• Jackoamon@lemmy.world
    link
    fedilink
    English
    arrow-up
    19
    ·
    3 months ago

    They likely buy leaked data that would include things like your full name and email, perhaps an address. Even if an address isn’t there, legal data brokers often have your address for a small payment anyways. From there they likely use something like Google Street view.

    • Egg_Egg@lemm.ee
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      3 months ago

      I worked for an ISP that uses Openreach’s infrastructure in the UK. In order to make changes to customer installations or repairs we had to call an Openreach Contact Centre. These were basically big call centres in India. Many of my customers got contacted by scammers from India shortly after me contacting Openreach about their accounts using information like their address, contact details and information about the work they were receiving, and demanding things like card details to ensure the work went forward.

      It was obvious Indian workers in those call centres were taking pictures of customer account details and using that info to scam those customers, but my company refused to do anything about it because we “lacked evidence” and just told us to let customers know any communication about their accounts would come directly from us and we’d never ask for any card details etc.

      I’m certain any other companies, whether UK or US, that use centralised admin from India and similar places with poor security will be plagued with these exact same issues.