Beware of 'Three Mobile' Phishing Scams That Extract Credit Card Details and Passwords

Hutchison 3G UK Ltd., better known as Three UK, is a British telecommunications company that has been in business since 2003. In 17 years, the company has earned the trust of 8.8 million active customers, and it is in the top 10 telecom companies in the UK. Unfortunately, even trusted and popular brands can lose customers if their reputations are tarnished. That is not necessarily the main goal behind the scams we discuss in this report, but that can be the effect. One of the more recent Three-related scams involves a misleading message claiming that your latest bill payment could not be processed and that you need to update extremely sensitive information. From now on, we refer to it as the online@three.co.uk scam. If you continue reading, you will learn about other scams that have been exploiting Three UK, as well as what to do if you are fooled by phishing scams.

The devious online@three.co.uk scam was set up to extract personal data

If you are a customer of Three UK, are you used to receiving emails from the company? If you are, you might not blink an eye at the online@three.co.uk scam email that comes your way. The Cofense Phishing Defense Center discovered and analyzed the scam, and they found that the attackers behind it were able to discover that three.co.uk did not block the sender (IP 86.47.56.231) from sending emails using the online@three.co.uk email address. The researchers believe that this could have happened if the company tried to circumvent (Sender Policy Framework) policies that could prevent legitimate emails from coming through. That means that the potential targets of the scam were left to their own devices when uncovering this particular scam. That being said, recognizing the online@three.co.uk scam as an actual scam should not be that hard. The title of the email is “3G Your mobile services Your Account,” and the message declares this:

Your Latest bill payment could not be processed by your bank.
Access to your mobile services will be suspended.
Download the attachment form to amend your billing information.
Your sincerely,
3G Customer Services.

This message is believable enough to fool less vigilant customers. However, if you do not use 3G services, it should be clear that you have faced a scam email. If you are a real customer, the first thing you need to do is contact the service provider. Click HERE to learn about the different ways you can contact Three and ask them if the latest bill payment could not be processed. Of course, contacting any company is a hassle, and it might seem easier to just click the “RGUK.html” attachment and see what is going on. That is a mistake. If you open this attachment, you are shown a fake form that asks to disclose your Mobile/device number, Password, Full name, Address, Date of birth, Mother’s maiden name, Mobile number, Card number, Expiration date, Security code, Account number, and Sort code. Hopefully, you recognize the scam right away and close the fake form immediately. If you have disclosed personal information, the attackers behind the online@three.co.uk scam could perform identity theft, hijack accounts, and steal money from you.

Three has been fighting Smishing and Wangiri attacks for years

In 2018, Three UK saw a wave of phishing attacks targeted at its customers and, undoubtedly, this was not the first one to hit the company. Smishing stands for SMS Phishing, and that involves bogus, misleading text messages set up to extract sensitive information. Just like the online@three.co.uk scam, a smishing scam can be used to gather names, addresses, phone numbers, secret information (e.g., mother’s maiden name), and payment card information. For the most part, phishing texts are more obvious than phishing emails, and most receivers of such texts are likely to recognize being scammed immediately. Without a doubt, if you receive a funny text message, you must not respond to it or click links embedded within it. That being said, you should not ignore such a text message completely. Three asks to forward it to 7726. The company also has some guidelines for recognizing smishing.

Three is also sensitive about Wangiri attacks, which are dropped calls set up to lure people into calling back. If you do, you are likely to be charged for premium rate services, which could cost you a small fortune. The company claims to have implemented “an intelligence system that actively monitors for fake numbers.” If you find a missed call from an unknown number – especially if it is from an international number – Three asks you to text CALL to 7726 and forward the suspicious phone number via text so that further investigation could be conducted.

Phishing victims can lose money

Whether you are a victim of the online@three.co.uk scam, a phone-call scam (schemers can impersonate Three operators), or a smishing scam, you need to be very cautious about how you handle the situation. If you choose to hide under a rock, pretending that nothing bad happened, you could soon find yourself in a very messy situation. For example, thisismoney.co.uk shared a story of Mrs. L, who claimed that someone took out a phone contract in her name, due to which, she was then threatened by a credit recovery company. They demanded a payment of £360, and when she refused to pay, her credit score started declining. According to Three, this could have happened only if the victim had disclosed personal information. The investigation – which, fortunately, resulted in account’s closing and full annulment of the payment – revealed that the account was set up online. That means that no identification was required.

So, if you do not want to relive the experiences of Mrs. L, it is important that you take care of your security in case someone manages to extract sensitive, personal information from you. First and foremost, you must change your password to secure your online account. And do not recycle a different password you use, or add an additional number or letter to the old password. Instead, we advise that you generate a strong, complex password using Cyclonis Password Manager's password generator that no attacker will be able to guess. Afterward, contact Three and your bank to warn them about the scam. They will instruct you to take specific actions to secure your funds and your own privacy. In the future, critically assess every email, SMS message, and call that you receive from someone introducing themselves as Three UK.

By Foley
July 1, 2020
July 1, 2020

Leave a Reply