Keeping your giffgaff account and personal details secure

captainben

Note: We are seeing a slight uptick in messages like these recently. Please see our latest update for more information.

Hi everyone,

As you may know, we’ve been taking a lot of action recently to combat a spate of what’s called ‘smishing’, which is where a fraudster sends a text message to someone to try and gain their personal information. You may well have received messages like this purporting to be from various businesses.

In this case, these fraudsters have been targeting giffgaff members, pretending to be from giffgaff, and have been asking people to submit their login information on a fake page that looks a lot like a giffgaff page.

They ask for your username, password, and a lot of personal information, pretending that it’s ‘verification’. This can include things like your full name or address, all the way up to your banking information and security questions. If someone fills out this form, then they’ve unfortunately just unwittingly given away a lot of information to a scammer, so it’s important that every member has a clear understanding of how to spot targeted attacks like this and can be confident that they’re keeping their details secure.

We’re doing everything we can to stop this from happening. We have been shutting down these sites as quickly as they crop up, as well as monitoring those sites to see if our members have been victims of these scams. Unfortunately, these people are very persistent, and very good at creating a sense of urgency and making their websites seem legitimate so that people give away information more readily. As much as we’re doing, we know that some people will have unfortunately given away their information in this way.

So, what can you do to stop this?

How to stop yourself from being affected

You can tell if a text or email is suspicious by the link that’s included. Genuine links from giffgaff will only ever begin with giff.ly or giffgaff.com, as below. When in doubt, it is always better to just type giffgaff.com into your browser and access our website that way.If you’re not expecting the text, you can verify if it’s legitimate by asking in our community Help forum.
If you’ve received a text that looks suspicious, make sure that you forward it to 7726. I’ll be the one who gets the report of this text, and it really helps to shut them down.
Do not click the link or visit the site. These fraudsters can often reveal some information about you just from a visit, such as what model of phone you have, even if you don’t fill out any information.
Make sure that you use a different, unique and strong password for every website, service and app that you use. To help with this, we recommend using a password manager such as LastPass, or another that you trust.

If you think you’ve already been affected

First of all, don’t panic. You can prevent yourself from being a victim of fraud by following a few easy steps. We may already have locked your account if we have information that shows you may have been a victim of this scam, so that someone can’t do anything dodgy with it. If so, you’ll be asked to reset your password the next time you log in.
If you have submitted any card or bank details to a website like this, contact your bank immediately, using the number on the back of your card. They will be able to place fraud protections on your account and cancel your card if necessary.
If you’ve put your details into a website like this, change your password on giffgaff.com as soon as possible. That will mean that anyone looking to hijack your account will not be able to gain access with your password. This password should meet all of our password requirements, and be a password that you have never used on any other website, service or app.
Change your password on any other account that you’ve used that password with. It’s good practice to make sure that all of your passwords across every app, service and website that you use are different to one another. A password manager such as LastPass, or another that you trust can help with this.

I know this might be an alarming thing to read, but it is important that you are aware of it and know the best way to keep yourself safe. We’re always working to make sure we’re keeping you and your information secure, but it’s not always just up to us, so if you have any questions about how best to make sure you’re not caught by scams like this, please ask and I’ll be happy to discuss it with you.

Thanks,
Ben

nerakb

Thanks for the sensible advice @captainben

There have been a lot of members posting that they've received these scam texts.

cheekytracy

ive been recieving text all day about breach of restriction with various giffgaff addresses?

sha_shah1

@captainben

Thanks for advice and all information

figment_uk

@captainben

Can text messages that are spoofing the name 'giffgaff' rather than having a mobile number be forwarded to 7726?

chaaaan

@captainben

Thanks for advice and all information

bvbc

Thank you so much for kind information @captainben

guy_ow

Evening @figment_uk - I've just had this double checked and you can indeed forward any text received as spam to 7726, even from a spoofed number. We will then be able to review the message content and take action from there.

Cheers

Guy

figment_uk

@guy_ow

I know you can forward messages from spoofed numbers, but what about when a message appears to come from 'giffgaff'?

mrbergstrom1967

Good Evening @ captainben

Thanks for the update its really appreciated.

guy_ow

@figment_uk

Yep this should still be possible to forward to 7726.

figment_uk

Cheers @guy_ow

captainben

Hi @figment_uk - yes indeed, any suspicious message from any name or number can ben forwarded to 7726.

hdavey17

@guy_ow Thanks for the information. Worrying times!

brulaw

@captainben

Thank you for the information / advice ,

Unfortunately this type of scam is getting more common and those who are operating the scams are always finding ways to make things look more genuine and above board , threads like this will help people spot the scam and avoid being taken in by it , the more aware people are the better chance they have of avoiding the scammers .

sloz

@captainben

Hi, when you say locked the account, what does that involve?

Is the customer still able to log into their account?

If a scammer gains access to the account, changes the password and performs a sim swap on the account,

How quickly can the customer be up and running with a working sim,

I gather a sim swap can be reversed but I believe could take several days?

Its always advised to contact an agent, but if someone has changed their password they obviously wouldn't be able to log in to the agent link,

One more thing if someone uses the account misuse agent link, I presume the standard response time doesn't apply and an agent will respond much more quickly?

figment_uk

@sloz

@sloz wrote:

<snip>
It is in fact possible to contact an agent via the help button
And see all articles link
</snip>

How does a member contact an agent without being logged into their account?

sloz

@figment_uk

A member can still access their account via the giffgaff app even though their password has been changed,

EDIT

Actually scrap that, it does prompt you to log in after a password is changed but you can still access the app and community and post

jedi2304

We’ve had this txt and was alerted by GiffGaff it was a scam!!! It’s my son’s phone so he didn’t realise at first!

z201205

Has this been sent to giffgaff members by email? I suspect most people don't read the announcement part of the community and so members should be informed by email.