Phishing & Smishing - What you need to know

 

We often see reports from customers who believe that they may be at risk from fraudsters trying to dupe them into sharing their personal information. These types of scams are known as phishing or smishing – a form of fraud which impersonates a company in order to steal sensitive information such as login details. Unfortunately, in today’s world, these scams are all too common, generally targeting individuals and large organisations across different sectors by imitating all kinds of company communications. We’ve pulled together some information to help you identify these scams and keep your information safe.

What is it?

Phishing and Smishing is when fraudsters attempt to get hold of sensitive information such as usernames, passwords and credit card details by pretending to be a trustworthy source in emails (Phishing) or texts (Smishing). These scams work by sending you an email or text that looks like it’s from your bank, service provider or other company. The email/text will ask you to visit a fake website that looks real. The site will have a form asking for personal information like usernames, passwords and bank account or pin numbers.

What am I looking for?

As with many scams, it begins with an email or text. The notification can, in some instances, purport to be a bill notification from us and can look very credible. It may detail an unusually high balance and include a link to ‘view your bill’. This messaging is designed to panic recipients into clicking the link to see how they’ve run up such a large bill. Instead, clicking the link will either direct you to a fake website or in some cases, download Malware to your computer. The most common type of phishing email will direct you to a fake website and ask you to enter your login details.  Malware can be used for a number of things – for example, it could record your keystrokes, enabling fraudsters to piece together personal information and login details for other sites.

Signs of a Phishing or Smishing Scam

It’s often easy to spot a scam. Be on the lookout for:

  • Spelling mistakes
  • A ‘from’ email address that doesn’t match the company or organisation, or a text sent from an unfamiliar sender, such as a mobile number
  • Demands that you take action straight away or risk having your account suspended
  • A generic ‘dear customer’ header
  • Suspect links with extra letters, numbers or substitutions. For example, a phishing scam trying to imitate O2 might replace the letter ‘O’ with the number zero
  • Requests for sensitive data like usernames, passwords, D.O.B etc.

Here are some examples of Phishing emails:

 

 

 

 

 

 

 

 

 

 

 

 

Phishing image

Here are some examples of Smishing texts:

   

What to do

If you’re suspicious about an email you’ve received please send it onto our team to be looked into. DO NOT click on any links. It’s important that we see examples of phishing emails and websites so we can investigate and shut down scammers. To report a suspicious email or website:

  • Create a new email draft with ‘Phishing’ as the subject
  • Attach the suspicious email
  • Send to phishing@o2.com

To report a suspicious text forward the message to 7726. You may get an automated response thanking you for the report and giving you further instructions if needed. You will not be charged for sending texts to 7726.

For more information about phishing from our support pages, click HERE.
For more information and advice on how to safeguard against fraud, visit the Fraud Advisory Panel.


For more information on spam texts click here.