SOLVED Strange encounter with supposedly BT (British Telecom)

[KIngWhiskers]

I was called today by supposedly members of the BT (British Telecom) comms services and told that there was multiple unauthorized activity on my account.
I was asked to open a Command window and run netstat
This showed quite a few "established" connections and some TIME_WAIT connections. This was just on start up of the laptop and lots of TIME_WAIT entries for my wife's desktop.
Then ran it again a few minutes later and all that was shown was the laptop that I was using.
Could anyone please tell me if this is strange behaviour on the part of my laptop and do you think I was being set up for a scam.
They had my email address, my BT account number, my ex-directory phone number and were able to send very convincing emails that were from (e-mail address removed)
They also changed my password so that I could not login to my email or my "My BT" which is your account portal.

I was not convinced that they were genuine BT personnel so I hung up on them before it got too involved and rang BT directly from my home line and was a hour getting access back to my email and MYBT.

Any ideas and explanations gratefully received.

Please see a copy of the netstat results in a notepad file.

 

[Ian]

I'm 100% sure that this is a scam... you did the right thing to hang up!

Did they get you to run anything else other than netstat? They can't do any damage by running that, but they usually get you to run other commands or ask to take remote control of your PC.

You can report the scam here if you'd like:

BT Scams | What you need to know to stay safe | BT Help | BT Help

Discover what BT scams are making the rounds, what BT does and doesn't do over phone and text, and how to stay protected from BT scams online.

www.bt.com

 

[KIngWhiskers]

Hi Ian,
yes it definitely was a scam.
BT replied to the email that I forwarded. extract from,

The email below is a genuine BT communication. However, the call would have been a scam trying to get you to disclose the PIN. The scam caller would have been following the forgotten your password reset journey. They opt to have a PIN sent because they do not know the answers to your security question.

As you may be aware these are scam calls where the caller will lie about issues on your broadband/computer/telephone line to get you to allow control of your computer.

So definitely a scam call.

Number that called me was 07287741681, that started the alarm bells ringing to begin with.

What annoys me though is BT never as far as I am aware never made public knowledge that data was lost in the Yahoo data breach.

Sorry - the page you're looking for has been removed

The contents were out of date or replaced, but you can still access the information via The National Archives website. Details how to do this below.

www.ncsc.gov.uk

Very crafty getting a genuine email with a pin sent by BT to assist with their scam.
And of course you would give them the pin as that is a normal verification procedure.
As a scam goes it is quite clever and with them using BT's own forgotten password facility it is brilliant in its own simplicity.
The only thing that was run was netstat and no other access or information was given, besides they had all my information and were able to quote my account number. I suppose they had access to my email for about an hour, but there is no real security information on there. Not even who I bank with.
I suppose they would have tried to get me to put some screen sharing software on there and then held me to ransom by scrambling my files which does not actually scramble your files, just restricts access, or some other disabling ransom ware.

Router has bee disconnected for 5 minutes to force a new ip address and everything else looking OK. That netstat command is quite useful as you can see very quickly who is connected to your router.

If it happens again I will keep them dangling for a long time and play with them.

Many thanks for your reply