Issue 123 - January 2012 (2nd Edition) - Page 2
TalkTalk Service Cancellation Phishing Scam
Email purporting to be from UK based internet and telecommunications company TalkTalk claims that the recipient's TalkTalk service will be cancelled unless account details are verified.
The email is not from TalkTalk. Instead, it is a phishing scam designed to steal personal and financial information from TalkTalk customers via a bogus website form.
Detailed analysis and references below example.
Last updated: 14th January 2012
First published: 14th January 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
Subject: Important TalkTalk service cancellation update – please read
Your account details have been changed.
We noticed that you recently changed the 3-D Secure Password (Verified By Visa or MasterCard SecureCode) you use to pay your TalkTalk bill, you are the rightful holder of the TalkTalk account and you must verify your account!
In order to verify your account please log into your account and submit all your information, if you choose to ignore our request, your account will remain limited until you verify your information.
Log in to My Account
My Account is the brighter way to get more out of TalkTalk. Log in to get extra features and manage your billing online, whenever you like.
Log in to My Account
3-D Secure is an XML-based protocol designed to be an added layer of security for online credit and debit card transactions. It was developed by Visa with the intention of improving the security of Internet payments and offered to customers as the Verified by Visa service. Services based on the protocol have also been adopted by MasterCard, under the name MasterCard SecureCode, and by JCB International as J/Secure. American Express has added SafeKey to UK and Singapore on 8 November 2010.
3-D Secure adds an authentication step for online payments.
3-D Secure should not be confused with the Card Security Code which is a short numeric code that is printed on the card.
Please do not reply to this email as replies are not monitored.
TalkTalk Telecom Limited
This email, which purports to be from UK based internet and telecommunications company TalkTalk, warns the recipient that his or her TalkTalk service may be cancelled or limited if account details are not verified. The email instructs the recipient to click a link to login to his or her account and provide all of the requested information.
However, the message is not from TalkTalk and the claim that the recipient's service is set for cancellation is a lie. In fact, the message is a phishing scam designed to trick TalkTalk customers into submitting their personal and financial information to Internet criminals.
Those who fall for the ruse and click the link in the email will be taken to a fake website designed to resemble the real TalkTalk website and asked to login with their username and password. Once they have logged on to the fake site, users will be presented with the following web form, which asks for their credit card details and address information:
Once a victim clicks the submit button on this fake form, all of the information he or she has entered will be sent to the cybercriminals operating the scam. The scammers can also collect the login credentials submitted via the bogus login page. The criminals can then use the stolen information to conduct fraudulent credit card transactions. They can also access the user's real TalkTalk account, steal more personal information that may be stored there and use the account for their own nefarious purposes
TalkTalk has displayed the following message on its login page to alert customers about this scam:
Some customers have received a hoax email asking for their billing details. Please note that TalkTalk will never ask you to confirm your banking details via email.
TalkTalk has published information on its website detailing how customers can protect themselves
from online fraud. If you receive this email, do not open any links or attachments that it may contain.
Phishing is a very common form of criminal activity
that has targeted customers of many different companies and financial institutions all around the world. Be cautious of any unsolicited email that claims that you must verify or update account details by clicking a link or opening an attached file. To login to your account, go directly to the company's website via your web browser. Do not login via a link in an email.
Friend Stranded in Foreign Country Scam Emails
TalkTalk - How can I protect myself from online fraud?
Phishing Scams - Anti-Phishing Information
Pages in this month's issue:
- A Special Appeal to Facebook Users - Unauthorised Use of Baby Zoe Chambers Photograph
- TalkTalk Service Cancellation Phishing Scam
- Facebook Protest Message Against Casey Anthony Book Deal
- Gang Initiation Warning Hoax - Infant Car Seat Left On Roadside
- What is a Facebook Survey Scam? - Survey Scams Explained
- Fake LinkedIn Email Leads to Pharmacy Spam Website
- Rihanna Is NOT Dead
- Animal Mistreatment Protest Message - Firecracker Put In Dog's Mouth
- Hoax - Facebook Will Pay Three Cents Per Share to Help Baby With Facial Cancer
- Social Media Driven Hope Barbie Campaign
- Unfounded Facebook Rumour - Thierry Mairot Wants to Talk to Children About Sex
- Animal Rescue Site Email Forward
- Eden Project Recall Of Bracelets Made From Jequirity Bean
- Hoax Warning: Lost Child Lure - 'New Way for Gang Members to Rape Women'
- 'Switch to Pink Facebook' Survey Scam
- Tanner Dwyer Friend Request Hacker Hoax
- "Went To The Party" Anti Drink-Driving Message
- Bogus Warning Claims KiK Messenger is a Hacking Scheme
- Bogus Amazon Shipping Confirmation Emails Point To Malware
- Stolen Tibetan Spaniels Alert
- Video Of Hero Dog Pulling Another Dog From A Busy Highway
- Facebook Message - RIP for Family Slain by Man Dressed as Santa
- False Warning - Do Not Add 'Jason Lee' Because Its a Virus