Outline
Email purporting to be from Virgin Media claims the company has introduced extra security features and users must click a link to upgrade their Quick Pay profile.
Brief Analysis
The email is not really from Virgin Media. It is a phishing scam that attempts to trick Virgin Media customers into supplying their account login details and other personal and financial information via a fraudulent website.
Example
Subject: Virgin Media Update
Dear Customer,
In our constant effort to improve your experience of our services, We’ve introduced extra security and more features with Virgin Media Quick Pay profile! Virgin Media Quick Pay profile is an upgrade to your existing Quick Pay account. Please complet your profile update here. Thank you for helping us serve you better
Yours sincerely,
The Virgin Media Team.
Detailed Analysis
According to this email, which purports to be from Virgin Media, extra security and other new features have been introduced to the company’s ‘Quick Pay’ system in an effort to improve user experience. Therefore, claims the message, Virgin Media customers must update their Quick Pay profile by clicking a link. The email includes the Virgin Media logo.
However, the email is not from Virgin Media and customers are not required to click a link and update profile details as claimed. Instead, the email is a phishing scam designed to steal login details and other personal information from Virgin Media customers.
Those who believe the false claims in the message and click the link as instructed will be taken to a fake website that contains a login screen. To make the claims seem more legitimate, the fake website features the Virgin Media logo and colour scheme and includes secondary links that lead back to the genuine Virgin Media website.
After users provide their account login details on the fake web page, they will be taken to a second fake page that asks for their credit card details and contact information.
All of the information supplied on the fake site can be harvested by scammers and used to hijack user accounts and commit credit card fraud.
The ‘account update’ ruse is a very common phishing technique. Genuine service providers are unlikely to send you a generic and unsolicited email claiming that you must click a link to update account details. If you receive such an email, do not click any links or open any attachments that it contains. It is always safest to login to your online accounts by entering the account address into your browser’s address bar rather than by clicking a link in an email.
