tag:blogger.com,1999:blog-3993498847203183398.post4724889418046285776..comments2024-03-28T09:19:27.451+00:00Comments on RevK<sup>®</sup>'s ramblings: What is the scam here?RevKhttp://www.blogger.com/profile/12369263214193333422noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-3993498847203183398.post-14390580767546145022018-06-12T17:02:04.908+01:002018-06-12T17:02:04.908+01:00Well this is really nice and i think you raised a ...Well this is really nice and i think you raised a good point!Max Toddhttps://hackeroffice.com/noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-67839881622288040102017-06-29T06:33:22.499+01:002017-06-29T06:33:22.499+01:00It does rather bring home the point that SMS is no...It does rather bring home the point that SMS is not suitible as a component of 2FA...Anonymoushttps://www.blogger.com/profile/18158312606191961421noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-15399257284463543202017-06-28T18:28:21.336+01:002017-06-28T18:28:21.336+01:00I've worked for a CP where it's been readi...I've worked for a CP where it's been readily available, a good many years ago they stopped logging message content unless the customer specifically required it.<br /><br />Obviously these services are *not* intended for person-to-person communications, but for automated SMS messages (e.g. transactional sms, 2FA etc) and responses to these, so the use case is a bit different from a typical MNO.Rosshttps://twitter.com/rsmcknoreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-72616220824140685352017-06-27T11:00:38.155+01:002017-06-27T11:00:38.155+01:00If was an SMS sent by EE (e.g. a marketing or serv...If was an SMS sent by EE (e.g. a marketing or service message), then there's a strong chance it would be on the CRM notes.<br /><br />If a customer communication, then that's a little worrying.Anonymoushttps://www.blogger.com/profile/18427000118752159232noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-80336399647286264152017-06-27T09:43:02.551+01:002017-06-27T09:43:02.551+01:00Ha, we don't make it that easy.Ha, we don't make it that easy.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-5329044258080125002017-06-27T09:27:51.347+01:002017-06-27T09:27:51.347+01:00I've had second hand stories of a friend who c...I've had second hand stories of a friend who called EE about a text message he was sent.. the agent, with minimal fuss, said "Oh yes, I see the message" and started to read back the content.<br /><br />EE agents appear to very easily be able to view previous SMS content.<br />(Not first hand experience though, an experience a friend had and told me about).1https://www.blogger.com/profile/04266030296611845502noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-646587963965819892017-06-27T08:21:27.611+01:002017-06-27T08:21:27.611+01:00Oh, and of course, we are not routinely looking at...Oh, and of course, we are not routinely looking at people's SMS or CDRs. This came to me because of the fraud.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-25374047987340221712017-06-27T08:20:46.478+01:002017-06-27T08:20:46.478+01:00This is even in the CDRs we send by default (as is...This is even in the CDRs we send by default (as is the case for these numbers). You can expect every SMS ever sent or received will have been logged by multiple telcos, I am sure. Why do you think I like iMessage, and Signal, and so on.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-63721510926589191542017-06-27T08:17:34.369+01:002017-06-27T08:17:34.369+01:00Call me naive but I'm most concerned about a p...Call me naive but I'm most concerned about a provider knowing the contents of a customer's SMS. Obviously I understand that it's technically possible but is it so easy that it's so routine and easy that you'd do it for a blog post?Steve Hopkinshttps://www.blogger.com/profile/01060389132752495657noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-82805672806859101032017-06-27T05:45:30.556+01:002017-06-27T05:45:30.556+01:00The information you published doeanot relate to an...The information you published doeanot relate to an identified or identifiable individual, so no DPA issue.RSchuhttps://www.blogger.com/profile/06595169738713509573noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-24454988283223322522017-06-26T21:50:37.904+01:002017-06-26T21:50:37.904+01:00Valued Opinions is a market research company (http...Valued Opinions is a market research company (https://www.valuedopinions.co.uk/) and they pay people to opine on various matters.<br /><br />Try a Google search on "Valued Opinions verification code" - include the quote marks! You can see various disposable SMS numbers with that very same text but different authorization codes.<br /><br />I assume the scam is that he's attempting to defraud the market researchers by claiming multiple quantities of whatever incentive by using multiple mobile numbers.<br /><br />Obviously if they're fake particulars that he's supplying to yourselves then it sounds like Valued Opinions have stopped sending codes to disposable SMS numbers and require a mobile number which has yet to be used with them.<br /><br />Depending upon the frequency of the applications you're receiving it sounds like he's running a bot in order to make as many applications as possible. I suspect you're not the only company he's targeting.Anonymousnoreply@blogger.com