Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Issue 123 - January 2012 (2nd Edition) - Page 2

TalkTalk Service Cancellation Phishing Scam

Issue 123 Start Menu

Previous Article            Next Article

Outline
Email purporting to be from UK based internet and telecommunications company TalkTalk claims that the recipient's TalkTalk service will be cancelled unless account details are verified.



Brief Analysis
The email is not from TalkTalk. Instead, it is a phishing scam designed to steal personal and financial information from TalkTalk customers via a bogus website form.

Bookmark and Share
Detailed analysis and references below example.





Last updated: 14th January 2012
First published: 14th January 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: Important TalkTalk service cancellation update please read

Talk Talk Phishing Email

Your account details have been changed.

We noticed that you recently changed the 3-D Secure Password (Verified By Visa or MasterCard SecureCode) you use to pay your TalkTalk bill, you are the rightful holder of the TalkTalk account and you must verify your account!

In order to verify your account please log into your account and submit all your information, if you choose to ignore our request, your account will remain limited until you verify your information.

Log in to My Account

My Account is the brighter way to get more out of TalkTalk. Log in to get extra features and manage your billing online, whenever you like.

Log in to My Account

3-D Secure is an XML-based protocol designed to be an added layer of security for online credit and debit card transactions. It was developed by Visa with the intention of improving the security of Internet payments and offered to customers as the Verified by Visa service. Services based on the protocol have also been adopted by MasterCard, under the name MasterCard SecureCode, and by JCB International as J/Secure. American Express has added SafeKey to UK and Singapore on 8 November 2010.

3-D Secure adds an authentication step for online payments.

3-D Secure should not be confused with the Card Security Code which is a short numeric code that is printed on the card.

Please do not reply to this email as replies are not monitored.

TalkTalk Telecom Limited




Detailed Analysis
This email, which purports to be from UK based internet and telecommunications company TalkTalk, warns the recipient that his or her TalkTalk service may be cancelled or limited if account details are not verified. The email instructs the recipient to click a link to login to his or her account and provide all of the requested information.

However, the message is not from TalkTalk and the claim that the recipient's service is set for cancellation is a lie. In fact, the message is a phishing scam designed to trick TalkTalk customers into submitting their personal and financial information to Internet criminals.

Those who fall for the ruse and click the link in the email will be taken to a fake website designed to resemble the real TalkTalk website and asked to login with their username and password. Once they have logged on to the fake site, users will be presented with the following web form, which asks for their credit card details and address information:

TalkTalk Phishing Scam Form

Once a victim clicks the submit button on this fake form, all of the information he or she has entered will be sent to the cybercriminals operating the scam. The scammers can also collect the login credentials submitted via the bogus login page. The criminals can then use the stolen information to conduct fraudulent credit card transactions. They can also access the user's real TalkTalk account, steal more personal information that may be stored there and use the account for their own nefarious purposes.

TalkTalk has displayed the following message on its login page to alert customers about this scam:
Some customers have received a hoax email asking for their billing details. Please note that TalkTalk will never ask you to confirm your banking details via email.
TalkTalk has published information on its website detailing how customers can protect themselves from online fraud. If you receive this email, do not open any links or attachments that it may contain.

Phishing is a very common form of criminal activity that has targeted customers of many different companies and financial institutions all around the world. Be cautious of any unsolicited email that claims that you must verify or update account details by clicking a link or opening an attached file. To login to your account, go directly to the company's website via your web browser. Do not login via a link in an email.

Bookmark and Share References
Friend Stranded in Foreign Country Scam Emails
TalkTalk - How can I protect myself from online fraud?
Phishing Scams - Anti-Phishing Information




Previous Article            Next Article

Issue 123 Start Menu

Pages in this month's issue:
  1. A Special Appeal to Facebook Users - Unauthorised Use of Baby Zoe Chambers Photograph
  2. TalkTalk Service Cancellation Phishing Scam
  3. Facebook Protest Message Against Casey Anthony Book Deal
  4. Gang Initiation Warning Hoax - Infant Car Seat Left On Roadside
  5. What is a Facebook Survey Scam? - Survey Scams Explained
  6. Fake LinkedIn Email Leads to Pharmacy Spam Website
  7. Rihanna Is NOT Dead
  8. Animal Mistreatment Protest Message - Firecracker Put In Dog's Mouth
  9. Hoax - Facebook Will Pay Three Cents Per Share to Help Baby With Facial Cancer
  10. Social Media Driven Hope Barbie Campaign
  11. Unfounded Facebook Rumour - Thierry Mairot Wants to Talk to Children About Sex
  12. Animal Rescue Site Email Forward
  13. Eden Project Recall Of Bracelets Made From Jequirity Bean
  14. Hoax Warning: Lost Child Lure - 'New Way for Gang Members to Rape Women'
  15. 'Switch to Pink Facebook' Survey Scam
  16. Tanner Dwyer Friend Request Hacker Hoax
  17. "Went To The Party" Anti Drink-Driving Message
  18. Bogus Warning Claims KiK Messenger is a Hacking Scheme
  19. Bogus Amazon Shipping Confirmation Emails Point To Malware
  20. Stolen Tibetan Spaniels Alert
  21. Video Of Hero Dog Pulling Another Dog From A Busy Highway
  22. Facebook Message - RIP for Family Slain by Man Dressed as Santa
  23. False Warning - Do Not Add 'Jason Lee' Because Its a Virus