O2 phishing emails pose as network disruption apology

Filed Under: Featured, Mobile, Phishing, Spam

O2When the O2 mobile network went down in the UK earlier this month, hundreds of thousands of people were unable to make and receive calls, or connect to the internet from their 3G smartphones.

When the service was eventually returned to normal, O2 apologised and said it would offer compensation to affected users.

It was, therefore, with some interest that SophosLabs researchers noticed a wave of spammed-out emails claiming to come from O2 with the subject line "O2 Online Security".

Here's what a typical email looks like (if you want better picture, take a look at this larger version).

O2 phishing email. Click for larger version

Part of the email reads:

As we said in our last update, we want to make it up to our customers for the loss of service some people experienced over the weeks.

The issue we had was unprecedented and we recognise that this caused inconvenience and frustration to those impacted over that one-day period.

We have now identified all those customers directly affected (those whose devices could not connect on our system). To thank all our customers for supporting us through an unprecedented and difficult period, we are also giving everyone on O2 a £10 O2 voucher to spend in store.

Click the link below to protect your account with the new security update.

A £10 voucher. That sounds nice. Who wouldn't want one of those? And a security update as well!

Well, O2 *is* offering customers a £10 voucher - but the link in the email is, of course, bogus.

If you click on it, you aren't taken to the real O2 website, but instead a webpage hosted on a compromised third-party website which is just waiting to scoop up your login details.

O2 phishing website

In short, if you enter your information on the fake O2 login page you will be phished.

Always be cautious about the links that you click on in emails, and think twice before entering your personal information.

, ,

You might like

3 Responses to O2 phishing emails pose as network disruption apology

  1. Xyon · 750 days ago

    Why then blur the URL of the phishing site? Surely it'd be better to leave it unobscured for the purposes of illustrating just where the link will send its victims?

  2. njorl · 750 days ago

    I wonder whether the part in the serif font has been copied from someone else's scam message. It's reasonably-well written, and I saw only the perplexing jump from "over the weeks" to just "that one-day period" that would make me doubt the authenticity. (OK, writing about a "one-day period", instead of a "day", raises an eyebrow, but it probably passes, in a legal/technical context.)

    The sans-serif text, however, is reassuringly the infant-grade standard of writing that's the hallmark of scam messages. (Notice that the "customer", in "Dear customer", is in the plain font, suggesting the source message was aimed at someone else.)

  3. ZeroGhost · 750 days ago

    I ALWAYS look at the address for domains or embedded sub domains in messages. As a graphic designer I know how easy it is to compose a message with graphics and hijacked text. Bad language skills and syntax can be simple markers too, but the address can be checked in scam listing sites if there are any questions.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.