I received an email about this issue:https://community.giffgaff.com/t5/Announcements/We-ve-recently-identified-a-billing-issue-here-s-how-we-re/td-p/22060487
which asked me to click on a link in the email. This link took me to a webpage that asked me for personal information. There was no way of finding that webpage from "My GiffGaff" or the GiffGaff homepage, so I was forced to click on that link in the email.
In this case, it turned out to be legitimate - I contacted an agent to check, and they said the email was legitimate, though I still had to click on the link in the email because, as the agent said:
"we'll be able to identify you as one of the members that were affected by this issue"
Surely, if I'd logged in with my GiffGaff credentials, this would have proved this? Though maybe the email in this case went to people, not only who weren't using GiffGaff anymore (like me), but had actually deleted their online GiffGaff account. Anyway...
Emails are extremely easy to fake. Webpages are extremely easy to fake (and make look like legitimate ones). Links in emails are extremely easy to fake and change so they point to fake webpages. Once you're on a webpage that "looks" legitimate and has the padlock icon in the address bar etc, it's very easy to give your personal information to scammers and fraudsters etc. We as end-users are often told to be vigilant for spam and scams and fraudulent emails etc - yet if companies like GiffGaff send us emails that function in the same way as scams, how are we to know the difference? We become trained by GiffGaff and others to do what the scammers want - trust on appearance, click on links in emails, enter our personal information etc. Having to get in touch with an agent (which is what I did to check) isn't quick or convenient, and the need to do so could be avoided.
For instance, in this case, the email from GiffGaff could have asked me to login to "My GiffGaff" and follow the link there - instead of giving me a link to click in the email itself.
It's not just GiffGaff who do this, but as it was GiffGaff this time I thought I'd say something because they might actually listen (unlike my bank!).
So my "idea" is - that all webpages mentioned in emails should be findable from the GiffGaff homepage or "My GiffGaff" and shouldn't depend on customers clicking on links in emails.
As I rarely visit this forum, please would someone else follow this up and post it as an "idea" once it has been debated and refined here.