ICO when they investigated. The person impersonating myself requested upgrades as they had no data, if it had been checked at this point then it would have been found I had plenty of data left. The caller also called from a different number, most likely but can’t confirm as EE will not release the call log information, they said the phone was faulty. It is at this point EE should have stopped and completed secondary checks, they should have requested the caller put the account active sim into an unlocked phone to receive the OTP or if the sim was damaged make sure they go to an EE store for identity checks.
it is a failing of EE no matter what as they failed to follow their own guidelines on this matter and as I have already stated this was also found and documented by the ICO.

it is now in the hands of solicitors so I will let them fight it out.

Numbnut01 · ‎30-10-2023

I have now left EE thankfully, it was more difficult for me to get a PAC number than the fraudster to gain access to my account.
Ask for all data on your account ref the issue on the information request form. If you get nothing then or no information about the PAC request fraudulently made then send a request to the ICO (information commission office) they have more power to request the details and investigate the case. If they find in your favour then unfortunately you will in all likelihood be offered a minimal credit, as I was, on your account. I didn’t accept it and I am taking them to court for data protect breach from the UK equivalent of the GDPR. They were negligent with my personal data and should be liable for it.

hope you are not out of pocket over this? I still worry about when the next credit company are going to come asking me to repay for something I never had.

regards

hoochmanza · ‎30-10-2023

Thanks Numbnut - I have already asked for all the data in relation to this. That will be delivered to me under a DSAR shortly. I will be going to ICO as a matter of course and am also considering legal action under GDRP regulation also. I also agree with your statement re EE's negligence. And they havent exactly covered themselves in grace in terms of service restoration and customer service to restitute. Part of me thinks it is so commonplace that they have a process to deal with these cases - which involves a little as customer service as possible. One slight difference to your case : my subject access request will show that EE have admitted liability. (Several EE staff have said that and it will be on record - which I assume will make interesting reading for the ICO, alongside the number of cases recorded on this forum alone ...)

angryoap · ‎11-01-2024

I too have found myself in a similar situation. It would be helpful to know which solicitor you are using and whether you are making any progress. I just seem to hit a brick wall everywhere I turn. EE knew that I had my phone in my possession and that the other phone on the account was in the possession of the righful owner less than an hour before they issued a PAC code to a scammer who must have claimed the phone was either lost or stolen. EE have confirmed the number the scammer called from wasn't that of either phone on the account. There are many other issues which I won't go into in detail on this forum that are a cause of great concern.

Justchrisr1 · ‎04-04-2024

What has the outcome with this please?

Same happened to me, scammer gave the wrong password and agent miss heard them and gave Access to my account,

Matter with my solicitor now

angryoap · ‎04-04-2024

Could someone tell which which solicitor has taken this on please as I'm struggling to find one. I had notified EE that I suspected fraudulent activity on my account less than 50 minutes before they issued the PAC code to the scammer yet they do not accept any responsibility whatsoever. I rang from my phone, the scammer said the phone wasn't working. What more evidence did they need that this was a scam??