Talking of fraud attempts

[Deimos]

Earlier this year I got a letter from the UK DWP "Letter Forwarding Service" saying how the Prudential were trying to contact me and enclosing a letter and form from the Prudential.  All the stuff sent contained only my name and address (freely available from the phone book).  The information they ("Prudential") were asking for included stuff like NI number, etc.  Basically anybody with a £50 printer could have done it.  So I called the Prudential using the (different) telephone number from their web site checking - and they could neither verify or deny their attempts to contact me via DWP.  Basically they tried checking their systems but could find nothing.

So I wrote to DWP saying I would not respond as I had no reason to assume it was genuine and not a fraud to get more personal info about me.  All they wrote back was that the had checked and "complied with all their internal quality of service standards".  Again I pointed out how easy their "procedures" would allow somebody to collect personal info using their weak security system - and they just repeated that they had met their standards.

(Turned-out it was genuine as I went back through the only company I worked for who used the Pru for Pensions and told them to tell the Pru my details - but it would so easy for a fraud attempt to use such an easy system).

And people get surprised when government systems help fraud and identity theft rather then make it harder.  I can see how all the criminals out there must have thought all their Christmases have come at one with the UK ID card system.

Ian

[Framboise]

No doubt sending the unedited personal details of hundreds of thousands of people registered for child benefits through the ordinary  mail service on two discs,  without any special security bearing in mind the sensitivity of the information , also "complied with all their internal quality of service standards".

It was stated that to edit out the info that the National Audit did not request would have been "too expensive", therefore they ran-off everything (twice it seems as the first lot went missing as well), whacked it in the post then sat back as the next batch went awol like the first.     Presumeably sending these discs by courier or at least To Be Signed For was also "too expensive"?  

Now another monumental ****-up ensues as the office in question tries to blame the postal service and  shuffle the blame away from themselves, but I understand they have now sanctioned the search of certain rubbish tips to hunt for the missing discs. 

Is it any wonder fraud is rife??

[Gluestick]

Being our practice's Data Officer and the duly registered person with the Data Registrar, makes me perhaps overly cautious!

That said, when I receive telephone calls from what are quite obviously Indian Call Centres where the caller announces, in broken English, that they are BT whatever and then demands various bits of personal data to ascertain it is actually me, I then reciprocate by asking them how I know that they are actually the organisation they claim to be?

Otherwise, and of course, it might well be a wonderful of assembling critical information for an ID fraud: all you need is a telephone number and the fact that Mrs Y has a service/facility/account with a specific company!

End of call........................................

[Www]

 

[Framboise]

We had one of these purporting to be from Virgin Media to my husband's mobile (whilst we were in France)demanding we pay them via credit card over the phone because our D/D had bounced although he had no idea of how much it was for and had our address wrong.   We knew it had'nt bounced - we checked before we left UK - but this rude bloke at the call centre kept insisting we give him our details to which hubby hung up on him.   We later rang Virgin Media who told us that yes we had paid them and no they had' nt a clue who was trying to get money from us from a call centre in India as all their accounts etc are handled in UK.

You really do have to be so careful nowadays  

[Ron Avery]

Just  to get the story straight and remove all the assumptions and media number exaggeration, the discs were supposedly put in the Internal HMRC mail not the post box. Internal mail at HMRC goes as with many large organisations to a post room and is then sorted for internal and external distribution, external mail being put aside for collection by the private compamy who carry all HMRC mail.  The usual carrier of HMRC is TNT who are a private courier. If they had been put in an envelope with a stamp they would have probably got there by Royal Mail.

There were actually only 7 million sets of bank details on the discs, the other 18 million are an estimate of the number of children listed on the discs by date of birth.  However, there is no actual evidence that the discs were ever run off or even put into the internal mail and no fraudulent use of any of the data has so far occurred..

The problem is that you can have as many procedures, standards and rules in place as you like but without controls and checks they are worth nothing, the biggest threat to the security of any organisation comes not from outside but from its own "trusted" employees.  There is always somebody around who will bend the rules, only this time the consequences may well be dire.

