On 15th August O2 identified a number of customers who received a “smishing” text message purporting to be from O2. The messages suggests the customer is required to update their PAC code. There’s a website in the message that redirects the customer to a fake O2 website. O2 did not send these fraudulent messages, but these websites are very convincing and look like O2’s sites.
The message reads:
“Your contract will be suspended if your PAC code is not updated. Login to MyO2 to make the required changes: o2contract.co.uk – Your payment method has expired.”
Full investigation is ongoing. O2 are in the process of removing the fraudulent websites and domain name, and identifying and blocking the sender of the SMS.
Please note: This type of ‘smishing’ campaign tends to be directed at whole banks of mobile numbers so there is no differentiation between Pay Monthly customers whether they are small business up to enterprise customers.
What do I need to do?
Please be informed these are fraudulent messages and not from O2. If you have entered any details you’ll need to reset your password and security question on your O2 account.
If you believe you have disclosed personal data, you can report it to Action Fraud at https://www.actionfraud.police.uk/report_phishing
If you believes a crime or fraud has occurred due to this incident, you can report it to Action Fraud at https://www.actionfraud.police.uk/reporting-fraud-and-cyber-crime
If you have entered any personal data, we recommend a password reset as a precautionary measure.
Tips to help identify a scam
Emails, SMS messages or calls that contain the following may not be genuine:
- Spelling errors
- Generic headers e.g. ‘dear sir/madam, dear customer’
- Requests for sensitive information such as passwords or card details by following a link in the message
- URLs or sending addresses with extra numbers, letters or substitutions, for instance V0dafone rather than Vodafone
- Unrecognised telephone numbers
- Urgent calls to action
If you receive any messages regarding your contract that you find suspicious, please do not hesitate to contact the team at CMM Telecoms, we are always more than happy to help. For those who did receive the recent fraudulent SMS, you only need to take action if you interacted with the message. Should you have any further queries, please phone 01252 854352 or email email@example.com.