Had a call on my landline a few days ago. Woman had my correct name and said she was calling from Bulb “about the payment”. Then asked me to to go through security by answering some questions. She refused to say anything more about what the call was about until security was complete.

First question was to give my address. Which I refused explaining that I had no proof that she was actually calling from Bulb. Fine she said, she would give me the number that she was calling from and would take me through the internet so that I could see that it was the genuine Bulb contact phone number. Which I explained was no proof of anything as any number publicly available can be spoofed, something fraudsters often do to con victims.

Which is where we stopped, me refusing to give any personal information until she proved to whom I was speaking, she refusing to tell me anything until I first answered her questions. Told her to send me an email to the address already on record which she said she would - hasn’t arrived yet.

I’m suspicious as I do receive fraudulent calls on my landline from time to time, often with similar strong accents. Usually they tell me that my computer has been hacked or has been used for illegal operations or for accessing porn or that HMRC are sending the police to arrest me for tax evasion. The Bulb claim with my actual name is a first. However my Bulb account is in credit and all payments are successfully paid and uptodate, no notes on my account pages online, and no-one from Bulb has ever, to my knowledge, phoned me before.

So, Bulb, are you actively trying to contact me? If not then please take this as notification that fraud is being attempted in the company name.

Sounds like a scam to me at least for no other reason than bulb don’t appear to be contacting anyone about anything at the moment.

This was likely Bulb. I’ve been called before like that and seen customers posting on here that they’ve also received calls and been asked to go through the security procedures.

It’s an absolute nonsense. As is telling the customer to check the number they’re calling from, for the reasons @Sissy stated. In these days of telephone fraud, phoning someone and asking them to prove their identity is just ridiculous.

I would treat any phone call like that as suspicious even if it’s genuine. If they ring me and then ask me to prove who I am without proving who they are I tell them to bog off and put the phone down.

If in doubt contact Bulb on their published phone number or email address

Scammers get hold of some of you details to maker the call seem genuine and they can be very forceful

If you have any doubt at all call Bulb on their published phone number or email address(Beware some scammers will give you a number to call to make sure the call is genuine. It will be a fake number that goes to the scammers

It is possible the call is genuine as many organisation have lax security process. If in doubt assume it is a scam

Hi @Sissy

Thanks for taking the time to write this and it is really important to stay vigilant on potential scammers imitating Bulb or other companies. I have had a look over your account and this call was genuine, conducted by my colleague in regards to increasing your payments.

I can see they did eventually follow up with an email but I am really sorry they did not do this sooner as I understand you were left very confused. We will always ask for security details before discussing anything on your account, the details we ask for being:

• Address and postcode
• Name on the account
• Email address
• Date of Birth

Best,

Jen

Which is fine when it’s a customer calling you, but not the other way round.

Hi Jen

Thank you for getting back to me and for letting me know that the call was genuine. I appreciate your doing so and for letting me know what security details Bulb will ask for. I did get an e-mail but it was without authentication or even any resemblance to any communication that I have ever had from Bulb, which is why I didn’t respond to it.

However, I have to say that the Bulb security protocol is entirely inadequate. Surely you can see that any fraudster, having somehow learnt my name and phone number, could be in a fair way to stealing my entire identity should I be so trusting as to give out the information that Bulb requires as security information?

I acknowledge that the phone call did ask for me by name so it could not have been fraudsters using an autodialer (I never give my name on answering the phone). However there is no way that, with the current protocol, I could have any confidence as to to whom I was speaking before giving away highly sensitive information. There is no way that I am ever going to volunteer any of this information to an unknown caller. I appreciate that Bulb needs to know that I am me if they call - but I also need to know that it is really Bulb calling me.

Bulb needs to have a better protocol for calling its’ customers. Based on a better understanding of how identity fraudsters steal personal data. For example landline area codes and postcodes can be roughly linked by anyone with a map of the physical locations covered by each code. Anyone with a landline area code can make a fair guess as to the first part of the corresponding postcode. I have myself been targeted by just such a scam, in that case they didn’t know my name but did know the area where I lived. They also claimed to be calling from my energy provider. Number spoofing I already covered in my original post.

It really ought not to be too difficult for Bulb to come up with a better system. Phone banking has been around for decades and Bulb could base a protocol on the systems that banks use. Generally the banks set up a codeword, and often also a memorable date and memorable name. The strongest codewords are made up of three words. So I might set up my account with codeword “bulbenergycompany” for example.

One of the key features of the bank telephone protocols is that they never ask for the whole of some identifying piece of information, instead they might ask for the 1st, 5th, 13th and 16th letters for instance. Which would be b _ e _ m _ n. Which I could safely give out as it would be meaningless to anyone without access to the correct codeword. The banks then do the same with the memorable date and name. For added security for a customer I would ask Bulb to provide, should I ask it to do so, digits that I request from a reading from a given bill in the last year. So if the reading on my May bill had been “98765” and I requested the 1st and 4th digits Bulb should reply with 9 _ 6 - which is meaningful only to me and to Bulb and is not sensitive personal information that Bulb should worry about divulging.

More of course could be done with software, but I’m not expecting miracles, or much investment, from a company currently in administration. However, if I can come up with a barebones safety protocol just whilst sitting here replying to your post, then surely Bulb can do better. It is supposed to be a professional, security conscious, high tech company, after all.

I still do not know what the original phonecall was about. However, I suspect that it was likely to have been about increasing my direct debit. Now about 80% of my annual electricity usage happens when I turn on my Economy7 heaters which will be mostly for about three months in winter. The rest of my bills are significantly cheaper. I understand the need to build up a pot of money over the cheaper months, but, frankly, I am not willing to save up that much credit in a company in administration, the customers of which might be taken over by British Gas (poor reputation for customer handling) or some company in the UAE (potentially dubious ethically). So I am saving each month in an interest bearing account. I also know that I have had double glazing fitted and two ancient heaters replaced with modern programmable, thermostatically controlled heaters (difference in monthly units used 400kwh down to less than 50kwh) so my electricity usage will decrease. The Bulb algorithms want to set my direct debit, even the minimum amount, to too high an amount. I would build up an unacceptable amount of credit over the summer months. However I have used the Top Up by Direct Debit function for the last couple of months to ensure that I do not run into debit, and I will continue to do this.

Of course Bulb can insist on increasing my Direct Debit. But then I can insist on having the excess credit refunded to me. On a monthly basis if I need to.

Don’r worry, I am not about to run into debt. In fact my annual budget already factors in a further price increase in October which is at least as great as the recent April increase.