cancel
Showing results for 
Search instead for 
Did you mean: 

Debt Recovery Agency - AKA Telegram Office

N/A

Debt Recovery Agency - AKA Telegram Office

[edit]
**** PLEASE NOTE THIS HAS NOTHING TO DO WITH THE WEBMAIL INCIDENT ****
[/edit]

I had a strange voicemail left on my work's phone today...

"This is Adam from the Telegram Office please call 01252 blah, blah and quote reference blah"

I did, but because it was after 5pm their offices were closed so I left voicemail.

However I continued to curious ond googled for "Telegram Office" and didn't like the results I got, with details about high pressure phone techniques and debt recovery.

Anyone got anything similar recently?

Now, just for the record, I have no debt.

What I'm wondering is what data could have been obtained by the criminals from the webmail incident?

I've never used webmail, but if copies of all my questions, service messages etc. were sitting there than there is plenty there for someone to have a go at identity theft or other activities I can only begin to imagine.

Can someone from PN please provide me a breakdown of exactly what information about me could have been obtained, based on an examination of the compromised machine.

Drop me a PM when you have that.

Regards,
Steve
25 REPLIES
Aterlatus
Grafter
Posts: 114
Registered: 01-08-2007

Debt Recovery Agency - AKA Telegram Office

I once had a txt message suggesting it was from LloydsTSB and asking me to call urgently. I did so, and the first thing they said before I gave over even a name was "Can I have the long number from your debit card please?"

I laughed and hung up.

Moral of the story is opportunists will try anything and there's no saying that this isn't one of those cases. Your best bet is to call the company directly yourself rather than waiting for a return call - you know you're through to the real deal then and not some sham.

I still wouldn't give over any personal details though. It's not unknown for entire fake sites to be created in order to fulfil a scam.
N/A

Debt Recovery Agency - AKA Telegram Office

Quote
Your best bet is to call the company directly yourself rather than waiting for a return call


The current advice out there on the net is to ignore them.

What I'm trying to find out is has anyone had anything similar since the webmail incident. I'm worried this might be a new tactic used by the Russian Mafia or whoever it was that performed the breach.

Steve
Aterlatus
Grafter
Posts: 114
Registered: 01-08-2007

Debt Recovery Agency - AKA Telegram Office

Oh yeah, and if you want to do a quick double check just to make sure there's no identity theft involved then the credit reference agencies allow you to run a credit check online (possibly a small fee involved) where you can see all credit taken out in your name for the last 6 years.

Experian
Equifax
chrisc
Grafter
Posts: 688
Registered: 19-04-2007

Debt Recovery Agency - AKA Telegram Office

The only information obtained by the hackers were email addresses. No personal details such as credit cards, phone numbers, addresses etc were taken during the incident.

It seems that the phone call you received is most likely an opportunist 'company' trying to take advantage of people willing to give their details out over the phone.
N/A

Debt Recovery Agency - AKA Telegram Office

So, you've told me what the hackers did not get.

I'm asking for a copy of what they did get.

Please will you provide me a copy of all the information that was held on the compromised web mail server(s) pertaining to my account.

Since I have never used webmail, there should be no information on the account, but this obviously wasn't the case as the spam in my inbox demonstrates.

Would a copy of any of my Service Messages or Questions I have raised with support be there. That seems a possibility to me. And if that is the case there will be plenty of my personal information for hackers to have a field day with.

So please, put my mind at rest an supply me with what I need.

However, the fact that I haven't been given wat I have asked for so far gives me cause for worry.

Do I need to raise this as a support question to get this information?

Do I need to make an application under the DPA?

Because I'm damned sure that the question I am asking is reasonable.

Steve
chrisc
Grafter
Posts: 688
Registered: 19-04-2007

Debt Recovery Agency - AKA Telegram Office

This is not information that is held by the CSC and you would need to make a DPA request to us for access to this information.

Full details of how to do this can be found in our T's & C's section 19 here.
N/A

Debt Recovery Agency - AKA Telegram Office

Quote

I'm asking for a copy of what they did get.


Quote

The only information obtained by the hackers were email addresses.


Also see here for a FAQ and here for a full report on the incident.
N/A

Debt Recovery Agency - AKA Telegram Office

Is also worth mentioning that the mail servers themselves weren't compromised, only the webmail interface.

Harvested e-mail addresses appear to have been taken from profiles on the webmail server, server logs and webmail address books.
Aterlatus
Grafter
Posts: 114
Registered: 01-08-2007

Debt Recovery Agency - AKA Telegram Office

Quote
Quote
Your best bet is to call the company directly yourself rather than waiting for a return call


The current advice out there on the net is to ignore them.


Ahh of course, my apologies if I was misunderstood. I was thinking more along the lines of when you already have dealings with the company. You're better to use a name and number you already have than to trust one they give you (how many emails have you had from an american bank asking you to confirm your login details? ;p)
Community Veteran
Posts: 26,339
Thanks: 595
Fixes: 8
Registered: 10-04-2007

Debt Recovery Agency - AKA Telegram Office

Quote
Please will you provide me a copy of all the information that was held on the compromised web mail server(s) pertaining to my account.

Since I have never used webmail, there should be no information on the account, but this obviously wasn't the case as the spam in my inbox demonstrates.


The email addresses obtained were not restricted to those held against your account. If any other Plusnet user had ever sent you an email using webmail (irrespective of whether it was in their address book), the spammmers now have that email address.

