Scammers are once again spoofing Verizon Wireless’ 1-800-922-0204 customer service number shown on a customer’s Caller ID in calls offering “refunds” ranging from $30-60 in return for personal information needed to “process a refund check or service credit.”

Verizon Wireless customers (including myself) have started receiving recent unsolicited calls from Verizon Wireless claiming an earlier billing error resulted in an overcharge to their wireless account. The amount of the credit varies, but is significant enough to get the attention of unwitting customers. The caller is asked to verify their Verizon Wireless “account password,” which is a critical piece of information not to be shared with unsolicited callers. Once exposed, anyone can call Verizon Wireless and make changes to your account.

Variations on this scam have been around since 2014. Last fall, callers were instructed to “apply for a refund” at phony websites run by the crooks, almost always detectable because the scammers registered web addresses close to Verizon’s legitimate address, but with two extra numbers attached. (eg. http://28verizon.com/, 27verizon.com, 48verizon.com, etc.) Most of these sites were shut down by early 2015.

Consumers usually believe the calls are genuine because their Caller ID reports the calling number originates with Verizon Wireless customer service. But such caller ID information can now be easily manipulated or faked, making it harder than ever to truly know who is calling.

Complicating matters are Verizon’s own marketing calls to customers originating from the same 800 number, which are legitimate. In an effort to combat the scammers, customers can call Verizon Wireless back at 1-800-922-0204 and the automated call attendant will confirm any recent legitimate customer service calls (often for an “account review” or to tell you about a past due balance) made to your number recently.

The best way to avoid this fraud is to not answer unsolicited calls from unfamiliar numbers and refuse to share any personal information with an incoming caller you don’t know. That includes giving out your full name, address, any part of an account password or Social Security number, credit card number, bank account information, etc.

Any legitimate overpayment or overcharge would be automatically credited back by Verizon on your next bill or mailed to the last address on file if you are a former customer.

“I normally never answer a call with a Caller ID number I don’t recognize, but I was fooled because the number reported was Verizon Wireless customer service’s own number,” said Dylan, a Stop the Cap! reader who now admits he gave away too much information. “I foolishly gave them my account password, address, and phone numbers and only got suspicious when they asked for my Social Security number. That is when I knew and I hung up and called Verizon and changed my account password before the scammers did.”

“I learned my lesson.”

“El Pelón”: Sunburned, running free, and mighty happy AT&T call center workers were happy to oblige requests for private customer information.

The Federal Communications Commission has fined AT&T $25 million after an investigation revealed AT&T customer service call center employees sold private, personal information regarding nearly 280,000 AT&T wireless customers to a shadowy figure or group known as “El Pelón,” which translates as a “bald man.”

During 2013 and 2014, employees in call centers in Mexico, Colombia and the Philippines sold customer information to third parties, presumably to help them reactivate stolen cell phones using the original owner’s contact information and at least the last four digits of the customer’s Social Security number.

When El Pelón called, more than a few AT&T employees listened and on request looked up the cell numbers given and provided customer information in return. A short time later, someone accessed AT&T’s website to submit unlock requests for the phone(s) associated with the account. Once unlocked, the phones could be sold almost anywhere around the world.

The investigation by the FCC’s Enforcement Bureau began in May 2014 after three call center employees in Mexico accessed the private information of more than 68,000 AT&T Wireless customers. That information soon led to 290,803 handset unlock requests submitted by third parties.

AT&T then learned around 40 other employees in its Colombia and Philippines call centers were also providing private customer information in return for compensation. Another 211,000 customer records were involved in those data breaches.

In return for its lax security, the FCC has handed AT&T a record-breaking fine of $25 million, and ordered AT&T to beef up security and give affected customers access to a credit monitoring service for a few years.

“The commission cannot — and will not —stand idly by when a carrier’s lax data security practices expose the personal information of hundreds of thousands of the most vulnerable Americans to identity theft and fraud,” FCC chairman Tom Wheeler said. “As today’s action demonstrates, the commission will exercise its full authority against companies that fail to safeguard the personal information of their customers.”

AT&T has 30 days to pay or contest the fine. The FCC admits it still has no clear idea from AT&T exactly how many customers were victims of the ongoing data breaches. But AT&T promised to do better in the future.

“We’ve changed our policies and strengthened our operations,” AT&T said in a statement. “And we have, or are, reaching out to affected customers to provide additional information.”

A Tennessee man is facing $1,300 in unauthorized cable charges and ruined credit after at least one Comcast employee allegedly stole his identity and provided it to an outside vendor who signed up new Comcast customers who never had any intention of paying their bills.

Ricky McClure of Murfreesboro first learned about the fraud when collection agencies working for Comcast sent him collection notices demanding payment of a combined $1,300 in unpaid charges made in his name in Shreveport, La.

McClure is already a Comcast customer, and he does not pay his cable bill late, so he called Comcast over what he thought was a simple billing error and ran into a customer service buzz saw.

“Comcast basically said the name and social matches what we have on record so this is your account. You need to pay the money and we’re not going to pull it back from collections,” McClure told WKRN-TV.

McClure was left investigating the mysterious charges on his own and discovered the extra accounts on his credit report, both using his Social Security number, and opened without his permission. Even more disturbing, the service addresses on file were in a city McClure has no ties to.

“Where is our money, lady?”

“It’s very alarming. You don’t know who is going to be calling you next,” said McClure.

Comcast’s customer service seemed unconcerned McClure’s identity was stolen. They simply wanted to clear up the matter of the $1,300 in unpaid charges. In fact, Comcast reserves the right to terminate an identity theft victim’s own service until the billing matter is settled or the fraud verified.

