Menu
Reply
Highlighted
  • 2
  • 0
  • 0
Marydoll63
Joining in
1,544 Views
Message 1 of 14
Flag for a moderator

Phishing Scam Emails

I've just joined this community today as it seems unlikely that the only Virgin staff that are contactable can answer my query.  (All phone numbers seem to lead to the Philippines and they don't seem to be able to deal with anything much outside of their learnt English script).  My question is:

Does the Virgin company have an email address where we can forward on phishing scam emails that pretend to be from Virgin?

Most reputable companies have a special email address for reporting such matters.  I am hoping that Virgin does have one.  I used to love the Virgin brand, respecting Richard Branson as a businessman.  Now I am highly skeptical of a communications company who fail to be able to communicate with their customers in an appropriate manner.

I received this email today, which looks like a phishing scam to me.  Or is it a genuine Virgin email? They outsource so much work that i would not be surprised if they were using a dodgy company to sign off contracts.  See copy of email here: 

Your revised Virgin Media contract – please sign
 

 

[MOD EDIT: Inappropriate Hyperlink removed, please review the Forum Guidelines]

 

0 Kudos
Reply

Helpful Answers
  • 8.81K
  • 1.2K
  • 3.58K
Superuser
Superuser
2,658 Views
Message 2 of 14
Flag for a moderator
Helpful Answer

Re: Phishing Scam Emails

They do have a reporting address for Phishing as set out here: https://help.virginmedia.com/system/templates/selfservice/vm/help/customer/locale/en-GB/portal/20030...

However, if you have recently amended your services with VM then they do send the contract electronically using DocuSign.
_________________________________________________________
Graham
I am a VM customer. There are no guarantees that my advice will work. To say thanks click the kudos thumb. If I have solved your problem please click the helpful answer button.
  • 13.63K
  • 719
  • 4.72K
Superuser
Superuser
2,651 Views
Message 3 of 14
Flag for a moderator
Helpful Answer

Re: Phishing Scam Emails

Looking at the email it seems a genuine one.

Docusign are a legitimate company who Virgin do use to gather electronic signatures for new or updated contracts.  I'm going to ask that Virgin's @ModTeam obfuscate the link as it will be personal to your contract.  But mousing over it it does appear a genuine link as opposed to a phishing one.

Tim

Edit BTW - there are two things I'd like to point out.

Docusign themselves are not a dodgy company.  In fact they actually have a process whereby customers should be able to view the Contract WITHOUT clicking the link.  Sadly Virgin Media's emails do not include the necessary information to do this, and to be quite frank the way the email is set out, makes me think that they treat their customers like children.

Richard Branson has nothing to do with Virgin Media apart from allowing them to use the Virgin brand in a 13 year licensing deal after he sold Virgin Mobile to NTL/Telewest.

Tim

________________________________________


Only use Helpful answer if your problems been solved.

  • 272
  • 37
  • 126
coenoby
Fibre optic
2,631 Views
Message 4 of 14
Flag for a moderator
Helpful Answer

Re: Phishing Scam Emails

Hi Mary.

I have taken the initiative to flag your post to the Forum Moderators.

The link in your post leads to your personal details and the contract you have (apparently) just entered into with Virgin.

This is serious!!!!

coenoby

*******************************
If someone posts a helpful message you can say thanks by clicking on the thumbs up in their post.
If someone posts a message that solves your problem it helps everyone if you mark their post as an Accepted Solution.
  • 3.51K
  • 202
  • 981
Sololobo
Wise owl
2,606 Views
Message 5 of 14
Flag for a moderator
Helpful Answer

Re: Phishing Scam Emails


coenoby wrote:

Hi Mary.

I have taken the initiative to flag your post to the Forum Moderators.

The link in your post leads to your personal details and the contract you have (apparently) just entered into with Virgin.

