Links

Ben Laurie blathering


People Don’t Report Phishing (Or They Are Ignored)

I got email, allegedly from O2, today. All the links in the email claim to be to O2’s website (i.e. http://www.o2.co.uk/), but actually go to http://www.o2-mail.co.uk/. Classic phishing stuff, you’d think.

But going to that site redirects to the correct page on the real site. So perhaps its not a scam after all. My next thought was to check whois data:

# whois o2-mail.co.uk

Domain name:
o2-mail.co.uk

Registrant:
Vertis

Registrant type:
UK Individual

Registrant’s address:
The registrant is a non-trading individual who has opted to have their
address omitted from the WHOIS service.

So, there’s a non-trading individual called “Vertis” is there? Somehow I don’t think so. Anyway, it seems to there’s only two possible explanations for this. Firstly, its a scammer, hiding their identity, or secondly, its a company who really do act on O2’s behalf who are just blatantly abusing the .uk registration process.

So, being a good chap, I reported it to O2. Somewhat to my surprise, they confirmed that it was not from them, and is spam. Exactly what the point of it is, I’m not sure, except perhaps to determine that I’m the kind of person that follows links in realistic looking emails.

They’ve said they’ll escalate the matter to their security team. They’ve also said they’ll inform me of the outcome. I’m not holding my breath on that one! They also said that they had not heard of this before (which is interesting, because I’ve had email involving these domains before), and said that this kind of report was “very unusual” – whereas for a genuine O2 mailing each customer service rep gets several calls a day, apparently. From which I conclude that people don’t report phishing – or if they do they are ignored.

Incidentally, the mail claims to originate from o2-mail.com, which looks like this:

$ whois o2-mail.com

Administrative Contact:
Mansell, Matt matt.mansell@vertisinc.co.uk
1 to 2 Stafford Cross
Stafford Road
Croydon, Surrey CR9 4PD
GB
+4402082537000

4 Comments

  1. Give the guy a call, Ben! Better still, show up at his place. Though, it does look like a dodgy industrial estate: http://maps.google.co.uk/maps?f=q&hl=en&q=CR9+4PD&btnG=Search&t=h

    Cheers,

    Pat

    Comment by Superpat — 27 Jan 2006 @ 18:25

  2. I know this is an old thread but I thought I’d expand upon it in case anyone stays onto the site.

    I also got an email from this address mupa119832076@o2-mail.com

    Saying I had a free upgrade. Then this lady (if you can call her that) phoned me trying to push me into upgrading by sending me to a bogus website. Don’t do it folks it’s a big scam.

    I reported it to O2 who were they’re usual don’t-give-damn selves.

    Now, it seems that these people try to get your telephone number (which I stupidly gave them when I clicked on the link for my free up grade). Then they cross refer your number, with some kind of database to get your name. And when they call you they use your name so it all sounds very official.

    I don’t know what they plan to do next as I didn’t get that far, my guess is to get you to fill in your account details and stuff so they can commit some kind of fraud.

    02 are pretty unhelpful. They say they may be able to take my number of whatever database it is that lets con artists get access to your number, but i’m not holding my breath either.

    In the interests of my security i will be cancelling my O2 account at the next available opportunity.

    Comment by Anonymous — 19 Sep 2006 @ 17:54

  3. I got one today. Interestingly they have changed their Nominet details from ‘non-trading’ to 2nd Floor Aldersgate House
    135-137 Aldersgate Street
    London
    GB
    EC1A 4JA

    BUT the email itself used Telefonica/O2 registration details ie it was absolutely passing itself as O2. IANAL but that looks like a criminal offence several times over. O2 can go after them as can Companies House for not putting *their own details* on a company document.

    I would have thought O2 could do a DRS with Nominet to get this domain handed over based solely on this. Not that these scumbags won’t pop up with another misleading domain. Another avenue might be Croydon Trading Standards but I’m guessing they will now say it is out of their jurisdiction. And O2-mail can keep changing their address to keep ahead of investigations.

    Comment by Stuart — 15 Jul 2009 @ 9:35

  4. Just because a fake site redirects to a real site doesn’t mean it is real. It takes 5 seconds to do that.
    Don’t report phishing to the company involved, report it to the ISPs

    Onto the comments…

    Faking a from address in an email is easy. Please for Christ’s sake don’t start attacking anyone related to the from address. In most situations, that person hasn’t got anything to do with the spam, and they’ll be getting harrassed non-stop by email. You turning up at their door accusing them of things they have nothing to do with is likely to make them turn nasty! If they really are that easy to trace, rest assured that they won’t be in the spam business for long. Most spam is impossible to properly trace.

    Passing Off isn’t a criminal offence, damn right you aren’t a lawyer!

    For what it’s worth, I haven’t looked into this (oddly the poster hasn’t printed the contents of the email), but it wouldn’t surprise me at all if this wasn’t a phishing scam at all. It’ll either be a mobile phone retailer trying to get you to upgrade with them (and trying to give you the impression that they are or are closely connected to O2) or it will be an email from O2 themselves (the vast majority of companies don’t do promotional mailouts themselves, they outsource it to another company). Just because the drone at the other end of the Customer Services line says it’s fake, doesn’t mean it’s true. They’re often wrong.

    Comment by OMG — 14 Jan 2010 @ 2:17

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress