Jump to content


Welcome to DBSTalk


Sign In 

Create Account
Welcome to DBSTalk. Our community covers all aspects of video delivery solutions including: Direct Broadcast Satellite (DBS), Cable Television, and Internet Protocol Television (IPTV). We also have forums to discuss popular television programs, home theater equipment, and internet streaming service providers. Members of our community include experts who can help you solve technical problems, industry professionals, company representatives, and novices who are here to learn.

Like most online communities you must register to view or post in our community. Sign-up is a free and simple process that requires minimal information. Be a part of our community by signing in or creating an account. The Digital Bit Stream starts here!
  • Reply to existing topics or start a discussion of your own
  • Subscribe to topics and forums and get email updates
  • Send private personal messages (PM) to other forum members
  • Customize your profile page and make new friends
 
Guest Message by DevFuse

Photo

Email From Dish Network


  • Please log in to reply
21 replies to this topic

#1 OFFLINE   Skeeterman

Skeeterman

    Legend

  • Registered
  • 234 posts
Joined: Jun 24, 2003

Posted 11 March 2013 - 02:32 PM

Received email from Dish today on someone asking for credit card numbers and payment by Western union.
Here's a copy of the email that went to my spam file.



Dear Gary,

Recently several DISH customers have reported that people claiming to be representatives of DISH have contacted them in an attempt to collect money for special promotions or upgrades. We have discovered that these callers are often asking for credit card numbers or requesting payments via Western Union or Green Dot.

This message is to remind you that DISH will never call you asking for this or any other personal information or information related to your DISH account. If you receive a call requesting a payment in exchange for a promotion or upgrade, we encourage you to disconnect the call and contact us directly at 800-333-DISH (800-333-3474).

As a reminder, the forms of payment that DISH accepts are:
Credit card
Debit card
Electronic funds transfer
Check by mail
Cash through any retail store that offers:
MoneyGram Express Payments
IPP (In Person Payments)
PreCash
CheckFreePay
ACE Cash Express
Western Union Prepaid Services*



*If you make a payment through Western Union, you will receive a 10-digit Money Transfer Control Number (MTCN). DISH will never ask for this number.

Thank you for being a valued DISH customer.

...Ads Help To Support This Site...

#2 OFFLINE   James Long

James Long

    Ready for Uplink!

  • Super Moderators
  • 41,646 posts
  • LocationMichiana
Joined: Apr 17, 2003

Posted 11 March 2013 - 03:17 PM

It is a good reminder. There are a lot of people looking for ways to part others of their money.

#3 OFFLINE   Stewart Vernon

Stewart Vernon

    Excellent Adventurer

  • Moderators
  • 20,553 posts
  • LocationKittrell, NC
Joined: Jan 07, 2005

Posted 11 March 2013 - 05:44 PM

I got this email too. Good of Dish to warn people, but bad that it must have become pervasive enough of a scam to warrant their attention to send such an email.

Also a little sad that people have to be warned that such things are a scam anyway.

-- !rotaredoM mA eM

What I do when I'm not here


#4 OFFLINE   boba

boba

    Hall Of Fame

  • Registered
  • 5,580 posts
Joined: May 23, 2003

Posted 11 March 2013 - 05:45 PM

It is nice to see DISH trying to make us aware of the SCAM now what are they doing to STOP IT?

#5 OFFLINE   jsk

jsk

    Icon

  • Registered
  • 747 posts
Joined: Dec 26, 2006

Posted 11 March 2013 - 07:24 PM

I'm sure they have already involved the authorities. Since these things come from different countries, they probably can't do much but warn people.

Protecting your identity is mostly your responsibility and you have to be suspicious of anyone calling you asking you for personal information. A few years ago, I had a call from my bank about some suspicious activity on my account. I didn't give them any of my information and asked them to give me a published number so I could call them back to verify that I was really speaking to my bank. They gave me a number, I Googl'ed the number and verified that it was listed on my bank's website before calling them back.
Dish Player DVR 722K with OTA module connected to the Eastern Arc

#6 OFFLINE   garys

garys

    Hall Of Fame

  • Registered
  • 3,170 posts
Joined: Nov 04, 2005

Posted 12 March 2013 - 02:09 AM

Received email from Dish today on someone asking for credit card numbers and payment by Western union.
Here's a copy of the email that went to my spam file.



Dear Gary,

Recently several DISH customers have reported that people claiming to be representatives of DISH have contacted them in an attempt to collect money for special promotions or upgrades. We have discovered that these callers are often asking for credit card numbers or requesting payments via Western Union or Green Dot.

This message is to remind you that DISH will never call you asking for this or any other personal information or information related to your DISH account. If you receive a call requesting a payment in exchange for a promotion or upgrade, we encourage you to disconnect the call and contact us directly at 800-333-DISH (800-333-3474).

As a reminder, the forms of payment that DISH accepts are:
Credit card
Debit card
Electronic funds transfer
Check by mail
Cash through any retail store that offers:
MoneyGram Express Payments
IPP (In Person Payments)
PreCash
CheckFreePay
ACE Cash Express
Western Union Prepaid Services*



*If you make a payment through Western Union, you will receive a 10-digit Money Transfer Control Number (MTCN). DISH will never ask for this number.

Thank you for being a valued DISH customer.


My e-mail was also addressed: Dear Gary, imagine that.

#7 OFFLINE   Inkosaurus

Inkosaurus

    Icon

  • Registered
  • 678 posts
Joined: Jul 29, 2011

Posted 12 March 2013 - 07:11 AM

It is nice to see DISH trying to make us aware of the SCAM now what are they doing to STOP IT?


They do a lot actually.

Those people also call Dish call centers trying to phish customer information from CSR's as well.
All information from these scam artists is kept, flagged , processed and reported to the proper authorities.

#8 OFFLINE   satcrazy

satcrazy

    Icon

  • Registered
  • 887 posts
  • LocationGreat lakes, NW Pa.
Joined: Mar 15, 2011

Posted 12 March 2013 - 09:05 AM

They do a lot actually.

Those people also call Dish call centers trying to phish customer information from CSR's as well.
All information from these scam artists is kept, flagged , processed and reported to the proper authorities.


That was my next question.

How do they [ scammers] know you have Dish services?

#9 OFFLINE   Mike.H_DISHNetwork

Mike.H_DISHNetwork

    Godfather

  • DISH Representative
  • 307 posts
Joined: Feb 01, 2011

Posted 12 March 2013 - 09:40 AM

We wanted to be proactive and alerting our customers there have been reports on different News channels about the ways people try to scam people out of their own money. DISH wants to make sure our customers are not caught up in these account scams.

#10 OFFLINE   gtal98

gtal98

    Godfather

  • Registered
  • 363 posts
Joined: Jan 30, 2011

Posted 12 March 2013 - 10:09 AM

That was my next question.

How do they [ scammers] know you have Dish services?


They don't, but that doesn't matter. Most scams aren't that targeted, their just blanket emails sent to millions of email accounts with the hope that a few suckers will buy it. The ones who don't have Dish (or whatever) obviously ignore it, but those who do have to think twice about it. I've gotten plenty of scams before asking for bank account info from a bank that I don't have an account with. They can take a lot of money from just one sucker.

#11 OFFLINE   Paul Secic

Paul Secic

    Hall Of Fame

  • Registered
  • 6,222 posts
Joined: Dec 16, 2003

Posted 12 March 2013 - 11:35 AM

It is a good reminder. There are a lot of people looking for ways to part others of their money.


I also got the E-mail.. Good going Dish!

Enjoying AT 250 HBO, 

 

Equipment: VIP 722 reciever


#12 OFFLINE   Inkosaurus

Inkosaurus

    Icon

  • Registered
  • 678 posts
Joined: Jul 29, 2011

Posted 12 March 2013 - 11:50 AM

That was my next question.

How do they [ scammers] know you have Dish services?


Trial and Error.

Imagine a call center somewhere and the CSR's have a list of a bunch of names and phone numbers. They call in to a companies phone support system and dial in phone numbers, if they got a correct number the IVR will confirm it usually, like it saying "HEY! Your one of our top customers" or something like that.

Once they know they have a correct number, they get in contact with a CSR and attempt to phish information. They may get shot down and not get past the account security portion of the phone call with the Dish CSR, but then all they would do is hang up and call again.

It would only take 1 mistake from a CSR to really get the ball rolling and much like CSR roulette here its only a matter of time for them to eventually get a hit and they can easily go from just having a name and phone number to having physical/mailing address and Receiver info. Thankfully thats about all they can get from a CSR.
Once they have receiver info there better equipped to call you directly and can use that information to help "authenticate" there claim that they are Dish employees.

Its pretty nuts to be honest. When I worked at Dish I would get phone calls from phishers atleast 5 times a month. That may not seem like much but considering on average I did something like 70 calls a day and my center alone had around 500 agents its pretty interesting if you think about how many of my other fellow agents would get similar calls. Its even scarier when you consider the fact that a CSR can not directly accuse a customer of not being whom they say they are.. or even worse to think of the idea that a CSR may not be picking up on the scam taking place.

Edited by Inkosaurus, 12 March 2013 - 11:59 AM.


