Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Cybercriminals are targeting Three mobile customers with a convincing phishing scam

Cyber criminals are swiping bank details from unlucky Three customers by cloning the mobile network’s real web pages. The phishing attack was reported by the Cofense Phishing Defence Center (PDC) this morning.

According to the PDC, a number of Three users have received a deceptive email claiming to come from the mobile operator itself. The email – titled “3G Your mobile services Your Account” – appears to have originated from online@three[.]co[.]uk. It reads:

“Your Latest bill payment could not be processed by your bank. Access to your mobile services will be suspended. Download the attachment form to amend your billing information.

Yours sincerely,
3G Customer Services”

In the email message, customers are told that a bill payment could not be processed by their bank. They are then asked to download an attached HTML file to edit their billing info and avoid seeing their service be suspended.

Related: Best smartphone

The file – “3GUK[.]html” – then asks the user to input their login credentials, personal information and credit card details to continue with the phone bill payments.

Unfortunately, the form is pretty convincing and could easily be mistaken for Three’s actual account confirmation page – and there’s a reason for that. The source code behind the HTML page suggests that the form attached to the email is actually a clone of Three’s real website.

The fake form features styling elements pulled directly from Three’s website and even the buttons on the form direct to legitimate Three webpages, such as the phrase “iPhone 11” below the Popular Phones category at the bottom of the page.

Related: Best VPNs for security and privacy

According to the PDC, the IP address appears to originate from the URL “mail[.]moultondesign[.]com, while any customer information provided via the form seems to be processed by the processing[.]php script at hxxp:/joaquinmeyer[.]com/wb/processing[.]php.

If you receive an email from Three asking you to re-enter your payment details, take a closer look to make sure the notice really is a legitimate one.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.