Discussion topic: Erroneous Takeover

@jabxheushshabwv Sky need the code, they sent it to you while taking to them direct on the mobile they have on file, you don't give it to them then they will end the call! Security double check that is what it is! You will find the list off numbers here, your choice if you think it is a scam call!

Scam calls, emails, texts or online impersonation | Sky Help | Sky.com | Sky Help | Sky.com

My concern is simply that the text message from Sky says “Never share this code with anyone.” There’s no mention of “except Sky employees,” which is why it felt contradictory when I was asked to read it out. It feels like either the wording on the message needs updating or the identity-verification flow needs to be reconsidered.

It’s also a bit of a misnomer that the code is sent to the same phone Sky is speaking to. If the caller wasn’t the account holder, they would already have access to the phone receiving the code so the step doesn’t actually add meaningful protection.

And if the purpose of the code is to authorise account changes, then instead of a wildcard code that allows anyone to do any changes (including changing the password)  it would make more sense for the message to say something like:

“Sky employee Jane Doe is about to make the following change to your account; [list of changes named here]. Share this code only if you wish to verify this request.”

@jabxheushshabwv As before and on the link, see what was there, call sky yourself with 150 from your landline if it is still working, and reconfirm the sky LINK double check the number, call it back and go through the same again with them, you are in control off it all as you initiated the call your side, you are 100% correct to be cautious as it can be anyone on the other side calling you, and as before the code could be stared out there end, they ask you for the code punch it in and confirm, if you think code is not correct then give it back wrong if they were to carry on saying yip code was good, then you know for sure it's a scam caller!

When OTS messes up disconnecting there is a huge pile of dodo to clear up and try to get you back online, just do not be surprised if it takes a couple off weeks!

The suggestion to “give the wrong code first” doesn’t quite hold up from a security perspective.

If the person on the phone was a scammer trying to access my account, and I deliberately gave them an incorrect code, they would immediately know it was wrong because they’d be entering it into the system. When they tell me “that code didn’t work,” following that logic I’d then end up giving them the correct one — which defeats the purpose of the test. So that step doesn’t actually add meaningful protection.

My original point still stands:
The message Sky sends says “Never share this code with anyone,” yet customers are asked to read it out. And because the code comes to the same phone the agent is speaking to, it doesn’t verify anything other than access to the handset.