#13 OFFLINE   satcrazy

satcrazy

    Icon

  • Registered
  • 887 posts
  • LocationGreat lakes, NW Pa.
Joined: Mar 15, 2011

Posted 12 March 2013 - 02:17 PM

Trial and Error.

Imagine a call center somewhere and the CSR's have a list of a bunch of names and phone numbers. They call in to a companies phone support system and dial in phone numbers, if they got a correct number the IVR will confirm it usually, like it saying "HEY! Your one of our top customers" or something like that.

Once they know they have a correct number, they get in contact with a CSR and attempt to phish information. They may get shot down and not get past the account security portion of the phone call with the Dish CSR, but then all they would do is hang up and call again.

It would only take 1 mistake from a CSR to really get the ball rolling and much like CSR roulette here its only a matter of time for them to eventually get a hit and they can easily go from just having a name and phone number to having physical/mailing address and Receiver info. Thankfully thats about all they can get from a CSR.
Once they have receiver info there better equipped to call you directly and can use that information to help "authenticate" there claim that they are Dish employees.

Its pretty nuts to be honest. When I worked at Dish I would get phone calls from phishers atleast 5 times a month. That may not seem like much but considering on average I did something like 70 calls a day and my center alone had around 500 agents its pretty interesting if you think about how many of my other fellow agents would get similar calls. Its even scarier when you consider the fact that a CSR can not directly accuse a customer of not being whom they say they are.. or even worse to think of the idea that a CSR may not be picking up on the scam taking place.


Thanks for the info.

I notice when I have to call dish, it recognizes my phone # [ automated voice- I see your calling from- etc...] I imagine if you call from a cell, it probably can't register caller ID.
I would think the best line of defense at this time is the CSR asking for your pin immediately, so as not to give out any info to the wrong person.
If a CSR suspects they are not talking to the right person, can't they tell the customer they will call them right back [ using the phone number listed on the account?] Or don't they have that option?

#14 OFFLINE   Inkosaurus

Inkosaurus

    Icon

  • Registered
  • 678 posts
Joined: Jul 29, 2011

Posted 12 March 2013 - 02:59 PM

Thanks for the info.

I notice when I have to call dish, it recognizes my phone # [ automated voice- I see your calling from- etc...] I imagine if you call from a cell, it probably can't register caller ID.
I would think the best line of defense at this time is the CSR asking for your pin immediately, so as not to give out any info to the wrong person.
If a CSR suspects they are not talking to the right person, can't they tell the customer they will call them right back [ using the phone number listed on the account?] Or don't they have that option?


They dont have that option, the second the call ends the next customer in the queue is patched into the line.

The way the CSR should be starting the conversation should also be putting the customer in the position where they reveal who they are as well, to prevent the CSR from giving away potentially private info to a stranger.

Generally if we suspect that something fishy is happening during the call, the best thing we could do was mark down that the account maybe compromised in the notes and also send the account number to our supervisor along with the phone number on our phones caller id. A side from doing that behind the scenes we would have to act like business as usual with the scammer, and refuse to give them information if they were not able to perform the account security measures (PIN, name confirmation ect.)

The worst part really was when your positive the person on the other end of the line was a scammer (you can hear other CSR's in the background, among other things) and there able to confirm all account security measures.. Since we couldnt call out a "customer" on not being who they say they are we would have to give up any info they ask for, we could double check with our supervisors but I personally was never given the go ahead to refuse access to private information from my boss =/

#15 OFFLINE   jsk

jsk

    Icon

  • Registered
  • 747 posts
Joined: Dec 26, 2006

Posted 14 March 2013 - 01:33 PM

Couldn't they design the system that you use to require agents to confirm identity before being allowed to access account information?

I run a IT support call center for a University with about 25 student employees working for me. If a student can't reset their password because they don't know the answer to their Security Question, then my student can reset their security question only if they are able to verify enough information to get to 10 points. Points are added for correct information and subtracted for incorrect information.
Dish Player DVR 722K with OTA module connected to the Eastern Arc

#16 OFFLINE   Inkosaurus

Inkosaurus

    Icon

  • Registered
  • 678 posts
Joined: Jul 29, 2011

Posted 14 March 2013 - 03:09 PM

Couldn't they design the system that you use to require agents to confirm identity before being allowed to access account information?

I run a IT support call center for a University with about 25 student employees working for me. If a student can't reset their password because they don't know the answer to their Security Question, then my student can reset their security question only if they are able to verify enough information to get to 10 points. Points are added for correct information and subtracted for incorrect information.


