Spoof message allegedly from Virgin with subject "Your Bill Is Ready"
Hi Everyone,
I just got caught out by an email looking like it was from Virgin Media. I get them every month so I was running on autopilot. The email contained a pdf file "Your Virgin Media Bill is here___.pdf" which I opened in acrobat reader. The pdf contained Virgin and O2 logos and mentioned that the bill might have increased etc, with a button to click to view the bill. This opened a website in a browser asking for VM account login details which I submitted, after which I did not see my bill.
With hindsight it should have been very obvious that it was a scam email from the dodgy email address to the dodgy log-in page but I was not paying attention and I do get legit emails which do not display as you would expect in my email client so I have to select a different view. In this case I just went straight to attachments, spotted the pdf and downloaded it. Total idiot.
The full sequence is:
1. email containing...
2. pdf with button to click to see bill which takes you to...
3. website requesting VM username and password.
The pdf link is actually to a dropbox page which asks for the VM credentials. On submission the information is passed to a Wix-hosted website. All so blindingly obvious if I had taken the time to look first!
So the scammers are collecting VM accountholder email addresses and passwords so they can try to log in to your VM account. If successful they can collect and change all your details etc. so you might get locked out of your account. It would also give them access to other services you might have, e.g. your email.
In my case I knew something was up when I did not see my bill and instantly logged in to my account and changed everything - account log-in email address, password, memorable words, phone number etc. so the stolen credentials are useless to the scammers.
The time from me submitting the form to getting into my account was probably about ten minutes because VM insisted on sending a validation code to another email address for me to log in and it took some time to arrive. VM did it again when I wanted to change my account details which added to the delay in changing them. The question is did the scammers manage to get into my account in that brief period? I am assuming that I beat them to it because a couple of hours later I can still log in with my updated account/password credentials.
I scanned the pdf for malware and it came up clean so I suppose its main purpose was as a redirect to the dodgy login page. It is beyond belief that I did not even look at the url or stuff at the top of the page because I am so used to getting emails every month from VM.
I hope the above is of use to you. I have been using email and the internet since 1995 and this is the first time I have been caught out, Be warned!