When the O2 mobile network went down in the UK earlier this month, hundreds of thousands of people were unable to make and receive calls, or connect to the internet from their 3G smartphones.
When the service was eventually returned to normal, O2 apologised and said it would offer compensation to affected users.
It was, therefore, with some interest that SophosLabs researchers noticed a wave of spammed-out emails claiming to come from O2 with the subject line “O2 Online Security”.
Here’s what a typical email looks like (if you want better picture, take a look at this larger version).
Part of the email reads:
As we said in our last update, we want to make it up to our customers for the loss of service some people experienced over the weeks.
The issue we had was unprecedented and we recognise that this caused inconvenience and frustration to those impacted over that one-day period.
We have now identified all those customers directly affected (those whose devices could not connect on our system). To thank all our customers for supporting us through an unprecedented and difficult period, we are also giving everyone on O2 a £10 O2 voucher to spend in store.
Click the link below to protect your account with the new security update.
A £10 voucher. That sounds nice. Who wouldn’t want one of those? And a security update as well!
Well, O2 *is* offering customers a £10 voucher – but the link in the email is, of course, bogus.
If you click on it, you aren’t taken to the real O2 website, but instead a webpage hosted on a compromised third-party website which is just waiting to scoop up your login details.
In short, if you enter your information on the fake O2 login page you will be phished.
Always be cautious about the links that you click on in emails, and think twice before entering your personal information.