[woolybanana]

So, the details of 25 million people have been put in danger because .... they may or may not have been chucked into the public domain by an incompetent idiot/ failure of procedures/dont give a damn attitude/ .... invent your own answer? There was a time when the Civil Service was known for its integrity. These days by its idiots I fear.

[Gastines]

Having a B-in L who was placed in H.M. Customs and Revenue as he was unable to get himself a job,.led me to ask the following question. Do you know anyone who actually wanted to work for this Dept after leaving school or university? It made me wonder where the majority of it's staff is recruited from?  It might explain why virtually every time you try and reply to a letter writer, they have left,are off sicky or are on a course.

By the way the B-in L left, after having 14 weeks training,he survived 2 weeks of trying to deal with the public.

Regards.

[Pads]

I have recently received a letter from my bank and a chocolate club that I belong to both asking for my bank details , after checking both neither of them sent the letters but sadley neither seemed bothered to do any thing about them, it seems the computer based scams have now moved to letters aswell [:(]  

[Pierre ZFP]

Well that is almost unbelieveable.  I've heard of some things in my time but that really takes the biscuit! I didn't know that such things even existed, is there no depth to which people will not go?

You belong to a chocolate club !!!???  [:'(]

 

[Ron Avery]

Bit of a job choosing to work for "this" department as you call it when it has only existed for a short while and embraces a lot of former well known organisations, so probably when anyone over 18 left school it did not exist.  I know a lot of people who wanted to work for Customs, but not the Inland Revenue which is what HMRC now embraces.  Also remember a lot of people go for jobs in the "Civil Service" once in, you get put into whichever department needs staff.  I have a friend in the UK who worked for the MOD for years then DWP and then got put into OFCOM!

[Framboise]

I worked in the Civil Service 25 years ago when at the time it was considered to be a good job with plenty of prospects and perks.   Many of the jobs that became available were sourced from within the boundaries of the Civil Service, ie. advertised within itself, thus you could travel around within it doing much the same job but in a different unit.

As to the loss of the discs, Royal Mail or private contractor it does not alter the fact that this information has vanished somewhere along the line, be it in the building somewhere or at the bottom of a mountain of trash at the tip.  Surely with things as sensitive as this,  it must have occurred to someone to either arrange a courier to deliver it into the National Audit's office by hand or perhaps a member of staff to take it there or collect it personally?   Its just incredible the cavalier fashion with which this was dealt with and all in the remit of saving money, because now it is going to cost a fortune to repair the damage done much less how stupid the perpetrators look now.

[Gastines]

Two points that come to mind regarding the lax,or lack of, security regarding the transferral of the information discs.

Acouple of weeks earlier the same people managed to lose,via a courier,all the required bank/addresses/policy details of 15000 Standard Life clients.

First point,in the well none words of seemingly all government departments," Lessons won't be learnt".

Second point. Obviously you have to be wary what you do with any money these days,as Mr Chancellor's dept invades everywhere. Perhaps that's why we have so many wealthy Drug Barons etc, I believe they only deal in cash?

[Pads]

[quote user="Pierre ZFP"]

Well that is almost unbelieveable.  I've heard of some things in my time but that really takes the biscuit! I didn't know that such things even existed, is there no depth to which people will not go?

You belong to a chocolate club !!!???  [:'(]

 

[/quote]

Yes its fantastic they send you a box of newly invented  chocolates every month I taste them fill in a card to rate them and send the card back and they are really yummy, They do a catalogue as well with some of the best chocs in and lovely ideads for choccie pressies[:)] 

[Will]

I can assure Ron and others that there are plenty of highly professional people in senior positions at HMRC who are there by choice, having joined the Inland Revenue and its various other former identities. Though some are indeed disillusioned by successive governments' desire to 'dumb down' the entire civil service - and the  tax offices in particular - by moving everything from where they choose to live to areas of high unemployment and cheap rentals, and use inexperienced, inadequately trained labour and sub-contracted services. The work they had previously done to build up the service as a customer-focused and efficient system has been largely undone.

But this can be countered by the fact that at high level HMRC, DWP etc are well aware of the potential for fraud and misuse of data, particularly where this is done with collusion from within, and have some very sophisticated systems in place - which involve their counterparts in other European countries as well as other UK government departments. So although the service may appear to be bumbling and incompetent, it is not really so.