Trusted Reviews may earn an affiliate commission when you purchase through links on our site. Learn More

Cybercriminals are targeting Three mobile customers with a convincing phishing scam

Cyber criminals are swiping bank details from unlucky Three customers by cloning the mobile network’s real web pages. The phishing attack was reported by the Cofense Phishing Defence Center (PDC) this morning.

According to the PDC, a number of Three users have received a deceptive email claiming to come from the mobile operator itself. The email – titled “3G Your mobile services Your Account” – appears to have originated from online@three[.]co[.]uk. It reads:

“Your Latest bill payment could not be processed by your bank. Access to your mobile services will be suspended. Download the attachment form to amend your billing information.

Yours sincerely,
3G Customer Services”

In the email message, customers are told that a bill payment could not be processed by their bank. They are then asked to download an attached HTML file to edit their billing info and avoid seeing their service be suspended.

Related: Best smartphone

The file – “3GUK[.]html” – then asks the user to input their login credentials, personal information and credit card details to continue with the phone bill payments.

Unfortunately, the form is pretty convincing and could easily be mistaken for Three’s actual account confirmation page – and there’s a reason for that. The source code behind the HTML page suggests that the form attached to the email is actually a clone of Three’s real website.

The fake form features styling elements pulled directly from Three’s website and even the buttons on the form direct to legitimate Three webpages, such as the phrase “iPhone 11” below the Popular Phones category at the bottom of the page.

Related: Best VPNs for security and privacy

According to the PDC, the IP address appears to originate from the URL “mail[.]moultondesign[.]com, while any customer information provided via the form seems to be processed by the processing[.]php script at hxxp:/joaquinmeyer[.]com/wb/processing[.]php.

If you receive an email from Three asking you to re-enter your payment details, take a closer look to make sure the notice really is a legitimate one.

Unlike other sites, we thoroughly review everything we recommend, using industry standard tests to evaluate products. We’ll always tell you what we find. We may get a commission if you buy via our price links. Tell us what you think – email the Editor