They must do, or they wouldn’t do stupid things like this.
I got an email, looking just like this
We’d like to say ‘thanks’ for being a great customer by offering you either a FREE Pay Monthly handset upgrade OR Â£100 credit added to your account â€“ provided you haven’t recently upgradedâ€ .And it couldn’t be easier. All you have to do is renew your contract with O2 before 31st August 2006.If you choose to renew your contract for 18 months, rather than 12 then there’s even more on offer:
- If you prefer to talk we have a range of Talker plans with Double Minutes each month*. For example, on an Online 500 Talker plan you’ll get 1000 minutes and 150 messages each month for Â£35.
- If you prefer to text we also have a range of Texter plans which offer 50% Extra Minutes and Texts each month*. For example, on an Online 500 Texter plan youâ€™ll get 750 mins and 750 messages each month for Â£35.To see our full range of handsets and offers and to renew your contract, click here.And thanks again for choosing O2 .â€ The information used in this mailing is based on your contract status as at 30th April 2006. Unfortunately, if you upgraded after this date your new contract means you wonâ€™t be eligible for these offers. Terms and conditions apply. *Offer subject to ongoing connection to eligible tariff see letter for details. Promotional allowances must be used within the month. Unused allowances cannot be carried over into subsequent months.
OK, I removed some maybe-identifying data from the link, but you’ll notice the link goes to www.o2-mail.co.uk. “Oho”, says I, being a suspicious sort, “that’s not O2’s website, I wonder who managed to register it?”
$ whois o2-mail.co.uk
The registrant is a non-trading individual who has opted to have their
address omitted from the WHOIS service.
MCI Worldcom Ltd [Tag = UUNETPIPEX]
Registered on: 01-Aug-2003
Renewal date: 01-Aug-2007
Last updated: 04-Aug-2003
Registered until renewal date.
Hmmm, a non-trading individual who wants to renew my phone contract, eh? Think I’d better check that out – but what a shame, http://www.uk.uu.net doesn’t actually resolve, so looks like I’m not talking to them. And, oh dear, Nominet are closed until Monday, so that avenue is out, too.
The mail itself, incidentally, purports to come from o2-email.com, a domain which they didn’t even bother to register.
So, fearing nothing, I clicked on the link – which redirects me to http://www.o2renew.co.uk/. Here we go again.
$ whois o2renew.co.uk
AIS Group Ltd
UK Limited Company, (Company number: 3561278)
47-48 Berners St
Global Registration Services Ltd [Tag = GRS]
Registered on: 14-Apr-2005
Renewal date: 14-Apr-2007
Last updated: 27-Jul-2005
Registered until renewal date.
At least this has an address, if I could be bothered to follow up, which I can’t, but this all looks a bit fishy. To compound the fun, I also got a text on my mobile with the same offer, but anyway, I phone O2 customer services. They explain that this cannot possibly be O2, it must be one of their “marketing partners” who will, if I fill in the form, renew my contract with O2, but via them. And, presumably, or maybe not, give me a new phone. I ask where they got my email address and phone number, and the answer is that at some point I left a box ticked that said it was OK for partners to send me stuff.
So, do O2 condone this practice, I ask? The answer is, apparently, that they do. They don’t even mind, it seems, that the website has O2 branding on it.
If O2 is going to allow people they have contractual relationships with to do this kind of thing, how on Earth do they expect consumers to learn what is phishing and what is not?