Dish already does this with pin numbers and secret questions/answer, the customer has to confirm certain pieces of information along with the code before the CSR is allowed to give out certain information about the account.
Its up to the CSR to enforce it though, thats why I mentioned that its like CSR roulette. It only takes 1 CSR to mess up and all these people have to do is keep calling to get that 1 screw up on the line.

#17 OFFLINE   jsk

jsk

    Icon

  • Registered
  • 747 posts
Joined: Dec 26, 2006

Posted 15 March 2013 - 09:59 AM

My point is that the system should not display the information to the CSR until the CSR types in the proper pin number and secret answer.

You would also have to allow for customers who forget their PIN numbers and/or secret answers, but that could be automated as well. Ask them several questions like "How much was your last payment?" and "what is your receiver number?" and "How long have you had continuous service with Dish?" and "How long have you had HD service with Dish?" Add points for correct answers and subtract points for incorrect answers and assign a point value to allow the CSR to reset the secret question/answer.
Dish Player DVR 722K with OTA module connected to the Eastern Arc

#18 OFFLINE   Klatu

Klatu

    Cool Member

  • Registered
  • 26 posts
Joined: Jun 22, 2011

Posted 15 March 2013 - 01:13 PM

You would also have to allow for customers who forget their PIN numbers and/or secret answers, but that could be automated as well. Ask them several questions like "How much was your last payment?" and "what is your receiver number?" and "How long have you had continuous service with Dish?" and "How long have you had HD service with Dish?" Add points for correct answers and subtract points for incorrect answers and assign a point value to allow the CSR to reset the secret question/answer.

I couldn't answer any of those off the top of my head. :) Can anyone?
VIP 722 DVR, Samsung LNT4671F HD TV, ROKU for Netflix, Panasonic Blu-Ray, Slingbox, and a HTC Rezound to watch all this stuff when my wife is shopping.

#19 OFFLINE   HinterXGames

HinterXGames

    Godfather

  • Registered
  • 313 posts
Joined: Dec 20, 2012

Posted 15 March 2013 - 01:18 PM

You would also have to allow for customers who forget their PIN numbers and/or secret answers, but that could be automated as well. Ask them several questions like "How much was your last payment?" and "what is your receiver number?" and "How long have you had continuous service with Dish?" and "How long have you had HD service with Dish?" Add points for correct answers and subtract points for incorrect answers and assign a point value to allow the CSR to reset the secret question/answer.

I couldn't answer any of those off the top of my head. :) Can anyone?


Then you would just need to find out the information and call back. I'd much rather have the hassle of doing that in the name of keeping my account information secure, than the reverse, where its at risk.

#20 OFFLINE   splish

splish

    AllStar

  • Registered
  • 100 posts
Joined: Nov 07, 2002

Posted 16 March 2013 - 09:11 AM

I never got an email. In fact, I have never received an email from DN. Anything to be concerned about?

#21 OFFLINE   Inkosaurus

Inkosaurus

    Icon

  • Registered
  • 678 posts
Joined: Jul 29, 2011

Posted 16 March 2013 - 11:49 AM

^They probably dont have your correct email on file. Its pretty easy to get it added though it wouldnt take anymore then 5 minutes either by calling or chatting online.

#22 OFFLINE   Zero327

Zero327

    Godfather

  • Registered
  • 256 posts
Joined: Oct 09, 2006

Posted 26 March 2013 - 10:22 PM

My point is that the system should not display the information to the CSR until the CSR types in the proper pin number and secret answer.

You would also have to allow for customers who forget their PIN numbers and/or secret answers, but that could be automated as well. Ask them several questions like "How much was your last payment?" and "what is your receiver number?" and "How long have you had continuous service with Dish?" and "How long have you had HD service with Dish?" Add points for correct answers and subtract points for incorrect answers and assign a point value to allow the CSR to reset the secret question/answer.


A double-blind system has been discussed before. The problem is the trade-off for security against customer accessibility. Assume your average customer isn't that great at retaining service information (which is true); how do you service that customer securely while also enforcing strict enough requirements to keep others out? How do you ensure the requirements are equally consistent across all customers knowing that?

There are several trains of thought at DISH. Some are proponents of security that would make military encryption look tame; others are customer service background. Both have valid points, but the balance in-between is decided often by a single executive, and that person usually leans towards one end of the spectrum or the other.

Stricter requirements mean safer accounts, and more difficulty for customers to access. Softer requirements mean easier customer access, and easier security measures to compromise.
Four universal truthes:
1. All is fair in love and war.
2. Nothing is absolute but death and taxes.
3. "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." --Albert Einstein

4. If you think the above three things shouldn't apply to you, e-mail CEO@dishnetwork.com.




Protected By... spam firewall...And...