An isolated incident? Not quite.

Stop the Cap! reader John Spencer (not his complete real name at his request) in Nashville was also a victim of Comcast fraud. He wrote to share the story of McClure, which he recognized only too well. He faced over $2,000 in Comcast bills sent to collections for another “customer” in Shreveport. This time, the thieves were smart enough to submit a change of address for the bills headed for Louisiana, claiming it was a vacation property. The collection agency finally connected the Social Security number to Spencer’s address in Nashville and commenced collection activity that dropped his FICO score by more than 90 points, which now hovers around 600. Spencer’s damage went far beyond dealing with persistent collection calls. Alarmed credit card issuers running periodic credit checks suspended or slashed Spencer’s credit lines because he was suddenly a credit risk, and Verizon wants him to pay a deposit on his new cell phone account. His car insurance even went up $65 semi-annually, the insurance company explained, because his credit score necessitated a re-evaluation of his rate.

It took over three months for Comcast to finally get the negative information off his credit report, and nine months later he is still trying to get his former credit reputation back. While credit card companies did restore his former credit lines, they made new credit inquiries before granting his request, which has cost him 40 points on his restored FICO score for “excessive credit inquiries.” Verizon won’t budge on demanding a deposit, and his insurance company will reconsider his rate only after it comes up for renewal.

Comcast’s identify theft reporting form runs six pages and requires a police report, a notarized signature, and copies of your valuable photo ID.

Identity theft has become pervasive enough at Comcast that the company dedicates a special section of its website to accept reports from customers victimized by unauthorized charges.

Comcast doesn’t offer much of a shoulder to cry on either, sternly telling victims they must complete and sign a notarized affidavit, attach a police report for the claim, and prove to Comcast’s satisfaction where they actually live.

Some customers already victimized by Comcast once aren’t too happy about another requirement – providing a copy of a valid government-issued photo ID like a driver’s license or passport. If Comcast employees were willing to peddle your Social Security number for quick cash, imagine what they can get for a copy of your driver’s license.

Don’t expect the collection calls to end immediately either. Comcast warns it considers all accounts valid and payable amounts due until proven otherwise.

San Francisco area customer Tammerlin Drummond was also a victim of a rogue Comcast employee who sold her Social Security number and address to an unknown third-party who opened an account and collected a bounty of cable equipment.

Comcast billed Drummond $442.13 for service at an address she had nothing to do with. Ironically, Comcast sent Drummond a separate letter claiming that the security of her account was “a top priority at Comcast” and included a PIN number.

Comcast doesn’t like to break a sweat investigating these scams and kept the fraudulent account open while putting Drummond on its customer fraud treadmill, insisting she do all the work completing the aforementioned affidavit. Another representative even suggested visit a Comcast store in Oakland because people associated with the fraudulent account were recently there to pick up more cable equipment.

“She gave me the ID of the rep who had handled the transaction and suggested I might go to the store to ask if he remembered anything,” Drummond wrote in a column published by the Contra Costa Times. “She said there was a lot of activity connected to my Social Security number and that it was an obvious case of fraud. It smelled like an inside job to me, and I told her so.”

Comcast admitted in all three cases different employees used their positions at the cable company to access customers’ Social Security numbers and other personal information and resell it to other criminals that offer “free” cable service or tell customers to pay them, not Comcast, for “discounted service.”

The two cases in Shreveport were never uncovered by Comcast. It took the initiative of the Shreveport Police Department to launch an investigation last March. Comcast first learned about it not from customers, but from the police department who contacted the cable company about the problem.

Victims were eventually sent letters from Comcast explaining what happened:

“Based on what we know at this time, a small group of individuals employed by a third-party vendor and a former Comcast employee were engaged in identity theft and theft of Comcast services. These individuals may have used your information, including your name and/or social security number, for these unauthorized purposes.”

The letter goes on to say the company is offering a complimentary identity protection plan for a year.

But identity protection may not help much if Comcast can’t secure its customers private, personal information.

Out in San Francisco, Comcast spokesman Bryan Byrd told Drummond a Comcast employee had opened the fraudulent account and that “he has been dealt with.”

Comcast has closed the account, erased the bill and removed the mess from her credit report. Because Drummond was a victim, anyone (including her) will now need to show ID and proof of residence before opening a Comcast account — provisions that would likely protect every Comcast customer from identity theft if broadly enforced.

“It makes you wonder how protected one’s personal data is,” Drummond complained. “How many others did this rogue employee target?”

Comcast says these are all isolated incidents and not a pattern to a wider problem. But apologies are not forthcoming to Mr. McClure or Spencer.

Alex Horwitz, a Comcast spokesperson in Tennessee released the following statement:

“We take this matter very seriously and, out of an abundance of caution, we have contacted a small number of people whose information may have been used to create unauthorized accounts and are providing them with credit monitoring services. We have no evidence that this was an online system breach or that any additional personal information was obtained or used for any other purpose. We are continuing to cooperate with law enforcement and are conducting our own internal investigation. The individuals involved in this are no longer working on our behalf, and we have reinforced our privacy and security policies with employees and third-party vendors.”

Comcast won’t comment on how many cases of identity theft it deals with annually.

[flv]http://www.phillipdampier.com/video/WKRN Nashville Man gets 1-3K in Comcast bills 10-15-14.mp4[/flv]

Several mid-Tennessee Comcast customers have been victims of identity theft, discovering unpaid Comcast bills run up in their names for service several states away. WKRN in Nashville shares the story of Ricky McClure, who faced $1,300 in Comcast charges sent to collections he didn’t owe. (2:41)