No system holding your private information is failing

Yesterday somebody called my wife. She didn’t pick up. Today (Saturday), upon picking up, the voice on the other hand presented himself as a Vodafone emploee. He said one of Vodafone’s system suffered some data loss and they wanted to check some personal information.

We recently moved, so my wife assumed that it might have been related. On the other hand she hears from me the worse stories about phishing and scamming that she got suspicious. She thought: “Why aren’t they sending me an email or a letter?” and she asked to be called one hour later, when I could have picked up the phone. The caller pushed back, saying it would only take 20''. She pushed back again, so he agreed to call back.

I know no systems containing the sort of information you could give on the phone would fail without a backup lying around. Especially for a company the size of Vodafone.

But maybe my wife misunderstood something, it could have been related to a new contract, etc. She said that on the background many people were talking, like in a real call center.1

So I called Vodafone myself. The lady on the phone told me I was the third person that day notifying them about it. She told me no systems had failed.

“Good”, I thought. Let me handle the guy. An hour later I picked up the phone. “Zakaria from Vodafone” he told me.

At that point, I already had LinkedIn open. I wanted to ask him his family name to look him up there.

“What’s your family name Zakaria?”. “I’m just here to ask some details about… “.

“I said what’s your family name Zakaria”.

He hung up.

There was not much to do, but what followed shows that Vodafone really handled it classy via their Twitter account. At 16:12 I tweeted

@vodafoneNL someone is calling your clients, pretending to be you, and asking personal info. Time to send an SMS around?

At 16:45 they got back at me and then via PM they asked:

Very good that you send us this message Giovanni. If I understand correctly someone called you pretending to be someone from Vodafone Customer Service and asks you for personal information. Can you tell me exactly how this conversation went ? And can you give me what day and time it was? I also need your mobile number so I can figure this out with our security department :-).

After telling them what happened, they promptly replied:

Thanks for sending the information. That does sound like a very strange conversation. I’ll send it right away to our security department for research. Good that you indicate this to us. If you encounter anything suspicious again let us know, then we investigate this immediately.

I have no idea what they’re going to do with it, but I really do hope they stop Zakaria and his likes!

  1. Although when I was on the phone later the background noise from other people talking was much higher than professional call centers. ↩︎