The “Yes” that can prove fatal

Security Awareness
9 January 2023
La truffa del sì

Before you say “yes”, you need to think about it.
We are not talking about the most famous “yes”, the one that is pronounced at the altar, which has a reputation for turning the lives of those who pronounce it upside down, but about another “yes”, which is apparently much more harmless, but which can be a harbinger of great inconvenience and financial losses.
Before uttering that very short word, we should therefore adopt a cautious attitude, which, unfortunately, often does not happen.

In fact, we are all used to receiving calls from unknown call centre operators who, before explaining the reason for their call, ask us for confirmation of our name and some other data of ours.
Most of the time, because we are taken aback or distracted by other thoughts, we immediately respond in the affirmative. That “yes” that we say with such ease can turn out to be fatal.

On the other side of the line, our response could, in fact, be recorded and then used for the activation of a new contract, for example, for the supply of electricity, gas or for a new telephone line.

It has been called the “yes scam” and it is, of course, an activation that takes place against your will.

Most of these cases apply to the energy sector. With the end of the protected market in January 2023, energy market prices will no longer be regulated, and it will be up to the consumer to decide which operator to rely on for their electricity and gas supply.

For this reason, there is a real race on the part of operators in the sector to grab as many customers as possible.

But there is no shortage of scams in the phone industry. In this case, however, for the scam to go through, the call centre operators need the migration code. This can be revealed, with a bit of ingenuity, by the same user, or it can be calculated through other data relating to the usual operator and which, in any case, is always provided by the unsuspecting victim of the scam.

What to do if you are a victim of the “yes” scam?

The person who has been scammed often notices that they have been the victim of a scam when the first bill arrives from an operator to whom they do not remember having given any consent. If the consumer finds themselves in this situation, the first thing to do is to send a registered letter with return receipt to “disavow the contract”.

How can you defend yourself?

The goal, however, is not to let it get to the point at which the need to send the registered letter and block any type of scam from arising is necessary.

First of all, it is important to follow some rules:

  • never give out your personal data;
  • never utter the fateful “yes.” If you are asked if you are Mr Rossi, you can answer with another question, such as “with whom do I have the pleasure of speaking?”, or simply with “it’s me”;
  • never provide your POD and/or PDR code, these are, in fact, the unique codes that identify the system for the collection of electricity or gas;
  • never indicate your tax code: it is a sensitive piece of data that should not be requested by telephone;
  • do not provide your IBAN code, unless you are sure of your contact person’s identity;
  • ask for the operator code.

Taking these precautions should allow you to protect yourself from this kind of very devious scam.

But, as with many other scams that now run fast on the wires of the network or in the ether, the main defence is awareness and attention.

Awareness of the risks can make a difference

In general, therefore, it is always advisable not to underestimate the calls we receive from call centres or from unknown people and never let yourself be caught unprepared. Scammers, whether they approach via the web or by phone, are well aware of the psychological mechanisms to make their victims fall into the trap and leverage precisely on those, then on the human factor. It is precisely the latter then that must be strengthened, through awareness of one’s actions and knowledge of the dangers. As soon as the attackers understand that they are dealing with people who are not at all easy to deceive, they will immediately change their focus.


Articoli correlati

Digital Operational Resilience Act (DORA)

Digital Operational Resilience Act (DORA)

The Digital Operational Resilience Act (DORA) is a EU regulation that entered into force on 16 January 2023 and will apply as of 17 January 2025. It aims at strengthening the IT security of financial entities such as banks, insurance companies and investment firms and...

read more