Outline
Email purporting to be from Virgin Media claims that the recipient’s billing subscription has expired and the associated email account is about to be suspended.
Brief Analysis
The email is not from Virgin Media. It is a phishing scam designed to trick recipients into supplying account login details as well as personal and financial information.
Example
Your account billing subscription has expired and your email is about to be suspended,Confirm your account information to keep your email active.Click the secured link below to confirm.
[Link removed]
Thank you
© 2013 Virgin Media. All rights reserved virginmedia.com
Detailed Analysis
According to this email, which purports to be from large service provider Virgin Media, the recipient’s account billing subscription has expired. The message warns that the recipient’s email account is about to be suspended as a result.
To resolve the issue, the recipient is instructed to click a link to confirm the account.
However, the email is not from Virgin Media. It is a phishing scam designed to trick Virgin Media customers into sending their personal and financial information to online criminals.
Those who do click the link as instructed will be taken to a fake website and asked to sign in with their Virgin Media account credentials. After signing in on the fake site, they may then be asked to supply billing and contact information, including their credit card data, ostensibly to renew their subscription and avoid suspension of their email.
Alas, all of the information supplied will be collected by criminals who can then use it to hijack real Virgin Media accounts and commit credit card fraud and identity theft.
Virgin Media has warned customers about this and other phishing campaigns on its website. The page also allows users to report Virgin Media phishing scams they may have received.
Be wary of any email that claims that you must click a link or open an attachment to rectify an account issue, avoid a suspension or update account details. These are very common phishing ploys. It is always safest to login to your online accounts by entering the web address into your browser’s address bar rather than by clicking a link in an unsolicited email.