Wednesday, December 15, 2010

Phishing Alert

Yesterday we were alerted to one of the more advanced phishing attacks against our customers we have seen, and having received the mail myself I thought I'd share what it looked like:Click on it for a larger version, and note the strapline at the bottom including the e-mail address it was sent to (which I have Photoshopped so I don't get more spam!).

Note: This is not a genuine e-mail to our customers and was not sent by Virgin Media.

As per our standard practice, as soon as we were alerted to the message we put up a warning on our website and blocked the site the link went to from being accessed by our customers until the network team at the other end take it down, and with the site it linked to being a very convincing copy of My Virgin Media (this is a genuine link!) it's clear that phishing attacks are becoming more advanced - even if the message did include some of the characteristic spelling mistakes you usually see in phishing attacks.

My spam e-mail folder is full of attempted phishing attacks and the usual advice is to be wary of a message unless you know it's genuine. Personally I never click on links in e-mails, but go to the website myself instead via typing in the website address manually into a browser window.


  1. being a computer tech myself one of my biggest problem (with email) i get from customers is them trying to work out if an email is genuine or not, most places don't list what email address they use to send out messages and its very hard to find any reference of an email newsletters/scam/etc on the offical website. virgin are no different, your emails come from different address like "From: "Virgin Media" " yet ebilling comes from "From: Virgin Media " and if theres links in the page i look at where they link to (without clicking) but that doesn't always help. some of virgins email have the words "Click here if you cannot see this email" but that links to (i know this redirects to the .com version) but to normal customers its very confusing and in the last special offer email when if you click the link it redirects to "" which really confuses the customers (and yes it was a genuine email)surely you can do it so it at least uses the correct domain name for everything its not that hard. As for the warning you put on the website 99% of your customers don't even know that it is there or how to get to it.
    Hopefully this will change but i doubt it as it seems to be the way everybody is doing it now

  2. Thanks for that input Paul - we've used this message as yet more impetus to again re-review our comms and what we do to make it even tighter and less likely to appear phishy. The internetc security team and myself are working with the brand and marketing guys on some ideas.

    Will add your input!