Security Update - Phishing, smishing, and SIM swaps

captainben

Hi Folks,

Ben from Cyber Security here, checking in to give you the latest update.

As some of you might have noticed, we’ve had a few recent reports of fraudulent text messages being received by our members, inviting them to click on a link - this type of fraud is called “smishing” - phishing using text messages.

The content of the messages varies from claiming promotional credit, to the account being closed down unless you click the link provided.

The link included in the fraudulent text message takes the member to a fake website created by fraudsters, that looks just like giffgaff’s. The websites ask members for account details - giffgaff account password, bank account details, and lots of other information. This is called “phishing”.

Once they get hold of your giffgaff login details and gain access to your account, the fraudsters usually request a SIM swap. As soon as they’ve swapped your number over to a phone they control, they can request your bank to send an OTP (one time password - usually a 6 digit number) to gain access to your bank account.

It's important to bear in mind that any genuine giffgaff website link that asks you for your personal details will include .giffgaff.com in the URL in that specific order as this is our domain. Consequently any links which break this specific sequence will point to a fake website. For example, community.giffgaff.com is a genuine giffgaff website as the main domain name has been kept intact. Always check for the dot before and after the word giffgaff.

An example of giffgaff.com’s website - and it says www.giffgaff.com

An example of one of the dodgy websites we’ve had closed down recently - has ‘secures-’ before giffgaff.com

To better protect against SIM swaps that our members are unaware of, we’ve built upon the confirmation email we already send to advise that the SIM swap is in progress - you’ll now receive a SIM swap confirmation text message to your phone where you have the possibility to immediately raise a case with the agents if you were not the one that requested the SIM swap.

We’re always on the lookout for these phishing websites and we get them shut down as soon as we learn of them. So please, please let our Community folks know if you receive a dodgy text message or know of a fake website - but be careful of clicking on links, in some cases there may be malware or viruses waiting to infect your computer or your phone.

Should you receive a text message that looks like it was sent by giffgaff, which you were not expecting, get in touch with our agents on here. We’ll get it looked in to for you ASAP.

You can also post a thread and mention , this will ensure that educators get alerted straight away and get the operations team working on having these websites/fake operators shut down immediately.
Please keep in mind that this username is only used for reporting scammers which claim to be giffgaff. To avoid confusion, we have turned off PM’s on this account and members who report scammers using this method may not receive an acknowledgement reply from the educators. If this method proves to be a success, we will give our operations team control of this account for them to be able to pick this up immediately without having the educators as intermediaries.

Also check out my post from September here about keeping yourself safe online. If you have any questions - let our Community know.

Thanks everyone,
Ben

johnrooney80

captainben
Cheers Cap'n, been lucky 🍀 enough not to have received 1 of these yet, but for sure if i do, I'll use the report. Phishing link. Thanks.

alexadeparis

captainben

Many thanks!! Its my first tome checking out the News section and so glad I did.

I've been hacked 2 via Whats app and or gmail, so now I no longer use it.
I also changed all my correspondance "gmails" to Protonmail and just keep the secret one gmail if I have to use it as a google play passport.

I also am going to be using an old 3 g phone for correspondance and Im keeping my smart phone as a
"palmtop" (not sure if thats a thing but im making it so), and only using the data and never handing out the number it uses!
Also I will be wary of public wifi and I never use internet banking... paranoid much ? I'll say! When u've been hacked twice and had fraud twice, u get that way!

I've realised the more times u hand out your phone number the easier it is for a smart phone to get hacked.

Im even paranoid writing this right now!
:-/
But felt I ought to share my appreciation and my new way of using my smart "palmtop" phone.

richybhoy36

captainben Hi there and thanks for taking the time to write the thread and give us the info about the SCAM messages , I have noticed a big increase in the number of people getting them in the Help and Support forum and unfortunately a few have clicked the link and had a whole load of problems for doing so . It was good of giffgaff to send us out a warning Email .
Tbh I would never click on anything that looked even slightly suspect ! I wish the techs at the gaff could put a stop to this so our giffgaffer don't suffer anymore . All the best and happy giffgaffing :-)

ujo55

I think it is worth also stressing in many of the texts received the giffgaff text number has been spoofed, so that the text will appear to be linked to the chain of genuine texts sent by giffgaff and include the giffgaff logo.The other question which remains unanswered despite being raised many times - is giffgaff aware how these spammers have obtained so many genuine giffgaff phone numbers?