In addition, as stated in the incident report when the @mail system was set up it was primed with the details of all the accounts active at that time. Going by your join date, I think that would include you.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
N/A

Debt Recovery Agency - AKA Telegram Office

So the spammers only get 'email addresses' that's what everyone seems to be claiming.

The FAQ quotes
Quote
We are confident that personal details such as names, phone numbers, addresses and payment details have not been obtained. All the evidence we have points to a deliberate mining of email addresses only.


However it seems likely that the spammers|hackers|criminals would have been able to access the body text of any emails held by the webmail system.

It's easy to harvest mail addresses, that would be done first. Then it's on to the more 'interesting' stuff over a period of time perhaps? Trawling through email bodies may be time consuming, but enough info for an identity theft would make it worthwhile, considering that our dustbins are sometimes being raided to obtain enought details to do this.

So, perhaps you had an email in their from your bank confirming a change of password. Perhaps there was some personal information from your online utility account, some details of your phone numbers, addresses or the like.

Have you ever sent a mail to your mate saying give me a call on 01xxx xxx xxxx? Wouldn't that be in your 'sent folder' ?

I know I've given my works phone number when replying to braodband fault query, and if a copy of that got sent to my webmail address then that's why I'm sitting here wondering...

Why have I suddenly got a call from a debt recovery agency when I've never had one before in my life.

Personally I would have expected the staff at PN to be currently bending over backwards to explain to me that isn't the case and helping me with the information I need.

However it's noooo, if you want to find that out use the DPA. What's the point of making it difficult for me. All you are going to do is make me more annoyed at having to go through a time consuming and formal procedure to get to some information that, by law, I'm entitled to.

The agency will be calling me back on Monday at 9.00 am and I'm already loosing sleep and worrying about this. Wouldn't you if this had suddenly, out of the blue, happened to you?

What I need is some re-assurance now to stop me worrying and to help me plan my conversation with this debt recovery agency on Monday.

I'm not gonna get that by raising a DPA enquiry am I?

Can someone from PN even with a discalimer that to the best or our knowledge etc. etc. find out if there were any personal details that could have been got by the <insert degrogatory term here> who hacked the webmail servers.

I might help you answer this if you know that I have never used webmail before.

Surely this just a matter of checking a few setting, a quick scan over my webmail inbox and so on. Please consider this authorisation to do so. Phone me up for authorisation, whatever it takes.

Gome on PN guys, help me out here.

You're being to damned evasive for my liking.

Steve
GersFans
Grafter
Posts: 191
Registered: 30-07-2007

Debt Recovery Agency - AKA Telegram Office

Quote

What I need is some re-assurance now to stop me worrying and to help me plan my conversation with this debt recovery agency on Monday.


First off, I doubt very much that Plusnets system was compromised to the extent that any "identity theft" has taken place, I believe Plusnet are legally obliged to inform us if our personal information was indeed accessed.

About the Debt Recovery Agency, well, calm down...

DRA's often use outdated information to track down debtors, so chances are that your name is similar to a client who has/does live in the area or left a long time ago. So this may simply be a case of mistaken identity.

Speak to them and ask them to state thier business with you, if your unhappy with the response you get from them (ie. you owe them cash and you KNOW you don't)ask for what they state in writing.

Don't quote me on this, but I believe they have to at least try and contact you several times before they can act on any orders or such, they must have made an effort in a particular timeframe to enable you to settle the "debt", if they haven't kept to thier side of the law then the law is in your favour.

Also remember that identity theft is becoming a big issue now, banks are aware that it happens so should you be subject to it the banks will assist where possible to prove the fraud, its in thier best interests to do so.

So calm down, speak to the agency and find out what they are after. Then take appropriate action.
Sandro
Grafter
Posts: 134
Registered: 21-08-2007

Debt Recovery Agency - AKA Telegram Office

Quote
Quote


I'm worried this might be a new tactic used by the Russian Mafia or whoever it was that performed the breach.

Steve


Wouldn't it be spoken with a heavy Russian accent? :-)

Jokes apart, but last week my wife's banking account was broken in via Paypal... We received a confirmation from PalPal saying that £380 were successfully transfered as a donation to some shady yahoo.co.uk email. The email had my usual extention, but the first word was jibberish. The email had her name, but our home address was slightly wrong.
The fan is that my wife HAS NO any PayPal accounts and never had... She never used her banking account for internet transactions - for that we use a separate account at my name. And all our snail mail is also shredded.
Just to share my experience of late... Doubt it has anything to do with the recent webmail security breach though.

Concerning the call - it does look like some confidence trickster enjoying himself, I wouldn't have bothered to ring back.
Aterlatus
Grafter
Posts: 114
Registered: 01-08-2007

Debt Recovery Agency - AKA Telegram Office

Hey, don't be putting words into my mouth. I didn't say that ;p


Anyway, Russica - Russian Mafia... it was you! *hides from the inevitable polonium attack from knowing "the secret"*

I'm guessing with that email your wife got there was a handy link to paypal so she could go and confirm/query the action. A handy link that'd show you "paypals" frontpage where you put in your username and password, only to find your accounts cleared out a week later. Just like the emails we get from "our banks" telling us our account is compromised and we have to go and re-enter our details or face account closure.

Damn these phishers, damn them...