Ben from Cyber Security here, checking in to give you the latest update.
As some of you might have noticed, we’ve had a few recent reports of fraudulent text messages being received by our members, inviting them to click on a link - this type of fraud is called “smishing” - phishing using text messages.
The content of the messages varies from claiming promotional credit, to the account being closed down unless you click the link provided.
The link included in the fraudulent text message takes the member to a fake website created by fraudsters, that looks just like giffgaff’s. The websites ask members for account details - giffgaff account password, bank account details, and lots of other information. This is called “phishing”.
Once they get hold of your giffgaff login details and gain access to your account, the fraudsters usually request a SIM swap. As soon as they’ve swapped your number over to a phone they control, they can request your bank to send an OTP (one time password - usually a 6 digit number) to gain access to your bank account.
It's important to bear in mind that any genuine giffgaff website link that asks you for your personal details will include .giffgaff.com in the URL in that specific order as this is our domain. Consequently any links which break this specific sequence will point to a fake website. For example, community.giffgaff.com is a genuine giffgaff website as the main domain name has been kept intact. Always check for the dot before and after the word giffgaff.
An example of giffgaff.com’s website - and it says www.giffgaff.com
An example of one of the dodgy websites we’ve had closed down recently - has ‘secures-’ before giffgaff.com
To better protect against SIM swaps that our members are unaware of, we’ve built upon the confirmation email we already send to advise that the SIM swap is in progress - you’ll now receive a SIM swap confirmation text message to your phone where you have the possibility to immediately raise a case with the agents if you were not the one that requested the SIM swap.
We’re always on the lookout for these phishing websites and we get them shut down as soon as we learn of them. So please, please let our Community folks know if you receive a dodgy text message or know of a fake website - but be careful of clicking on links, in some cases there may be malware or viruses waiting to infect your computer or your phone.
Should you receive a text message that looks like it was sent by giffgaff, which you were not expecting, get in touch with our agents on here. We’ll get it looked in to for you ASAP.
You can also post a thread and mention , this will ensure that educators get alerted straight away and get the operations team working on having these websites/fake operators shut down immediately.
Please keep in mind that this username is only used for reporting scammers which claim to be giffgaff. To avoid confusion, we have turned off PM’s on this account and members who report scammers using this method may not receive an acknowledgement reply from the educators. If this method proves to be a success, we will give our operations team control of this account for them to be able to pick this up immediately without having the educators as intermediaries.
Also check out my post from September here about keeping yourself safe online. If you have any questions - let our Community know.