This is serious!!!!

coenoby


Not serious enough as the link is still there an hour later! Smiley Surprised

(Just a thought: Does providing a link in an email communication which gives direct access to private and personal information, without requiring any log in credentials, a potential breach of the Data Protection Act?)




It's What I Do.
I Drink and I
Remember Things.
  • 628
  • 21
  • 126
MrHalfAsleep
Rising star
2,596 Views
Message 6 of 14
Flag for a moderator
Helpful Answer

Re: Phishing Scam Emails


Sololobo wrote:
(Just a thought: Does providing a link in an email communication which gives direct access to private and personal information, without requiring any log in credentials, a potential breach of the Data Protection Act?)

Yes!  Massive fines can be levied against VM for doing so.  It needs to be removed immediately.  However, that said, the OP should have removed the link, but as a new user they may be unaware of how to do this and that their details are floating around on a public forum.  Unfortunately the time for editing has passed and a mod will have to edit it out.  It needs to be treated as a matter of urgency.  [edit] I've notified a mod myself.







--
The only winning move is not to play.
No system is 100% secure
Ridicule is nothing to be scared of - Adam Ant
The only thing constant - is change. Chris Evans
The internet is a series of tubes
  • 272
  • 37
  • 126
coenoby
Fibre optic
2,545 Views
Message 7 of 14
Flag for a moderator
Helpful Answer

Re: Phishing Scam Emails

Just to avoid any possible confusion, my comment 'This is serious!!!!' in my earlier post was in relation to the fact that the OP had unknowingly posted a link to her confidential information on the forum and that it was still there.

As far as I can see, all the evidence points to the fact that the email is completely genuine and not a phishing attempt.

coenoby

*******************************
If someone posts a helpful message you can say thanks by clicking on the thumbs up in their post.
If someone posts a message that solves your problem it helps everyone if you mark their post as an Accepted Solution.
  • 1.42K
  • 154
  • 457
Superuser
Superuser
2,516 Views
Message 8 of 14
Flag for a moderator
Helpful Answer

Re: Phishing Scam Emails

Hopefully the forum moderators told the Virgin Media department responsible for sending the email to invalidate the link. To be on the safe side I would also suggest you contact DocuSign to invalidate the link in case Virgin Media have not or are slow to do so.

You may also wish to query with the Information Commissionaire's Office (ICO) whether there have been any failings in the handling of your personal information.

  • 13.63K
  • 719
  • 4.72K
Superuser
Superuser
2,499 Views
Message 9 of 14
Flag for a moderator
Helpful Answer

Re: Phishing Scam Emails


用心棒 wrote:

Hopefully the forum moderators told the Virgin Media department responsible for sending the email to invalidate the link. To be on the safe side I would also suggest you contact DocuSign to invalidate the link in case Virgin Media have not or are slow to do so.

You may also wish to query with the Information Commissionaire's Office (ICO) whether there have been any failings in the handling of your personal information.


Of course the ICO would need to take into consideration that it was the OP who posted the information in the email in a public forum.

Tim

________________________________________


Only use Helpful answer if your problems been solved.

  • 3.51K
  • 202
  • 981
Sololobo
Wise owl
2,489 Views
Message 10 of 14
Flag for a moderator
Helpful Answer

Re: Phishing Scam Emails

I have to question the process by which a hyperlink which gives direct access to personal and private information can be included in an email communication and be considered secure.

Two Factor Authentication anybody?

By all means include a link to documentation, but ensure that access relies on the recipient subsequently logging in using a password known only to themselves.

While this particular instance was a result of the recipient inadvertently posting the information themselves, as noted previously not all are aware of the dangers and pitfalls inherent in online communications.

The incident would not have arisen if the original communication had not included an insecure link in the first place.

