'Fraudsters took over my phone after EE failings'

A man says he has lost files, business records and all his online photos after "failings" by his mobile phone provider allowed fraudsters to take control of his phone.

Harry Skinner, 30, said the criminals also exploited a security loophole to spend thousands of pounds on gift cards.

"I'm upset. The main thing for me is on Google Drive, I had every photo I have taken since I was 21... I don't have access to them any more," said Mr Skinner, a self-employed carpenter from Norwich.

EE apologised, but insisted scammers had already accessed Mr Skinner's personal details and password before contacting EE to update his eSIM.

Mr Skinner said he had received an email from EE in August telling him contact details on his phone account had been changed and, if he had not done this, to call the firm straight away.

He did so, but said: "When I spoke to them, they were more concerned with upgrading my account… rather than going through the security details."

He said he was told there was "nothing to worry about", but the next day his phone stopped working.

When he logged on to the internet, he found notifications that passwords on his multiple online accounts had been changed.

The fraudsters had done this using a security feature that sends a verification code to the user's phone number.

"I knew straight away that I had been hacked," said Mr Skinner.

"The notifications I got were 'You have spent £500 on Amazon; you have spent £700 on eBay.'

"I was trying to keep calm... but you don't know how far it’s gone."

All the money taken - about £5,000 - has since been refunded by the banks, but Mr Skinner is still locked out of his Google accounts, where he stored all his photos, files and business accounts.

He said the experience had been "very stressful", adding: "I don't think they [EE] understand the responsibility that they have when it comes to your security."

The BBC has seen posts on EE's community message board, external from five other customers saying their accounts had been taken over in the same way.

One said they were told it was too late to stop their contract being moved to a different provider, and that over a weekend hackers accessed all their banking and credit card apps.

"Your mobile number is used to authenticate who you are," said cyber security expert Jake Moore.

He said if you lost control of your mobile number, "so much damage can be done in just a few minutes".

Mr Moore said the best way to protect yourself was by using authenticator apps to verify your identity by creating a code on a device of your choice.

In an email to Mr Skinner, EE said it had investigated the "failings of EE to secure your account".

An EE spokesperson told the BBC that in Mr Skinner's case, the fraudster passed appropriate checks, including email verification.

They said the fraudster had requested a replacement e-Sim with a built-in 24-hour delay "as a normal existing fraud mitigation measure".

But it added: "When Mr Skinner contacted us with concerns, in this case, we did not act as quickly as normal to cancel the replacement e-sim order and we have provided coaching [to] that customer service guide.

"While Mr Skinner’s account was secured quickly and a replacement Sim arranged for him in our retail store, we’re sorry for any inconvenience.”

However, the spokesperson said EE could not comment on the other cases seen by the BBC.

Action Fraud, the national reporting centre for fraud and cybercrime, confirmed it had received a report of fraud in Mr Skinner's case.

The body - which has no investigative powers - said all reports were passed to police for intelligence purposes.

In a statement, it said: "Every report of crime made helps us build a bigger picture of fraudulent activity happening across the UK.

"Anyone who suspects fraudulent activity or has fallen victim to fraud should report it as soon as possible, because that report could be the final piece in the puzzle to building intelligence and catching offenders."

An EE spokesperson added: "We urge customers to use unique and strong passwords for all their online accounts and to contact EE, their bank and the authorities immediately if they notice any suspicious activity.

"We continue to review and introduce additional technical measures and policies to better protect customers against fraudulent SIM swaps."

Follow Norfolk news on BBC Sounds, Facebook, external, Instagram, external and X, external.