As you may know, we’ve been taking a lot of action recently to combat a spate of what’s called ‘smishing’, which is where a fraudster sends a text message to someone to try and gain their personal information. You may well have received messages like this purporting to be from various businesses.
In this case, these fraudsters have been targeting giffgaff members, pretending to be from giffgaff, and have been asking people to submit their login information on a fake page that looks a lot like a giffgaff page.
They ask for your username, password, and a lot of personal information, pretending that it’s ‘verification’. This can include things like your full name or address, all the way up to your banking information and security questions. If someone fills out this form, then they’ve unfortunately just unwittingly given away a lot of information to a scammer, so it’s important that every member has a clear understanding of how to spot targeted attacks like this and can be confident that they’re keeping their details secure.
We’re doing everything we can to stop this from happening. We have been shutting down these sites as quickly as they crop up, as well as monitoring those sites to see if our members have been victims of these scams. Unfortunately, these people are very persistent, and very good at creating a sense of urgency and making their websites seem legitimate so that people give away information more readily. As much as we’re doing, we know that some people will have unfortunately given away their information in this way.
So, what can you do to stop this?
How to stop yourself from being affected
You can tell if a text or email is suspicious by the link that’s included. Genuine links from giffgaff will only ever begin with giff.ly or giffgaff.com, as below. When in doubt, it is always better to just type giffgaff.com into your browser and access our website that way.
If you’re not expecting the text, you can verify if it’s legitimate by asking in our community Help forum.
If you’ve received a text that looks suspicious, make sure that you forward it to 7726. I’ll be the one who gets the report of this text, and it really helps to shut them down.
Do not click the link or visit the site. These fraudsters can often reveal some information about you just from a visit, such as what model of phone you have, even if you don’t fill out any information.
Make sure that you use a different, unique and strong password for every website, service and app that you use. To help with this, we recommend using a password manager such as 1Password, or another that you trust.
If you think you’ve already been affected
First of all, don’t panic. You can prevent yourself from being a victim of fraud by following a few easy steps. We may already have locked your account if we have information that shows you may have been a victim of this scam, so that someone can’t do anything dodgy with it. If so, you’ll be asked to reset your password the next time you log in.
If you have submitted any card or bank details to a website like this, contact your bank immediately, using the number on the back of your card. They will be able to place fraud protections on your account and cancel your card if necessary.
If you’ve put your details into a website like this, change your password on giffgaff.com as soon as possible. That will mean that anyone looking to hijack your account will not be able to gain access with your password. This password should meet all of our password requirements, and be a password that you have never used on any other website, service or app.
Change your password on any other account that you’ve used that password with. It’s good practice to make sure that all of your passwords across every app, service and website that you use are different to one another. A password manager such as 1Password, or another that you trust can help with this.
I know this might be an alarming thing to read, but it is important that you are aware of it and know the best way to keep yourself safe. We’re always working to make sure we’re keeping you and your information secure, but it’s not always just up to us, so if you have any questions about how best to make sure you’re not caught by scams like this, please ask and I’ll be happy to discuss it with you.