Sandgate is one of those villages on South coast of England that seems timeless. Nestled on the Kent coast, and within spitting distance of the French coast, little changes over the year and little happens. Until recently.

About 20 residents of this seaside town, population about 4,000, began receiving bills from mobile network provider O2. Even though none of them used O2. The highest bill was £3,100 and the lowest £60 with others coming in at several thousand pounds.

These residents had been receiving bills around December of last year. None of them had taken out a contract with O2, none had taken a new smart phone from O2 and none at any idea what was going on. Yet they were all receiving threatening ‘red letters’ for monies owed. Intriguingly nearly all lived within the same CT20 3 postcode.

After some sleuthing it became obvious their IDs had been stolen and used to set up contracts, and get new smartphones, from O2.
  • O2 said fraudsters behind the scam had gathered large amounts of personal information about the victims before making the applications. It added it did comprehensive identity checks on the applications.
  • Fraudsters went online and set up phone contracts, which included new iPhones, using the name and address of the victim.
  • The phones were then delivered to an O2 shop or a local post office. They would have been collected in person by someone “proving” the victim’s identity and showing their order details.
  • No bank details appear to have been set up for the contracts and so the bills were sent to the victim’s home once payment was overdue.
Clearly the fraudsters somehow got their hands on the names, addresses and date of births of the victims. But of course the burning question is how did the fraudsters get their hands on the personal details of so many people who lived so close to each other?

It’s a pertinent question. Did they all fall victims to a phishing scam and part with their personal details, perhaps a fake email that claimed to be from the local authority? Was the local council tax database hacked or even a doctor’s surgery? It’s a mystery and possibly one of the first cases of ‘collective’ hacking.

Some of the victims received 20 letters from O2 demanding payment. It took about two months for O2 to accept that identity theft was cause. One person had to go to the Financial Ombudsman to have his name cleared.
  • According to Cifas, a UK fraud reporting agency, more than 102,000 identity thefts were reported to in the first half of 2021, a rise of 11 per cent on the same period in 2020.
  • Credit reference agency, Experian said three-quarters of identity theft cases late last year involved fraudsters using the victim’s address to apply for credit.
  • Identity theft is prolific and alongside taking precautionary measure such as looking out for phishing mails its also a good idea to bolster your antimalware security with identity protection which alerts you should your personal information such as name, address and phone number appear on hacker forums and in the dark web where stolen ID details are traded.