Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









O2 Shop 'View Bill Online' Phishing Scam

Outline
Email purporting to be from UK based service provider O2, claims that recipients can open an attached file to view their bill online.

O2 Phishing Scam

Depositphotos.com/dacasdo



Brief Analysis
The message is not from O2. Instead the email is a phishing scam designed to trick recipients into submitting their O2 account details and other personal information to cybercriminals.

Bookmark and Share

Example

From: O2 Shop
Subject: Your bill (£204.00)

Dear Customer,

Our system shows your bill of £204.00 is due and ready to view online. This might be an error from our server and you will be required to update your details again. Please download the document attached to this email and confirm your recent bill.

Regards,
Our customer service team.

This email is sent from O2 Uk Limited.
Registered office: 260 Bath Road, Slough, Berkshire, SL1 4DX.
Registered number: 1743099.

Copyright © 1999-2013 O2 Shop. All rights reserved.


Detailed Analysis
This email, which claims to be from UK based telecommunications provider O2, informs recipients that their bill is due and available for viewing online. The message also claims that users must update their details in case the server has made an error. Recipients are instructed to download an attached file to confirm the supposed bill.



However, the message is certainly not from O2 and the attached file does not contain a bill. Those who do open the attached file will be presented with a web form that asks them to provide their O2 account username and password along with other personal information. The bogus form is constructed so that it closely resembles a genuine O2 webpage. To further disguise their nefarious intentions, the scammers have included secondary links on the form that go to the genuine O2 website.

All information submitted via the fake form will be collected by criminals and subsequently used to hijack the victim's real O2 account.

No legitimate organization is ever likely to request users to provide sensitive information such as usernames and passwords via an unsecure email attachment. It is always safest to login to your online accounts by entering the company address into your browser address bar rather than by following an email link or opening an attachment. If one of these scam emails comes your way, do not open any attachments or click any links that it may contain.

O2 has published information about such phishing scams on its website, including how to submit examples of scam emails that you may have received.

Phishing continues to be a major form of online fraud and gains new victims all around the world every day. Beware of any unsolicited messages that claim that you are required to follow a link or open an attached file to submit private account information. You can learn more about phishing scams here.

Bookmark and Share

Last updated: February 16, 2013
First published: February 16, 2013
Written by Brett M. Christensen
About Hoax-Slayer

References
O2 - Phishing Explained
Phishing Scams - Anti-Phishing Information



Go to Mobile Version