The fraudsters who steal your identity to take out O2 phone contracts

Fraudsters are exploiting security flaws to take out O2 phone contracts using stolen identities —leaving innocent families on the hook for hefty bills.

Customers have also seen their credit scores plummet because the telecoms giant is taking weeks or even months to investigate their complaints.

Last month, Money Mail published a letter from a 76-year-old woman who was chased by the mobile provider for arrears on an iPhone and iPad she had never bought.

Spinning a line: Criminals are taking out O2 mobile phone contracts using stolen details before leaving innocent families on the hook for hefty bills

More readers enduring lengthy battles with the mobile giant to cancel fraudulent contracts have since come forward.

Experts believe scammers may have identified a weakness in the firm’s security checks.

Julie McCue, 37, received two bills for a total of £918 and spent days fighting for answers from O2. 

The single mother says she was told that contracts for an iPhone and landline had been taken out in her name, and that other people had experienced similar problems.

But it took O2 two months to shut down the accounts. By then, the late payment had knocked 200 points off her credit score, which nearly scuppered her plans to move to a new rental property.

Julie, from Manchester, says: ‘O2 should have never allowed a contract to be signed in my name in the first place.

‘The whole experience has just been appalling.’

Victims of such scams have usually had their personal details leaked or stolen online. This can happen if there is a data breach or a company is subjected to a cyber attack. Fraudsters then use the stolen details to pose as legitimate customers and pass credit checks.

Once ordered, phones are intercepted before they are delivered, or redirected to other addresses.

The O2 fraud team has recorded a spate of these cases — and dozens of people have taken to social media to complain about the issue.

Cybersecurity expert Jake Moore says: ‘Once scammers have identified a weakness in a company’s security procedure, they will continue to abuse it until that door is closed.’

O2 insists its security systems are not to blame. It is understood that many of the accounts were opened with temporary bank cards set up in victims’ names without their knowledge. O2 is no longer accepting the cards as payment for contracts.

But the company failed to explain why it was seeing a disproportionate number of these cases compared with other firms.

James Howard, 75, was sent a letter demanding £35 a few days before Christmas. He was caring for his wife Linda, 73, at the time, while she recovered from major surgery.

The letter said the money had to be paid within a fortnight or the case might be passed to a debt collection agency. James wrote back saying he had never signed a contract with O2 and asked for a copy of the document.

Although the firm apologised for his experience and directed him to its fraud team, two more letters arrived demanding £30.99. It took two months and Money Mail’s intervention for the firm to close the account.

Security flaws: Critics warn that mobile phone firms are not doing enough to verify customers' identities online or in branch

Security flaws: Critics warn that mobile phone firms are not doing enough to verify customers’ identities online or in branch

Retired engineer James, from Eldwick, West Yorkshire, says: ‘I’ve lost weight because I’ve been so anxious about this. I don’t see why they couldn’t just send us the contract.’

Critics warn that mobile phone firms are not doing enough to verify customers’ identities online or in branch.

When Money Mail applied for a mobile contract with O2, Three and EE online, we were only asked for basic information such as a name, date of birth, address and employment status. Not one asked for photo ID as proof of identity.

Martyn James, of complaints site Resolver, says: ‘This should not be happening, as mobile firms should be carrying out stricter checks.

‘Mobile phone contracts used to require a photo ID and recent utility bill to prove the address.’

Telecoms watchdog Ofcom is not required to oversee what identity checks firms carry out for credit agreements.

Nurse Hannah Brown, 30, waited more than three months for O2 to close the account a fraudster had set up in her name at a branch.

She received her first letter from O2 in October — a £26.50 bill for a mobile phone she knew nothing about. 

When she rang O2, she was assured the account would be closed and its fraud team would be in touch. However, a month later she received another bill for the same amount.

When she called the mobile company again, she was told that only its fraud department could shut down the account.

Since then she has received another five bills — the latest demanding £168.

Hannah says: ‘I have got really upset when I’ve been on the phone to O2, but I just get told they are sorry and that there is nothing they can do without the fraud team.’

O2 has apologised for errors in handling all three customer cases and says any notes on their credit files will be cleared.

It is understood the company carries out other background checks to make sure customers are who they say they are.

A spokesman says: ‘At Virgin Media O2 we take the security of our customers incredibly seriously and protecting them from fraud is a priority.

‘We have robust processes in place and always act quickly when we see new patterns of fraudulent activity emerging to help keep our customers safe.’