I had a call apparently from BT (my broadband provider) to say that my internet had been hacked. To confirm that it was really them, they sent an email and a text with a PIN.
There was admittedly something fishy about it. They weren't able to specify exactly what they meant by my account being hacked, and I was confused about the PIN aspect (more on that in a moment) - so I hung up and called BT myself.
They confirmed that it wasn't them who had been in touch. It was, indeed, a scam. Not only was there not a problem, and they had not contacted me in the last 3 months, the BT operative also confirmed my suspicion about the PIN - the point of a PIN is for me to confirm who I am, not for them to prove who they are. Anyone can send you a PIN and ask you to read it back. BT won't do this when they contact you, only when you contact them.
However, it's easy to see how the text and email could help fool people. The text was apparently from the same number that BT use to send a confirmatory PIN. The wording of the text was almost (but not quite) identical to the BT message. And what I still find unnerving is that the scammers were able to link together my landline phone number, my mobile number (for the text) and the email address I use to log into my BT account.
Because of this linkage, one thing I did do was both change my password on the BT website and switch on two factor authentication (where it sends you a text or email to check it really is you) in case someone had got into their data.
I pride myself on not falling for scam calls. But this one was scarily convincing. Traditionally it's been said that phishing emails and scam calls may be deliberately poor so they are only believed by the most vulnerable. This was certainly not that kind of operation.