EE customers should be on high alert about a new scam doing the rounds online. Cyber crooks are sending out emails claiming there is an unnamed issue with their monthly bill and that users need to enter their billing details to verify the information is accurate.
The subject line – as identified by researchers working for the Cofense Phishing Defense Centre (PDC) – is usually “View Bill – Error”. The lack of detail should probably raise a red flag with EE customers. The email vaguely talks about how EE is “working to get this fixed”. Customers are pushed to “view billing to make sure your account details are correct”.
But clicking on that link will direct users towards a fake login page designed to lift any details inputed into the fields. This will allow the cyber criminals to login to EE accounts. But worse than that, as the fraudulent forms ask for credit card details – the crooks are able to use your details to purchase a number of items online in your name behind your back.
The fake login pages supports the HTTPS protocol – displayed as the green padlock – within the URL, which is a clever tactic to give users false hope that anything they write in the form is being encrypted and safe from prying eyes.
- Sky broadband reveals why your daily internet speeds may be suffering
However, the bad actors went to the trouble of obtaining SSL certificates for the domain to be able to legitimately display this HTTPS padlock symbol simply to gain users’ trust. According to the researchers investigating this scam, it has become much easier for site owners, including fraudsters, to obtain these certificates.
In fact, it’s this level of detail that makes this latest EE scam so worrying.
In the form where users are prompted to input their credit card information, cyber crooks have placed a small “You will not be charged” message in the top right-hand corner to reassure email recipients that it’s a legitimate site.
After the details have been put into the form, users will be automatically redirected to EE’s website. So users shouldn’t even be suspicious – unless they’re keeping a close eye on the URL – that anything has gone awry.
At the time of writing, the phishing page is still live and active, according to Cofense Phishing Defense Centre. So, if you’re on EE, you should be on the lookout for the emails as the cyber crooks are still actively using this technique to try to steal payment details.
EE has a dedicated webpage to help customers if they think they have been targeted by scams.
The firm’s advice states that if you receive a message requesting personal or financial information, such as personal security details, bank details or passwords, be aware that it could be a scam and therefore fraudulent. If you’ve received something that looks a bit suspicious don’t worry.
Receiving a suspicious text, email or voice call will not harm you in any way – harm can only come if you interact with it.
Those who are concerned can forward any phishing emails referring to EE to [email protected]
Source: Read Full Article