Watch Out for Fake 'O2: Payment for Your Latest Bill Could Not Be Processed by Your Bank' Messages
O2 (Telefonica UK Ltd.) is one of the biggest telecommunication service providers in the United Kingdom. As of March 2020, O2 had 24 million customers, which puts it in second place after EE and before Vodafone and Three. Unfortunately, we live in a world in which cybercriminals are usually hitting the biggest communities, which means that services that are extremely popular are likely to be the most desirable targets. Of course, companies like O2 are well aware of it, and they put in a great deal of effort and money into ensuring that their customers’ data is protected and that services are running orderly. That being said, cybercriminals are successful exactly because they have imaginative minds and because they are able to come up with new methods of attack.
In July, it was reported that O2 faced a credential stuffing attack that led to a data breach. Attackers were able to use the stolen usernames and passwords from XSplit and use them to take over O2 accounts. That was possible only because users were using the same combinations of usernames and passwords, which means that attackers basically guessed the login data. Without a doubt, in this situation, victims can blame no one but themselves for being careless. That being said, although some hackers might be relying on password reuse and data breaches, there are roundabout ways for them to extract sensitive information and make O2 customers suffer. One of such ways is to send misleading text messages that are meant to convince them to share payment details.
O2 Payment for Your Latest Bill Could Not Be Processed by Your Bank
If you have received the ‘O2 Payment for Your Latest Bill Could Not Be Processed by Your Bank' text message, you have been approached by schemers. Unfortunately, people often act on a whim, and if your initial assumption is that a payment-related problem occurred, you might click a link within the fake message. This message has been going around for a while now, and there are numerous reports of it on the O2 community page as well. For example, like this one or this one. One recipient of such a message reported the O2 scam back in January. It is hard to say how many different parties might be exploiting this method of attack, but, unfortunately, it is likely that we will continue to see O2 scam messages in one form or another for time to come.
These O2 scam texts are most likely to contain links to malicious websites that, at first sight, might look legitimate. Of course, if you pay attention to the URL address, the layout of the page, the information displayed on it, or if you try to interact with the content, you should notice that it is different from a legitimate one. We have to take into account the fact that some people might not be completely familiar with the legitimate website in the first place. If that is the case, every SMS message has to be approached with caution. If you are not careful, you could be tricked into disclosing login and payment information, which schemers could use to take over your accounts and steal money.
If you received a text message from O2, it's most likely a scam
The thing with SMS messages – and emails, for that matter – is that it should not be hard to know when they are sent by schemers. When it comes to SMS messages, specifically, service providers do not send them to request payment information, passwords, or other sensitive data. Therefore, if you receive a text that demands such data, you can assume that it is part of a scam. O2 scam messages can be forwarded to 7726 so that the service provider could take action against the schemer. O2 phishing emails can be forwarded to firstname.lastname@example.org.
O2 also has specific tips for those that might be facing phishing, smishing, or vishing attacks. Customers are advised to check for grammatical mistakes, the outdated “dear customer” header, personal data requests, transaction/payment requests via a provided link, number 0 instead of letter O, unfamiliar numbers, and urgent tone. If you discover any of this within the text messages and emails you receive, it is, most likely, an O2 scam. Remember that O2 scams are not delivered via SMS only. O2 phishing emails and bogus phone calls are prevalent too. If you receive a funny phone call, ignore it and call the O2 customer helpline (8002). They will let you know if the phone call you dropped was legitimate or not.
If you realize that you have received an O2 phishing email or O2 scam text, do not mess around with it. Clicking on links, responding to schemers, and interacting with emails and texts could be dangerous, and if you do not want to put yourself at risk, it is best for you to report and delete them immediately. And what happens if you have been tricked? First and foremost, secure the data that you might have been tricked into leaking yourself. For example, if you followed a malicious link and ended up disclosing your password, change it immediately. You also should change your O2 password if it matches another password in use. Although you might be in a hurry to make a change, do not miss this opportunity to make your password strong. Employ Cyclonis Password Manager, and it will help you generate and secure your password in just a few simple steps.
If you have been tricked into making payments, call your bank immediately. If you act fast, they might cancel the transaction. Remember that if you report a scam, you might protect yourself and, at the same time, also save others from the same fate. In the future, make sure you pay close attention to the messages, emails, and websites you interact with because you do not want to be fooled by another O2 scam ever again. Especially since schemers could come up with new forms of the O2 scam.