 




It's What I Do.
I Drink and I
Remember Things.
  • 1.42K
  • 154
  • 457
Superuser
Superuser
1,457 Views
Message 11 of 14
Flag for a moderator
Helpful Answer

Re: Phishing Scam Emails

The crux of what is wrong with these emails is covered by Sololobo's reply above and I believe the ICO would be interested as there is no way the recipient could be expected to know the included URL links to personal information about them; Virgin Media do not tell the recipient to expect an e-contract via DocuSign nor do they disclose that the email contains personal information.

  • 272
  • 37
  • 126
coenoby
Fibre optic
1,386 Views
Message 13 of 14
Flag for a moderator
Helpful Answer

Re: Phishing Scam Emails


Marydoll63 wrote:

 treat everything I don't recognise as suspicious.


That is a very sensible approach.

The fact is that the style of Virgin Media's emails and VM's lack of clear communication about precisely what to expect from them makes it very difficult to be sure whether their emails are genuine or whether they are phishing emails.

One thing I always look for when I get an unexpected email is the 'Dear customer' greeting or something similarly vague at the start of the email. Any email that starts like that is a phishing attempt as far as I am concerned and it gets deleted whatever the rest of the email says. However, just because the sender knows my name still does not mean I assume they are who they say they are.Smiley Indifferent

Being suspicious of any email you are not expecting is the best possible strategy.

coenoby

*******************************
If someone posts a helpful message you can say thanks by clicking on the thumbs up in their post.
If someone posts a message that solves your problem it helps everyone if you mark their post as an Accepted Solution.

All Replies
  • 8.81K
  • 1.2K
  • 3.58K
Superuser
Superuser
2,659 Views
Message 2 of 14
Flag for a moderator
Helpful Answer

Re: Phishing Scam Emails

They do have a reporting address for Phishing as set out here: https://help.virginmedia.com/system/templates/selfservice/vm/help/customer/locale/en-GB/portal/20030...

However, if you have recently amended your services with VM then they do send the contract electronically using DocuSign.
_________________________________________________________
Graham
I am a VM customer. There are no guarantees that my advice will work. To say thanks click the kudos thumb. If I have solved your problem please click the helpful answer button.
  • 13.63K
  • 719
  • 4.72K
Superuser
Superuser
2,652 Views
Message 3 of 14
Flag for a moderator
Helpful Answer

Re: Phishing Scam Emails

Looking at the email it seems a genuine one.

Docusign are a legitimate company who Virgin do use to gather electronic signatures for new or updated contracts.  I'm going to ask that Virgin's @ModTeam obfuscate the link as it will be personal to your contract.  But mousing over it it does appear a genuine link as opposed to a phishing one.

Tim

Edit BTW - there are two things I'd like to point out.

Docusign themselves are not a dodgy company.  In fact they actually have a process whereby customers should be able to view the Contract WITHOUT clicking the link.  Sadly Virgin Media's emails do not include the necessary information to do this, and to be quite frank the way the email is set out, makes me think that they treat their customers like children.

Richard Branson has nothing to do with Virgin Media apart from allowing them to use the Virgin brand in a 13 year licensing deal after he sold Virgin Mobile to NTL/Telewest.

Tim

________________________________________


Only use Helpful answer if your problems been solved.

  • 272
  • 37
  • 126
coenoby
Fibre optic
2,632 Views
Message 4 of 14
Flag for a moderator
Helpful Answer

Re: Phishing Scam Emails

Hi Mary.

I have taken the initiative to flag your post to the Forum Moderators.

The link in your post leads to your personal details and the contract you have (apparently) just entered into with Virgin.

This is serious!!!!

coenoby

*******************************
If someone posts a helpful message you can say thanks by clicking on the thumbs up in their post.
If someone posts a message that solves your problem it helps everyone if you mark their post as an Accepted Solution.
  • 3.51K
  • 202
  • 981
Sololobo
Wise owl
2,607 Views
Message 5 of 14
Flag for a moderator
Helpful Answer

Re: Phishing Scam Emails


coenoby wrote:

Hi Mary.

I have taken the initiative to flag your post to the Forum Moderators.

