Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    eBook    Contact
Bookmark and Share

TalkTalk Service Cancellation Phishing Scam

Email purporting to be from UK based internet and telecommunications company TalkTalk claims that the recipient's TalkTalk service will be cancelled unless account details are verified.

Brief Analysis
The email is not from TalkTalk. Instead, it is a phishing scam designed to steal personal and financial information from TalkTalk customers via a bogus website form.

Bookmark and Share
Detailed analysis and references below example.

Last updated: 14th January 2012
First published: 14th January 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer

Subject: Important TalkTalk service cancellation update please read

Talk Talk Phishing Email

Your account details have been changed.

We noticed that you recently changed the 3-D Secure Password (Verified By Visa or MasterCard SecureCode) you use to pay your TalkTalk bill, you are the rightful holder of the TalkTalk account and you must verify your account!

In order to verify your account please log into your account and submit all your information, if you choose to ignore our request, your account will remain limited until you verify your information.

Log in to My Account

My Account is the brighter way to get more out of TalkTalk. Log in to get extra features and manage your billing online, whenever you like.

Log in to My Account

3-D Secure is an XML-based protocol designed to be an added layer of security for online credit and debit card transactions. It was developed by Visa with the intention of improving the security of Internet payments and offered to customers as the Verified by Visa service. Services based on the protocol have also been adopted by MasterCard, under the name MasterCard SecureCode, and by JCB International as J/Secure. American Express has added SafeKey to UK and Singapore on 8 November 2010.

3-D Secure adds an authentication step for online payments.

3-D Secure should not be confused with the Card Security Code which is a short numeric code that is printed on the card.

Please do not reply to this email as replies are not monitored.

TalkTalk Telecom Limited

Detailed Analysis
This email, which purports to be from UK based internet and telecommunications company TalkTalk, warns the recipient that his or her TalkTalk service may be cancelled or limited if account details are not verified. The email instructs the recipient to click a link to login to his or her account and provide all of the requested information.

However, the message is not from TalkTalk and the claim that the recipient's service is set for cancellation is a lie. In fact, the message is a phishing scam designed to trick TalkTalk customers into submitting their personal and financial information to Internet criminals.

Those who fall for the ruse and click the link in the email will be taken to a fake website designed to resemble the real TalkTalk website and asked to login with their username and password. Once they have logged on to the fake site, users will be presented with the following web form, which asks for their credit card details and address information:

TalkTalk Phishing Scam Form

Once a victim clicks the submit button on this fake form, all of the information he or she has entered will be sent to the cybercriminals operating the scam. The scammers can also collect the login credentials submitted via the bogus login page. The criminals can then use the stolen information to conduct fraudulent credit card transactions. They can also access the user's real TalkTalk account, steal more personal information that may be stored there and use the account for their own nefarious purposes.

TalkTalk has displayed the following message on its login page to alert customers about this scam:
Some customers have received a hoax email asking for their billing details. Please note that TalkTalk will never ask you to confirm your banking details via email.
TalkTalk has published information on its website detailing how customers can protect themselves from online fraud. If you receive this email, do not open any links or attachments that it may contain.

Phishing is a very common form of criminal activity that has targeted customers of many different companies and financial institutions all around the world. Be cautious of any unsolicited email that claims that you must verify or update account details by clicking a link or opening an attached file. To login to your account, go directly to the company's website via your web browser. Do not login via a link in an email.

Bookmark and Share References
Friend Stranded in Foreign Country Scam Emails
TalkTalk - How can I protect myself from online fraud?
Phishing Scams - Anti-Phishing Information

Last updated: 14th January 2012
First published: 14th January 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer