Knowledge Base
Community

Security Update - Phishing, smishing, and SIM swaps

Started by: captainben
On: 29/11/2018 | 10:22
Replies: 73
Reply

by: captainben
handy giff-staffer

on: 29/11/2018 | 10:22 edited: 31/01/2019 | 16:40

Hi Folks,

 

Ben from Cyber Security here, checking in to give you the latest update.

 

As some of you might have noticed, we’ve had a few recent reports of fraudulent text messages being received by our members, inviting them to click on a link - this type of fraud is called “smishing” - phishing using text messages.

 

The content of the messages varies from claiming promotional credit, to the account being closed down unless you click the link provided.

 

The link included in the fraudulent text message takes the member to a fake website created by fraudsters, that looks just like giffgaff’s. The websites ask members for account details - giffgaff account password, bank account details, and lots of other information. This is called “phishing”.

 

Once they get hold of your giffgaff login details and gain access to your account, the fraudsters usually request a SIM swap. As soon as they’ve swapped your number over to a phone they control, they can request your bank to send an OTP (one time password - usually a 6 digit number) to gain access to your bank account.

 

It's important to bear in mind that any genuine giffgaff website link that asks you for your personal details will include .giffgaff.com in the URL in that specific order as this is our domain. Consequently any links which break this specific sequence will point to a fake website. For example, community.giffgaff.com is a genuine giffgaff website as the main domain name has been kept intact.  Always check for the dot before and after the word giffgaff.

 

An example of giffgaff.com’s website - and it says www.giffgaff.com   

 Screenshot 2018-11-29 at 10.27.59.png

 

An example of one of the dodgy websites we’ve had closed down recently - has ‘secures-’ before giffgaff.com

 Screenshot 2018-11-29 at 10.27.13.png

 

To better protect against SIM swaps that our members are unaware of, we’ve built upon the confirmation email we already send to advise that the SIM swap is in progress - you’ll now receive a SIM swap confirmation text message to your phone where you have the possibility to immediately raise a case with the agents if you were not the one that requested the SIM swap.  

 

We’re always on the lookout for these phishing websites and we get them shut down as soon as we learn of them.  So please, please let our Community folks know if you receive a dodgy text message or know of a fake website - but be careful of clicking on links, in some cases there may be malware or viruses waiting to infect your computer or your phone.

 

Should you receive a text message that looks like it was sent by giffgaff, which you were not expecting, get in touch with our agents on here.  We’ll get it looked in to for you ASAP.

 

You can also post a thread and mention @report_phishing, this will ensure that educators get alerted straight away and get the operations team working on having these websites/fake operators shut down immediately.

Please keep in mind that this username is only used for reporting scammers which claim to be giffgaff.  To avoid confusion, we have turned off PM’s on this account and members who report scammers using this method may not receive an acknowledgement reply from the educators. If this method proves to be a success, we will give our operations team control of this account for them to be able to pick this up immediately without having the educators as intermediaries.  

 

Also check out my post from September here about keeping yourself safe online.  If you have any questions - let our Community know.

 

Thanks everyone,

Ben

giffgaff Head of Security
Message 1 of 74
by: ujo55
on: 29/11/2018 | 12:07
@captainben
I think it is worth also stressing in many of the texts received the giffgaff text number has been spoofed, so that the text will appear to be linked to the chain of genuine texts sent by giffgaff and include the giffgaff logo.
The other question which remains unanswered despite being raised many times - is giffgaff aware how these spammers have obtained so many genuine giffgaff phone numbers?
Message 2 of 74
by: jokeyboi77
on: 29/11/2018 | 13:23

@captainben

 

Good to know giffgaff are providing extra security against the sim swap procedure Ben, however like @ujo55 we'd all like to know how these scammers are getting ahold of so many giffgaff numbers? I'm presuming it'll be through 3rd party sites that members are putting their numbers in? I'd also urge members to run their email address(es) through this site and make sure any sites they've given their email address to hasn't also had a security breach, just incase they provided their phone number too - 
https://haveibeenpwned.com/

jokeyboi-v2.png
Message 3 of 74
by: nickfishyfisher
on: 29/11/2018 | 13:43 edited: 29/11/2018 | 14:04

Hello Ben , I have received one text asking me to contact **edited** .com saying my account is suspended. I have looked at my account independently and there is nothing saying its suspend.

Message 4 of 74
by: navvy
on: 29/11/2018 | 15:11 edited: 29/11/2018 | 15:15

Will the SIM Swap process take longer, now that the person with the old SIM needs to be able to use it to contact an agent?

 

Edited to add - if someone has lost their phone, they will want the SIM swap to take place quickly, despite the thief trying to stop the SIM swap.  How will this situation be dealt with?

 

Message 5 of 74
by: madzking
on: 29/11/2018 | 15:35 edited: 29/11/2018 | 16:22

Just got **edited** asking for login details - then bank card details as too many failed login attempts (without trying). Nothing was entered.

Message 6 of 74
by: dicowins
on: 29/11/2018 | 15:52 edited: 29/11/2018 | 15:58

Ive just received one from giffgaff Noooot stating account blocked go to **link removed** NOT HTTPS but looks convincing copy of SITE but isnt giffgaff.

 

Message 7 of 74
by: captainben
handy giff-staffer

on: 29/11/2018 | 17:03

Hi ujo55 - you've made a very good poiint on how these fraudsters have got phone numbers.  From what we understand, non giffgaff numbers have also been targetted so this is very much an opportunistic campaign - a percentage of the numbers they try will be giffgaff unfortunately.

giffgaff Head of Security
Message 8 of 74
by: jaymailsays
on: 29/11/2018 | 18:06

navvy wrote: 

Will the SIM Swap process take longer, now that the person with the old SIM needs to be able to use it to contact an agent?

 

 

@navvy Since captainben wrote "you’ll now receive a SIM swap confirmation text message to your phone where you have the possibility to immediately raise a case with the agents if you were not the one that requested the SIM swap."

 

The above quote implies the sim swap continues unless or until the member contacts the Agent or if the bogus sim swap was completed, it would be reversed.

 

Presumably by sending a replacement sim to the member's address.  

 

For me it seems giffgaff are being targeted because of the vulnerable sim swap process. I don't quite agree with @captainben's theory.

 

This new wave of phishing could just be unsophisticated copycat fraudsters, seeing the potential and by jumping on the bandwagon of the original fraudsters.

 

Get a free giffgaff Sim
Message 9 of 74
by: frenchielove
on: 29/11/2018 | 18:39

Gosh this is scary stuff, I am not very tech savvy so I may have fallen for this one if it looked genuine, thank you for the heads up everyone. 

Message 10 of 74