TalkTalk customers are being targeted by an industrial-scale fraud network in India, according to whistleblowers who say they were among hundreds of staff hired to scam customers of the British telecoms giant.
The scale of the criminal operation has been detailed by the three sources, who say they were employed by two front-companies set up by a gang of professional fraudsters.
The sources describe working in “call centres” in two Indian cities.
They say as many as 60 “employees” work in shifts in each office, phoning TalkTalk customers and duping them into giving access to their bank accounts.
The whistleblowers say they were given a script in which they were told to claim they were calling from TalkTalk.
They say they then convinced victims to install a computer virus.
A separate team would use that virus to gain access to victims’ online banking, they add.
While it has not been possible to independently verify their claims, the sources have given highly detailed accounts of the scammers’ tactics, which correlate very closely with previous reports of fraud targeting TalkTalk customers.
The software they named also matches that identified by TalkTalk in its own website guidance on what to watch out for in a scam call.
In addition, a victim of the fraud shown the call centre script has confirmed it matched the one read out to her when she was conned out of £5,000.
TalkTalk was hit by a cyber-attack in October 2015, but that hack appears to be unrelated to the Indian fraud.
Instead, it is alleged the scam is linked to problems in a company hired by the British broadband provider.
In 2011, TalkTalk outsourced some of its call-centre work to the Kolkata (Calcutta) office of Wipro, one of India’s largest IT service companies.
Last year, three Wipro employees were arrested on suspicion of selling TalkTalk customer data.
A source in Kolkata, who did not want to be named, alleges the same data was obtained by a criminal gang, with USB sticks full of data trading hands at parties.
The criminals then used the data to operate at least three call centres, according to the whistleblowers, where staff work in shifts earning about £120 per month to perpetrate an intricate but highly successful scam.
They say they phone TalkTalk customers, using the stolen data to convince victims they are genuine employees of the company.
They then convince the victims their computers are infected and offer to fix the problems.
Through this, the whistleblowers say, the victim is tricked into installing a virus that gives the scammer complete control over their machine.
The victims are then offered a compensation payment, for which they must log in to online banking, they add.
Thanks to the virus, the fraudsters are able to gain access to the victims’ bank accounts when they log in.
They say they use various methods to spirit away the money: in some cases pretending to make erroneous overpayments, then convincing victims to repay the extra amount.
In other cases, victims have said the scammers were able to set up a new payee without their knowledge and transfer the money out of the account directly.