Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Scam of the Week – Warning over fake TalkTalk Phishing Emails

TalkTalk Customers are being warned not to fall for a phishing scam designed to steal their personal and financial login details.

Action Fraud, the UK’s national reporting centre for fraud and cybercrime has received more than 100 reports in the last week about phishing emails that claim to come from TalkTalk.

The fake emails are headed with ‘Get Your Refund’ and appear entirely legitimate with the same TalkTalk logo and branding. The email states that the recipient’s TalkTalk account is in credit and that they’re due a refund.

Image: Fake TalkTalk Phishing email (Source: TalkTalk)

Scam of the Week – Warning over fake TalkTalk Phishing Emails

If the user clicks on the link, they are directed to a malicious website that has been set up to steal their personal and financial details. Users are urged to be cautious when they receive any unexpected correspondence, especially when it requires the input of sensitive information. Don’t click on any links or attachments within the email and if you’re unsure if the request is legitimate, contact the organisation directly, sourcing the contact details from the official website.

TalkTalk provided advice to their customers on what they should do if they suspect they’ve received a phishing email. “We’re aware of an email that has been sent purporting to be from TalkTalk offering a refund, this is a phishing email which you should ignore and delete. Phishing emails can be tricky to spot which is why it’s important to stay alert and report any email that looks suspicious.”

Here are 5 key things to look out for:

1. Does it use your full name? 

Phishing emails usually use terms like ‘Dear Customer’ as they do not have your personal details.

2. Does it use an attention-grabbing subject header?

Look for phrases like “you’ve won!”, “forward this to everyone you know!” or “this is NOT a hoax!”

3. Does the internet address look correct?

Phishers often use addresses that look like a proper address but have extra words, letters or symbols.

4. Are there spelling mistakes, or does it seem badly written?

Reputable companies wouldn’t make these kinds of mistakes.

5. Are you being asked to verify your personal or financial details?

Remember, TalkTalk will NEVER ask you for your full password or to verify any of your details over email.

Identifying a phishing email has become a lot harder than it used to be as criminals have become more advanced and deceptive in their attack methods. MetaPhish provides a powerful defence against phishing and ransomware attacks by training employees how to identify and respond appropriately to these threats. Contact us for further information on how we can help protect your business.

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations