"Beeline" has a strange idea about security, but is taken to fight with fraudsters
Some time ago on Habré they wrote that Beeline opened a special site to deal with fraudsters. True, the usefulness of this resource, it seems to me, is very doubtful. Especially taking into account the requests of the operator support service.
Well, first things first.
In the Service Management System (e-care), for quite a long time, it has been possible to activate the service prohibition service . Find any information about it on the website of the operator can not. It is useless to click into the name of the service in e-care: in spite of the existing offer to click the name of the tariff or service to get to the page with a detailed description, this, as a rule, does not occur. Instead of the page with the description of the service of interest, the main page of the site opens (and not always in your region, although it is quite simple to open the correct region, having information about the IP address and the city of the contract conclusion - after all, the subscriber’s registration address is indicated in the account).
')
Searching on the site, clicking on the name of the new service in e-care and not getting the necessary information, we will try to use the fallback option: CPC (customer support center).
We will write them a letter and attach a screen shot of the cabinet, so that the employee can understand what is being said:
In response to a seemingly very clear request, we will receive an answer:
It may seem to the reader that this post is about the inadequacy of the responsescompiled by the text bots generated by the CPC staff. Or that almost from the very beginning of the existence of e-care it is impossible to find out details about a tariff or service by clicking their name in the list of available tariffs / services. However, writing all this was forced to send them a login and password to enter the Service Control Center.
Despite the fact that the reference information, the link to which is available directly on the Center’s login and password entry page, has a hint not to disclose the password to third parties, employees are not for the first time asking to provide the password:
I remember how several years ago some employees (now I don’t even remember their names and faces) of one of the CPC (then still the Client Request Center (CSCD)), under foreign credentials (data of the CCHP employees), were connected to numbers of particularly unpleasant subscribers, who applied to the CSCC with complaints and demands (not always justified), paid services or untied the number (the so-called Canceled procedure), freeing it and making it available for connection to another subscriber. I do not know what exactly such otvyazki ended with, but I can confirm the fact of such procedures under oath. And others, having access to recovery of payment card codes, activated them to their numbers and relatives' numbers.
So, against the background of these events, I don’t want to give anyone my password, knowing that someone can perform operations on a number on my behalf . It is clear that you can activate / deactivate the service without my password, using internal tools available to employees. But this operation will be performed on behalf of the employee.
It is known that various Internet services (mail, forum, etc.), as a rule, inform users via e-mail that the administration of the service will not ask the user's password under any pretext. Thus, services try to prevent fraudulent schemes that have become especially common in recent times, when a password is obtained from a user for various plausible reasons. And Beeline, creating specialized websites, creates favorable conditions for cheating users.
Well, first things first.
In the Service Management System (e-care), for quite a long time, it has been possible to activate the service prohibition service . Find any information about it on the website of the operator can not. It is useless to click into the name of the service in e-care: in spite of the existing offer to click the name of the tariff or service to get to the page with a detailed description, this, as a rule, does not occur. Instead of the page with the description of the service of interest, the main page of the site opens (and not always in your region, although it is quite simple to open the correct region, having information about the IP address and the city of the contract conclusion - after all, the subscriber’s registration address is indicated in the account).
')
Searching on the site, clicking on the name of the new service in e-care and not getting the necessary information, we will try to use the fallback option: CPC (customer support center).
We will write them a letter and attach a screen shot of the cabinet, so that the employee can understand what is being said:
At one of my numbers for a long time there is a service "Prohibition of the use of services" (see attachment). Please tell us more about it.
In response to a seemingly very clear request, we will receive an answer:
Dear Mikhail Mikhailovich!
Thank you for contacting us.
In order for us to carefully analyze the current situation (! - note), we ask you to send your login and password (! - note) to enter the Center, since other information may be displayed when checking with our passwords.
We will be happy to answer your questions by emailing questions.msk@beeline.ru
or by contacting the Customer Support Center at + 7 (495) 974-88-88 or 0611 (from a mobile phone).
We wish you all the best!
Your "Beeline".
It may seem to the reader that this post is about the inadequacy of the responses
Despite the fact that the reference information, the link to which is available directly on the Center’s login and password entry page, has a hint not to disclose the password to third parties, employees are not for the first time asking to provide the password:
Can anyone else use my password?
No, he can not. Only if you pass the password to someone else. In this case, we are not responsible for the security of your information.
I remember how several years ago some employees (now I don’t even remember their names and faces) of one of the CPC (then still the Client Request Center (CSCD)), under foreign credentials (data of the CCHP employees), were connected to numbers of particularly unpleasant subscribers, who applied to the CSCC with complaints and demands (not always justified), paid services or untied the number (the so-called Canceled procedure), freeing it and making it available for connection to another subscriber. I do not know what exactly such otvyazki ended with, but I can confirm the fact of such procedures under oath. And others, having access to recovery of payment card codes, activated them to their numbers and relatives' numbers.
So, against the background of these events, I don’t want to give anyone my password, knowing that someone can perform operations on a number on my behalf . It is clear that you can activate / deactivate the service without my password, using internal tools available to employees. But this operation will be performed on behalf of the employee.
It is known that various Internet services (mail, forum, etc.), as a rule, inform users via e-mail that the administration of the service will not ask the user's password under any pretext. Thus, services try to prevent fraudulent schemes that have become especially common in recent times, when a password is obtained from a user for various plausible reasons. And Beeline, creating specialized websites, creates favorable conditions for cheating users.
Source: https://habr.com/ru/post/87730/
All Articles