jokeyboi77

@captainben

Good to know giffgaff are providing extra security against the sim swap procedure Ben, however like @ujo55 we'd all like to know how these scammers are getting ahold of so many giffgaff numbers? I'm presuming it'll be through 3rd party sites that members are putting their numbers in? I'd also urge members to run their email address(es) through this site and make sure any sites they've given their email address to hasn't also had a security breach, just incase they provided their phone number too -

https://haveibeenpwned.com/

nickfishyfisher

Hello Ben , I have received one text asking me to contact **edited** .com saying my account is suspended. I have looked at my account independently and there is nothing saying its suspend.

navvy

Will the SIM Swap process take longer, now that the person with the old SIM needs to be able to use it to contact an agent?

Edited to add - if someone has lost their phone, they will want the SIM swap to take place quickly, despite the thief trying to stop the SIM swap. How will this situation be dealt with?

madzking

Just got **edited** asking for login details - then bank card details as too many failed login attempts (without trying). Nothing was entered.

dicowins

Ive just received one from giffgaff Noooot stating account blocked go to **link removed** NOT HTTPS but looks convincing copy of SITE but isnt giffgaff.

captainben

Hi ujo55 - you've made a very good poiint on how these fraudsters have got phone numbers. From what we understand, non giffgaff numbers have also been targetted so this is very much an opportunistic campaign - a percentage of the numbers they try will be giffgaff unfortunately.

jaymailsays

navvy wrote:

Will the SIM Swap process take longer, now that the person with the old SIM needs to be able to use it to contact an agent?

@navvy Since captainben wrote "you’ll now receive a SIM swap confirmation text message to your phone where you have the possibility to immediately raise a case with the agents if you were not the one that requested the SIM swap."

The above quote implies the sim swap continues unless or until the member contacts the Agent or if the bogus sim swap was completed, it would be reversed.

Presumably by sending a replacement sim to the member's address.

For me it seems giffgaff are being targeted because of the vulnerable sim swap process. I don't quite agree with @captainben's theory.

This new wave of phishing could just be unsophisticated copycat fraudsters, seeing the potential and by jumping on the bandwagon of the original fraudsters.

frenchielove

Gosh this is scary stuff, I am not very tech savvy so I may have fallen for this one if it looked genuine, thank you for the heads up everyone.

yvonnearmstrong

@captainben

Much appreciated for the post but still very worrying

Thank you

Yvonne

mbthapa25

keep up the good work

cloughey

Thanks, good advice for everyone.

sha_shah1

@captainben

Thanks for information and advice.i hope giffgaff will make more secure their security system.

All the best

timwilliams25

@captainben

In answer to how these spammers get access to so many accurate giffgaff numbers. It may be too good for chance and I think the giffgaff app is potentially at fault.

My Labs idea https://labs.giffgaff.com/idea/16711144/do-you-know-who-knows-you-are-on-giffgaff may shed more light on my thoughts. I am no expert, but if I wanted to get to know who was on giffgaff, I would just put lots of numbers onto a sim and insert that sim into a phone with the giffgaff app on it - hey presto, will tell me who is giffgaff.

figment_uk

@timwilliams25

Would you be prepared to do that with (potentially) millions of numbers?

claire1uk

I had the text a few days ago

@captainben

I contacted giffgaff and then did a couple of spyware scans from various apps, Norton and AVG being 2 I remember.

I'm believe some can pick up things that others can't.

I also changed my passwords on my bank account, PayPal, ebay and giffgaff.

I don't think you can ever have to much information when it comes to security of your online accounts.

Thank you for your thread.

ujo55

@figment_uk

You wouldn't enter (potentiality) millions of numbers onto the phone memory by hand of course, but maybe they have developed a means of 'exposing' mobile numbers to the giffgaff app automatically or exploiting the access the app provides to the giffgaff number database in some other way.

The first phases of the attack were it seems very accurately targeted far more accurately targeted than the giffgaff pure chance explanation which seems complacent beyond belief.

c_lockett

@frenchielove wrote:

Gosh this is scary stuff, I am not very tech savvy so I may have fallen for this one if it looked genuine, thank you for the heads up everyone.

Mr too @frenchielove Especially as it’s unusual to receive emails of this nature from Giffgaff. Having said that, my own comment should have made me aware that something is wrong. Can’t be too careful these days.

team_leader

Thanks for the update @captainben it's great to know that you are taking these issues seriously.