An O2 network glitch on July 11th 2012 resulted in hundreds of thousands of customers unable to make calls, send and receive texts messages or use the internet from their mobile phones. When the service was eventually returned to normal, O2 apologised and said it would offer compensation to affected users. IT security and data protection firm Sophos is warning consumers that cyber criminals are looking to capitalise on this, and it has monitored a wave of spammed-out emails claiming to be from O2 with the subject line, “O2 Online Security”.
Typical emails include the following text:
“As we said in our last update, we want to make it up to our customers for the loss of service some people experienced over the weeks. The issue we had was unprecedented and we recognise that this caused inconvenience and frustration to those impacted over that one-day period.
“We have now identified all those customers directly affected (those whose devices could not connect on our system). To thank all our customers for supporting us through an unprecedented and difficult period, we are also giving everyone on O2 a £10 O2 voucher to spend in store. Click the link below to protect your account with the new security update.”
While O2 is in fact offering a £10 voucher as compensation, Sophos warns that the link in this email is in fact bogus. If recipients click on the link, they aren’t taken to the real O2 website, but instead to a webpage hosted on a compromised third-party website which is just waiting to scoop up customer login details.
“While the language in this email is fairly convincing compared to many other phishing emails, users always need to be cautious about the links they click on in emails,” said Graham Cluley, senior technology consultant at Sophos. “Users should also always think twice before entering personal information, as if details are entered on to this fake login page, they will be phished. Scammers work extremely quickly to make the most of high profile stories like this one. Chances are if you’ve read about it in the press, so have the bad guys, and they’ll be working out a scam to collect personal details.”