today's security fail...

[juliet]

Send email to TMobile re billing. (By the by, my preferred method of contact is stated RIGHT THERE as being email, but no matter.)

Receive phone call from TMobile 5 min later. Hello, this is about your email. Great. Can you please give me your password? No, because I'm not prepared to give out my password to someone who calls me claiming to be from TMobile, because hey, how do I know who you are?

This does not fit the script. We go through various versions of "but we have to go through security before talking about your account" and "yes I am from TMobile, it's about your email", before I finally say "look, can you just email me about it? thanks".

FAIL. Now, can I be arsed with emailing them to complain about their poor security procedures?

I might have phoned them back, but it was an 0845 number & the whole point of the complaint was that they're charging me outside of my plan for 0845 numbers.))

Comments

[pauamma]

A few years ago, my bank account rep. was very dismayed when I pointed out that my (printed) bank statement had all the information needed for anyone coming across it to social-engineer my online banking password from their help desk. (I'm still not sure whether she was dismayed about the security hole itself, or that I noticed.)

[flick]

The former, I suspect: I've pointed it out many times to my bank, and been told that it's not a security risk. See also Verified by Visa, the security on which can generally be overcome with that fantastically rare set of data, ones account number, sort code and date of birth.

I'm now rather resigned to it, and find the most annoying thing to be the fact that if I ring back immediately (as they request) the new person I speak to is invariably locked out of my account because the first person is still logged into it....

[purplecthulhu.livejournal.com]

Pillocks... At least when banks have phoned me about something and I ask them to prove who they are they understand the issue.

Good luck!

[damerell.livejournal.com]

American Express got this one wrong last time they wanted to tell me something. Muppets.

[e-dan.livejournal.com]

Yeah, one of my banks over here phones and asks for the first letter of my mother's maiden name, which freaked me first time but now I think is...still fairly crap but better

[bob]

them beign out of plan is quite normal.
vodafone does actually tell you this before the connecting the call.

[juliet]

Thing is, they've started including them in the *new* Flext price plans but not the old ones. bah.

[pir.livejournal.com]

If you get anywhere with complaining about it, let us know...

One thing that helps is http://www.saynoto0870.com/ and the android app (you have a G1, don't you?) 0870 which will forward numbers to the alternate numbers in the db automagically when you have it turned on.

[i-ludicrous.livejournal.com]

saynoto0870 is great, but for this kind of situation, how do you know the alternative number is actually for T-mobile??

Duncan

[juliet]

ooh! Thank you for the tip! (Yes, I do have a G1 now. Shiny!)

[wezpez.livejournal.com]

T-Mobile are annoying me now too. They have decided to start charging me for voicemail calls on my new plan when they have always, always, always been free before :(

[holoaddict.livejournal.com]

I left T mobile last year for that reason. They charge for Vmail outside of rates, they charge for everything possible and give appalling service.

Goodbye T mobile...I'm now saving £13 per month with 02 and have a reliable phone!