TalkTalk breach: Lawyer warns to be alert for fraudsters


An Ulster lawyer has warned TalkTalk customers to be alert to criminal attempts to exploit data hacked from the company last week.

Over the weekend the company said that data stolen in the cyber attack does not allow criminals to plunder customers’ bank accounts.

But Jonathan Burke, director of criminal law at McConnell Kelly solicitors, warned that there could still be attempts to use the stolen data – which included names, addresses, dates of birth, phone numbers, email addresses and banking details – for criminal gain.

Mr Burke said that the tricks would include fake links in emails, and bogus phone calls – including sophisticated scams where you think the fraudster has hung up when in reality they still have control of your line so when you think you’re calling your bank back you’re really calling another member of the crime syndicate.

TalkTalk said complete credit card details are not stored in its system and that account passwords were not accessed.

“We now expect the amount of financial information that may have been accessed to be materially lower than initially believed and would on its own not enable a criminal to take money from your account,” a spokesman added.

TalkTalk chief executive Dido Harding insisted customer bank details have not been compromised.

“The financial information they have on its own is not enough for them to access your bank account,” she told Sky News.

Baroness Harding warned customers never to give out financial details if they are contacted by phone or email by anyone asking for personal information.

“TalkTalk will never call you and ask you over the phone to give your personal financial information, we will never call you out of the blue and ask you to give us access to your computer,” she said.

All TalkTalk customers are being offered free credit monitoring as they could be at risk from fraudsters using stolen details to impersonate them.

Consumer group Which? insists TalkTalk customers affected by the breach should not have to pay a penalty fee to break their contract.

Richard Lloyd, executive director, said: “We expect that any affected TalkTalk customers who want to leave their contract should be able to do so without penalty.”

Police are investigating a ransom demand sent to the telecoms giant following Wednesday’s attack.

TalkTalk was contacted by someone claiming to be responsible and seeking payment, but was not sure if the message was genuine.

The latest breach is the third in a spate of cyber attacks affecting TalkTalk in the last eight months.

How to protect yourself

Lawyer Jonathan Burke says these seven steps can help defeat cyber criminals.

1) Be suspicious if an email requests a reply containing personal information or for you to click on a link. Type a website address manually as even domain names closely resembling official sites can be used by criminals to appear authentic.

2) Change passwords regularly. Despite the hassle, change your password information regularly and do not reuse the same password for different accounts.

3) Monitor your bank accounts on a regular basis. Cyber-attacks often start with attempts to remove small amounts in the first instance, then larger amounts are stolen at a later stage. Speak to your bank about any concerns.

4) Be social media savvy. Make sure your social networking profiles are set to private. Check your security settings and be careful what information you post online. Once it is on the internet, it is there forever.

5) Secure your wireless (wi-fi) network. Wi-fi networks at home are vulnerable to intrusion if they aren’t properly secured. Be aware that public wi-fi (hot spots) are also vulnerable. Avoid using these networks for financial or corporate transactions.

6) Callers from proper banks will not ask for bank passwords. Anyone who does so could well be a fraudster.

7) If you’re advised to call a number back to check, don’t use the same phone as sophisticated fraudsters know how to beat the system by keeping the line open. Find the official number from Google and then call it from a different phone.

For more advice, call Action Fraud on 0300 123 2040.