EE customers are currently facing a wave of sophisticated phishing scams. Fraudsters have devised at least ten different schemes, all promising unclaimed rewards or points within accounts. These deceptive messages lead victims to harmful websites designed to steal their personal information.
Recognising the Scam
Victims receive messages, seemingly from random mobile numbers, stating that a significant number of points in their accounts were unused due to a system error. These messages falsely claim the points will expire soon, urging recipients to claim their non-existent prizes promptly. Upon investigation, EE has confirmed these communications as fraudulent.
Interestingly, these aren’t standard SMS messages but utilise Rich Communication Services (RCS) on Android devices. RCS messaging, a modern alternative powered by Google, offers enhanced security features like end-to-end encryption. However, it’s clear that fraudsters have found ways to exploit even the most secure platforms. In response, EE has taken action to block access to these malicious links on its network, and the issue has been reported to Google.
Google’s Response
Google emphasises its commitment to user safety, acknowledging the rise in impersonation campaigns across messaging platforms. The tech giant is continuously refining its spam and abuse detection capabilities. Google encourages users to report suspicious conversations in Google Messages. This helps block the sender and segregate the message into a “Spam & blocked” folder.
It’s generally advised against clicking on phishing links from unknown sources due to the risk of malware. However, an investigative look into these malicious phishing links revealed websites mimicking EE’s branding to trick visitors into providing personal details. These sites often ask for a phone number initially, then guide users through a bogus point redemption process, eventually requesting a home address for the delivery of phantom products.
The Use of Link Shorteners
Fraudsters are utilising link shorteners like Buzz, Cutt.ly, Rebrand.ly, and tinyurl.com to conceal suspicious URLs. While link shorteners are legitimate tools for condensing URLs, their ability to mask the destination site makes them appealing to fraudsters. Certain precautions, such as previewing the full link on TinyURL or using Cuttly’s preview mode, can help users verify links before clicking.
Services like Cuttly and TinyURL have measures in place to monitor and block malicious links. Users are encouraged to report suspicious links, which are then reviewed and potentially removed by the service’s abuse team.
Action Steps for Recipients
If you receive a suspicious text, it’s crucial not to respond directly. Instead, verify the message’s authenticity by contacting the purported sender directly or checking your account with the company. Suspicious messages can be reported to 7726, and malicious websites should be reported to the National Cyber Security Centre. Victims of scams should immediately contact their bank and report the incident to Action Fraud or dial 101 in Scotland.
In the digital age, fraud prevention and fraud awareness are more important than ever. EE customers, and indeed all mobile users, must remain vigilant against phishing attempts, armed with the knowledge and tools to protect their personal information.
Safeguarding Explored
Once fraudsters steal your personal information or access your EE account, they can unleash a variety of problems, resulting in significant financial and emotional turmoil. For instance, gaining access to your EE account allows fraudsters to execute SIM-swapping scams. This enables them to hijack your bank accounts or credit cards, exploiting them for fraudulent activities.
In today’s digital age, distinguishing between legitimate communication and fraudulent attempts is increasingly challenging. Therefore, the most effective defence is a proactive one: resist the urge to immediately act on any received texts or emails. Instead, directly reaching out to your phone carrier for verification is a safer approach. While this method may seem time-consuming, it significantly reduces the risk of becoming trapped in such scams.