The link in your post leads to your personal details and the contract you have (apparently) just entered into with Virgin.

This is serious!!!!

coenoby


Not serious enough as the link is still there an hour later! Smiley Surprised

(Just a thought: Does providing a link in an email communication which gives direct access to private and personal information, without requiring any log in credentials, a potential breach of the Data Protection Act?)




It's What I Do.
I Drink and I
Remember Things.
  • 628
  • 21
  • 126
MrHalfAsleep
Rising star
2,597 Views
Message 6 of 14
Flag for a moderator
Helpful Answer

Re: Phishing Scam Emails


Sololobo wrote:
(Just a thought: Does providing a link in an email communication which gives direct access to private and personal information, without requiring any log in credentials, a potential breach of the Data Protection Act?)

Yes!  Massive fines can be levied against VM for doing so.  It needs to be removed immediately.  However, that said, the OP should have removed the link, but as a new user they may be unaware of how to do this and that their details are floating around on a public forum.  Unfortunately the time for editing has passed and a mod will have to edit it out.  It needs to be treated as a matter of urgency.  [edit] I've notified a mod myself.







--
The only winning move is not to play.
No system is 100% secure
Ridicule is nothing to be scared of - Adam Ant
The only thing constant - is change. Chris Evans
The internet is a series of tubes
  • 272
  • 37
  • 126
coenoby
Fibre optic
2,546 Views
Message 7 of 14
Flag for a moderator
Helpful Answer

Re: Phishing Scam Emails

Just to avoid any possible confusion, my comment 'This is serious!!!!' in my earlier post was in relation to the fact that the OP had unknowingly posted a link to her confidential information on the forum and that it was still there.

As far as I can see, all the evidence points to the fact that the email is completely genuine and not a phishing attempt.

coenoby

*******************************
If someone posts a helpful message you can say thanks by clicking on the thumbs up in their post.
If someone posts a message that solves your problem it helps everyone if you mark their post as an Accepted Solution.
  • 1.42K
  • 154
  • 457
Superuser
Superuser
2,517 Views
Message 8 of 14
Flag for a moderator
Helpful Answer

Re: Phishing Scam Emails

Hopefully the forum moderators told the Virgin Media department responsible for sending the email to invalidate the link. To be on the safe side I would also suggest you contact DocuSign to invalidate the link in case Virgin Media have not or are slow to do so.

You may also wish to query with the Information Commissionaire's Office (ICO) whether there have been any failings in the handling of your personal information.

  • 13.63K
  • 719
  • 4.72K
Superuser
Superuser
2,500 Views
Message 9 of 14
Flag for a moderator
Helpful Answer

Re: Phishing Scam Emails


用心棒 wrote:

Hopefully the forum moderators told the Virgin Media department responsible for sending the email to invalidate the link. To be on the safe side I would also suggest you contact DocuSign to invalidate the link in case Virgin Media have not or are slow to do so.

You may also wish to query with the Information Commissionaire's Office (ICO) whether there have been any failings in the handling of your personal information.


Of course the ICO would need to take into consideration that it was the OP who posted the information in the email in a public forum.

Tim

________________________________________


Only use Helpful answer if your problems been solved.

  • 3.51K
  • 202
  • 981
Sololobo
Wise owl
2,490 Views
Message 10 of 14
Flag for a moderator
Helpful Answer

Re: Phishing Scam Emails

I have to question the process by which a hyperlink which gives direct access to personal and private information can be included in an email communication and be considered secure.

Two Factor Authentication anybody?

By all means include a link to documentation, but ensure that access relies on the recipient subsequently logging in using a password known only to themselves.

While this particular instance was a result of the recipient inadvertently posting the information themselves, as noted previously not all are aware of the dangers and pitfalls inherent in online communications.

The incident would not have arisen if the original communication had not included an insecure link in the first place.

 




It's What I Do.
I Drink and I
Remember Things.