Scam/Fraud?

Hello

Just looking for some advice from my friend.

My friend has Virgin installed and happy with that.
Lives at home with family.

All of a sudden he gets a text from openreach saying they’re due to come out and install a new line this week.
He hasn’t ordered anything and checks with family who haven’t ordered broadband.

(I work in broadband sales myself so have asked if he or they were cold called but he is adamant none of them had been)

In a bit shell we find the ISP is Shell Energy and order was placed 2nd feb 9:50am online.
All details used were my friends real details; bank account, sort code, address, name, mobile number and email.
No details are linked to ANYONE other than my friend.

So my question is, I’ve said it sounds like someone he knows is pranking him because I can’t see why a scammer would order broadband to the victims address and not use any of their own contact details?

As I work BT I can say it’s extremely rare we deal with broadband scams, mainly mobile phone fraud so this has baffled me hehe

Any advice would be greatly appreciated
Thank you for taking the time to read

I would have initially said it’s just “slamming” (where an order is mistakenly placed against the address, usually by a neighbour).

However bank and personal details are something else more sinister. Your friend sounds like he’s the victim of identy fraud / theft or a rather stupid “prank” by a contact or acquaintance that has access to his personal details. Unopened post left lying about in communal areas / insecure post boxes is an easy target for scammers as well as the now ubiquitous online fraud/theft.

He should contact Shell immediately to cancel any such order, check with his bank that there are no direct debits etc that have been setup (for this or anything else - get them to run through the full list of DD mandates) and cancel these.

Furthermore he should check with his credit reference agency whether any other applications for credit or accounts have been opened in his name that he is unaware of. This could unfortunately be the tip of the iceberg. Hopefully not but better to get back on the front foot pronto and do some investigation. If needed the credit reference agency can place various tags/note on his account (CIfA) to act as a marker for any future applications against his name / credit history that additional fraud checks should be carried out. This is to protect him from additional scamming that could be coming his way.

Edited by Pheasant (Wed 16-Feb-22 10:12:18)

Thank you for your reply

I got him to cancel the order with shell already and he has contacted his bank N
I also advised him to check with all credit referencing agencies.
The bank confirmed only that ONE direct debit had been set up and no other fraudulent activity.
14 days between order was placed and him contacting them all so in that two weeks the scammer hasn’t tried for anything else.
Which is odd isn’t it?

If it is a real identity theft, then they could be testing and could try again weeks or months later….

He needs to move on it asap and unfortunately he will need to keep a regular hawk eye on his credit history / account for a while and look for any new applications. He should alert his credit agency as said, so that they can setup CIFA on his account. They should do this as he has been a victim of impersonation. It may need Shell to provide evidence.

This is a real strange one, if someone was going to test the water with your bank details why would they alert you that they are doing it by using your mobile no, home address and email address? it really doesn't add up.

Edited by deleted (Wed 16-Feb-22 12:51:26)

We had a somewhat similar mysterious case which we first thought to be an admin mistake but later turned out to be a clever fraud attempt. Caught because we had taken the steps Pheasant suggests and the bank was on the ball. Sad reflection on our times isn't it?

Has Shell confirmed (in some form of writing) that the order has been cancelled?

If not, VM can cancel it as an Ofcom-specified last resort.

A communication should have been received long ago from VM anyway telling them when the leave date is and any monies or refunds due. That may not have been opened/read, on the assumption it is a normal "billing/invoice" email.

As has been said, the fact whoever placed the order has the bank details is very concerning. It clearly isn't just a "genuine" ordered by someone who accidentally entered the wrong address.

Another though! Possibly a bit awkward for him.

If VM haven't notified him of his leaving, could it just be an additional line? Even ordered by a family member, who would have access to the personal data?

Or had there been a house-party held by the children earlier in the year?

I'm just trying to think of all possible ways it could have happened.

In reply to a post by pluralist:

A communication should have been received long ago from VM anyway telling them when the leave date is and any monies or refunds due.

Why? It's a new line being installed, not takeover of an existing line (which is probably cable anyway).

In reply to a post by Pinkhaze999:

All of a sudden he gets a text from openreach saying they’re due to come out and install a new line this week.

Edited by jelv (Wed 16-Feb-22 13:54:46)

I didn't realise you cannot yet migrate from VM to an Openreach connection. We know the existing connection is VM. A new line installation being needed in either scenario. Though maybe only reconnection at the cabinet and a check of the master socket not having been cannibalised if there had been one in the past.

However, he should have received a welcoming confirmation and other details within a couple of days, if not the same day, from Shell. Even allowing for Shell needing a date from Openreach. Not just a fortnight later from Openreach.

If we assume the new direct debit was to Shell, things get even smellier. If the order was placed online, some form of 2FA is required by most banks. Mine taking the form of my physical bank card and a domestic reader issued by the bank, with an online exchange of codes.

If it was an unrelated new d/d, then how is anything happening at Openreach?

If it wasn't done online then it would have been by phone, (interestingly - which?), with snail-mail exchange of Ts & Cs and bank details.

I strongly suspect things have gone on at home that the friend is not aware of. How else could 2FA take place? Just knowing all the normally required details at some other location wouldn't cater for that.

Edited by pluralist (Wed 16-Feb-22 14:34:39)