Three mobile users should be wary of a convincing email scam claiming to be from the UK mobile network. According to the team of the Cofense Phishing Defense Center (PDC), this new attack is designed to fool unsuspecting customers into transferring names and even banking details.
The message, which arrives in the inbox across the UK, is designed to look like it was sent from an official Three account. Once opened, the message alerts that the mobile network is struggling to process a payment, stating: "Your last bill payment cannot be processed by your bank. Access to your mobile service is being suspended. Download the attachment form to view your billing information to change. "
The attached file then takes users to a fake website where it then requests essential information such as login details, personal information and credit card information.
PDC says the source code indicates this is a clone of actual Three html code reassigned for malicious purposes; styling elements are taken from the Three website, for example, making them far more convincing than some other scam campaigns. In addition, all options in 3GUK users redirect to the legitimate relevant Three page so that, for example, clicking on "iPhone 11" under the Popular Phones section at the bottom redirects the end user to the actual Three iPhone 11 page.
These are clever scam tactics to try to make this look as real as possible.
Those who are fooled can eventually hand over vital information that could lead to serious financial losses. So this threat is worth taking into account.
If you're concerned about scams, it's worth following this advice from Three, who says they will never email customers asking for information such as usernames, passwords, or bank details.
Top tips to avoid getting scammed
• Never give passwords to anyone, over the phone, in person, online or via email.
• Your bank, network provider and many other companies that handle your money will usually ask you to enter certain characters of a password or login number. If one of these companies asks you for your full password or login number, it is almost certainly a phishing scam and you should immediately contact your bank or network provider.
• Never click on links in emails or texts that ask you to sign in to your account. Close the email and go directly to the company's website.
• Install good virus protection on your PC. You can purchase trusted antivirus software from companies like McAfee and Norton, or you can download free software from respected places, such as Avast and Kaspersky. Make sure to research the software you choose.
• Make sure you visit secure websites. You can look for the padlock icon in the address bar to check if a website is safe.
• Remember that grammar and spelling are important to respectable companies like your internet or network provider and your bank, so if something reads really badly, it's probably a scam.
• Your bank, telephone provider and money management companies know you. They will address you by name.
• If you are concerned about the security of your personal information, you can find more information on our Fraud & Security page. Protect your data, stay safe online and stay connected.