Menu
Reply
Adam1993
  • 4
  • 0
  • 0
Tuning in
250 Views
Message 1 of 8
Flag for a moderator

Possible Scam Message??

I received this SMS a short time ago looking to be from the same VirginMedia as the contact in my phone however I'm suspicious about the virginmedia.me link. Can you confirm whether this is genuine?

Screenshot_20210424-141421_Messages.jpg

I ended up clicking the link and tested by inputting false details however the site seems to know my genuine login info. 

The domain whois shows namecheap.com as the registrar and since they are linked to multiple scam hosting I gather this is fake albeit sophisticated

Tags (2)
0 Kudos
Reply
Anonymous
Not applicable
230 Views
Message 2 of 8
Flag for a moderator

Re: Possible Scam Message??

its a scam. its just a spoofed phone number
0 Kudos
Reply
Adam1993
  • 4
  • 0
  • 0
Tuning in
223 Views
Message 3 of 8
Flag for a moderator

Re: Possible Scam Message??

Thanks, I assumed that to be the case since none of the links on the webpage even work (contact us, forgot password etc).

I'm baffled how it seems to know my account password though??

I've reset my password and tried to login with my old password and it states incorrect. Do they have some kind of access to virgin media's database??

I work in IT myself so am very familiar with cyber security

0 Kudos
Reply
Zak_M
  • 3.35K
  • 213
  • 336
Forum Team
Forum Team
219 Views
Message 4 of 8
Flag for a moderator

Re: Possible Scam Message??

Good afternoon @Adam1993 

 

Welcome to the forums and thank you for taking the time to post. 

 

I am going to flag this to our security team. 

 

Did you say that you have managed to change your password?  If not I can do that for you from here. 

 

Kind regards,

Zak_M

0 Kudos
Reply
Adam1993
  • 4
  • 0
  • 0
Tuning in
209 Views
Message 5 of 8
Flag for a moderator

Re: Possible Scam Message??

Hi, 

Yes I have changed the password on my account however I noticed that when using the login form on the virginmedia.me site and my old password it knows it's incorrect. 

I'm concerned that changing my password is no use if this website knows the live password

0 Kudos
Reply
Anonymous
Not applicable
187 Views
Message 6 of 8
Flag for a moderator

Re: Possible Scam Message??

are you familiar with the new man in the middle attacks?

For example, if i wrote a PHP script that asks for your VM username and password all i have to do when you submit it is make an HTTP call to the real site and I'll know in seconds if what you entered was right or fake.

No need to already know something you have just told me. I can check if its right or wrong pretty easy
Adam1993
  • 4
  • 0
  • 0
Tuning in
172 Views
Message 7 of 8
Flag for a moderator

Re: Possible Scam Message??

Appreciate that obvious explanation, didn't realise it was as simple as a http request. I've seen similar sophisticated attacks where they use 3rd party verification tools for details such as bank accounts had no idea MiTM had got so easy 

0 Kudos
Reply
Anonymous
Not applicable
170 Views
Message 8 of 8
Flag for a moderator

Re: Possible Scam Message??

there is also a attack using the same sort of thing to get passed 2 factor txt messages and codes for services like google and banks but they are abit harder to pull off
0 Kudos
Reply