Scam of the Week – Warning over fake TalkTalk Phishing Emails

June 6, 2019 10:21 am Geraldine Strawbridge

TalkTalk Customers are being warned not to fall for a phishing scam designed to steal their personal and financial login details.

Action Fraud, the UK’s national reporting centre for fraud and cybercrime has received more than 100 reports in the last week about phishing emails that claim to come from TalkTalk.

The fake emails are headed with ‘Get Your Refund’ and appear entirely legitimate with the same TalkTalk logo and branding. The email states that the recipient’s TalkTalk account is in credit and that they’re due a refund.

Image: Fake TalkTalk Phishing email (Source: TalkTalk)

If the user clicks on the link, they are directed to a malicious website that has been set up to steal their personal and financial details. Users are urged to be cautious when they receive any unexpected correspondence, especially when it requires the input of sensitive information. Don’t click on any links or attachments within the email and if you’re unsure if the request is legitimate, contact the organisation directly, sourcing the contact details from the official website.

TalkTalk provided advice to their customers on what they should do if they suspect they’ve received a phishing email. “We’re aware of an email that has been sent purporting to be from TalkTalk offering a refund, this is a phishing email which you should ignore and delete. Phishing emails can be tricky to spot which is why it’s important to stay alert and report any email that looks suspicious.”

Here are 5 key things to look out for:

1. Does it use your full name? 

Phishing emails usually use terms like ‘Dear Customer’ as they do not have your personal details.

2. Does it use an attention-grabbing subject header?

Look for phrases like “you’ve won!”, “forward this to everyone you know!” or “this is NOT a hoax!”

3. Does the internet address look correct?

Phishers often use addresses that look like a proper address but have extra words, letters or symbols.

4. Are there spelling mistakes, or does it seem badly written?

Reputable companies wouldn’t make these kinds of mistakes.

5. Are you being asked to verify your personal or financial details?

Remember, TalkTalk will NEVER ask you for your full password or to verify any of your details over email.

Identifying a phishing email has become a lot harder than it used to be as criminals have become more advanced and deceptive in their attack methods. MetaPhish provides a powerful defence against phishing and ransomware attacks by training employees how to identify and respond appropriately to these threats. Contact us for further information on how we can help protect your business.