Beeline has a strange notion of security, but undertakes to deal with scammers

    Some time ago, it was written on Habr that Beeline opened a special site to combat fraudsters. True, the usefulness of this resource, as it seems to me, is very doubtful. Especially taking into account the requests of the operator support service.

    Well, first things first.

    In the Service Management System (e-care) for quite a long time there is the possibility of connecting the service " Prohibition of the use of services". It is not possible to find any information about it on the operator’s website. It’s useless to click on the name of the service in e-care: despite the current offer, click on the name of the tariff or service to get to the page with a detailed description, this, as a rule, is not Instead of a page with a description of the service of interest, the main page of the site opens (and not always of your region, although opening the correct region is quite simple, having information about the IP address and the city of the conclusion of the contract - because the subscriber's registration address is indicated in the office).

    After searching on the site, clicking on the name of the new service in e-care and not receiving the necessary information, we will try to use the fallback option: CPC (customer support center)

    .We will write them a letter and attach a screenshot of the cabinet so that the employee can understand what is being said:

    On one of my rooms for a long time there has been a service "Prohibition of the use of the service" (see attachment). Please tell us more about her.


    In response to a seemingly very clear request, we get the answer:

    Dear Mikhail Mikhailovich!

    Thank you for contacting us.

    In order for us to be able to carefully analyze (! - approx.) The current situation, we ask you to send username and password (! - approx.) To enter the Center, because when checking with our passwords other information may be displayed.

    We will be happy to answer your questions by e-mail
    or when contacting the Customer Support Center by calling + 7 (495) 974-88-88 or 0611 (from a mobile phone).

    We wish you all the best!

    Your Beeline.

    To the reader, it may seem that this post is about the inadequacy of the answers compiled by text-generating bots compiled by the CPC employees. Or that almost from the very beginning of the existence of e-care it is impossible to find out details about the tariff or service by clicking on their name in the list of available tariffs / services. However, a request to send them a username and password to enter the Service Control Center forced them to write all this.

    Despite the fact that in the reference information, a link to which is directly on the login and password entry page of the Center, there is a hint not to disclose the password to third parties, this is not the first time that employees have asked for the password:

    Can anyone else use my password?
    No, he can not. Only if you yourself pass the password to someone else. In this case, we are not responsible for the security of your information.

    I remember how several years ago, some employees (now I don’t even remember their names and faces) of one of the CPC (then the Client Request Processing Center (CSC)), under the credentials of others (data of the CCH), were connected to numbers of subscribers that were especially unpleasant for them, those who applied to the central treatment center with complaints and requirements (not always justified), paid services or untied the number (the so-called Canceled procedure), freeing it and making it available for connection by another subscriber. I don’t know what exactly ended such decoupling, but I can confirm the fact of such procedures under oath. And others, having access to the recovery of payment card codes, activated them on their numbers and the numbers of relatives.

    So, against the background of these events, tell someone your password, knowing that someone can perform operations on the numberon my behalf , I don't feel like it at all. It is clear that you can enable / disable the service without my password using the internal tools available to employees. But this operation will be performed on behalf of the employee.

    It is known that various Internet services (mail, forum, etc.), as a rule, inform users through e-mail that the administration of the service will not ask for a user password under any pretext. Thus, services try to discourage fraudulent schemes that have become especially common in recent times, when a user is fished for a password under various good reasons. And Beeline, creating specialized sites, itself creates favorable conditions for deceiving users.

    Also popular now: