Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Three.co.uk Phishing Scam

Outline
Email that appears to originate from mobile phone service provider Three.com.uk claims that the customer's account has been locked and must therefore be reactivated by clicking a link in the message.



Brief Analysis
The message is not from Three and the claim that the user's account has been locked is untrue. In fact, the message is a phishing scam designed to trick recipients into providing their Three account login details to Internet criminals.

Bookmark and Share
Detailed analysis and references below example.





Last updated: August 10, 2012
First published: August 10, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example

From: Three.co.uk
Subject: Account locked


Dear Customer,

Please accept our apology for a recent system up-grade that has affected
some of our customers and you are one of many that has been affected by this
up-grade. This means that you cannot login into your account except you follow
the link below to reactivate your login.

Please do not reply to this message. For questions, please call Customer Service.
We are available 24 hours a day, 7 days a week.

Copyright © 1999-2012 Three.co.uk. All rights reserved.

Please do not reply to this e-mail as this is only a notification. Mail sent to this address cannot be answered.




Detailed Analysis
This email is created so that it appears to originate from phone service provider Three.co.uk. The email claims that the recipient is one of many Three customers that have had their account locked due to a recent system upgrade. The email instructs recipients to click a link in the message in order to log in to the upgraded system and reactivate the account.

However, the email is not from Three and customers have not been locked out as claimed. The message is an attempt by online criminals to steal Three account login details. People who are taken in by the trick and click the link will be taken to a fake login webpage designed to resemble the genuine Three website. Login credentials entered on the fake login page will be delivered to the criminals operating the phishing attack. After collecting this information, the criminals can then login to the Three accounts belonging to their victims, steal any personal and financial information that they find and use the accounts to conduct further fraudulent activities. Ironically, once they have gained entry to the compromised accounts, the criminals may really lock out the legitimate users by changing account passwords.

Three has published information about phishing scams on its website.

Phishing is a very common criminal ploy and has been used to target customers of a great many service providers and financial institutions all around the world. The cover stories used by phishing scammers are many and varied. But, as a rule of thumb, be distrustful of any email that informs you that there is some sort of problem with your account and claims that you must click a link or open an attachment in order to resolve the supposed issue. Instead of clicking a link in an email, it is always safer to login into your online accounts by entering the account web address into your web browser's address bar.

Bookmark and Share
References

Three - About phishing
Phishing Scams - Anti-Phishing Information


Last updated: August 10, 2012
First published: August 10, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer