Giffgaff Scam - though similar could happen on any network!

gramps

gramps

Suspended / Banned
Messages
44,805
Name
'Gramps'
Edit My Images
No
Had this come through on my mobile on Friday, (for information ... don't click the link!:-
Just to confirm, you are transferring your goodybag to member 'TANGO90'.
If you didn't request this click the link below.
http://biSPAM/giffgaff-Goodybag
Click to expand...

I was in a rush and thought, "Don't need this problem now, I'll quickly sort it", so clicked the link and was taken to a genuine looking Giffgaff login page.
Entered username and password and it let me in and presented another genuine looking Giffgaff page requiring name, address etc ... when I suddenly realised that the password I had entered on the first page had been incorrect so this had to be a scam!
I quickly went to my Giffgaff member page and changed my password anyway and notified the Giffgaff support, who are dealing with it.
Now I am normally super careful with things like this and am constantly warning SWMBO about scam phone calls etc but it showed me just how careful I need to be with my mobile phone and how much less careful I was with using it than I am with landline or PC.
It was a lesson for me and hopefully it will be a useful reminder/preventative for you too. :)
 
Last edited:
Link killed. (y)

As I've said for a very long time, the more devices you have connected to the internet the more chances there are of scams, or other security risks.
 
It’s not clear what lesson you have learned! The link doesn’t look like giffgaff and anyway why click on it rather than typing in the address? I only have to type ‘gi’ before the browser offers me the sign in page from my history. Not saying you’re daft for clicking on the link because I’ve done it myself but you do write “genuine looking“ twice as though that was important which I believe it’s not.
 
sphexx said:
It’s not clear what lesson you have learned! The link doesn’t look like giffgaff and anyway why click on it rather than typing in the address? I only have to type ‘gi’ before the browser offers me the sign in page from my history. Not saying you’re daft for clicking on the link because I’ve done it myself but you do write “genuine looking“ twice as though that was important which I believe it’s not.
Click to expand...

The lesson is simply to be more cautious when using my mobile phone (as I am with PC & landline).
The shortened form of link is the format that Giffgaff uses when sending me SMS messages of any type, so it is not so far off what I would take to be a genuine link. By "genuine looking" I mean that the page was set out in the exact same format, colours, logos etc as I would see when linking to a genuine Giffgaff page ... it is important inasmuch as had it not looked familiar, I would have been suspicious much more quickly.
 
gramps said:
The lesson is simply to be more cautious when using my mobile phone (as I am with PC & landline).
The shortened form of link is the format that Giffgaff uses when sending me SMS messages of any type, so it is not so far off what I would take to be a genuine link. By "genuine looking" I mean that the page was set out in the exact same format, colours, logos etc as I would see when linking to a genuine Giffgaff page ... it is important inasmuch as had it not looked familiar, I would have been suspicious much more quickly.
Click to expand...
I don’t get the short form link from giffgaff the clear ones are all of the form “complaints@giffgaff.com” and the clicky buttons (which I don’t click on do not have short form links (at least the ones I’ve just checked on). But the point I think I’m making to you is that the fake pages will almost always look identical and have the genuine logos and colours because the crooks “steal” them from the genuine pages. So the lesson is don’t click on links but type the address in yourself or use a bookmark., IMNSHOP of course :).
 
It can be easy to be had with these type of scams as they are made to look genuine but there are usually a few tell tale signs which can help spot them. Firstly I never trust anything I've been sent that I wasn't expecting. Far too many out there trying to scam us (I often get emails saying a bank account has an issue even though I don't bank with that particular bank!). I don't think I've ever seen Giffgaff send an email with a link that is a bare web address. I always thought they usually include links as word text as it's a more professional look.

We should mentioned that its actually impossible to transfer a goody bag from one phone number to another.

https://community.giffgaff.com/d/18652937
 
I appreciate your experience maybe different but Giffgaff text me every month to remind me that my Goodybag is being renewed and they use a short form link every time. I can't type in a link when I don't know what the full format is and as it was familiar to me it took longer to dismiss it.
My post was simply to alert others.
 
gramps said:
I appreciate your experience maybe different but Giffgaff text me every month to remind me that my Goodybag is being renewed and they use a short form link every time. I can't type in a link when I don't know what the full format is and as it was familiar to me it took longer to dismiss it.
My post was simply to alert others.
Click to expand...
I understand that, I get similar messages from giffgaff, but I go to the giffgaff page, sign in and then do whatever is necessary on the account. Do you use the giffgaff app?

BTW, I know you are trying to be helpful and it’s appreciated, I am trying to be helpful too — sorry if it doesn’t come across that way.
 
Last edited:
sphexx said:
I understand that, I get similar messages from giffgaff, but I go to the giffgaff page, sign in and then do whatever is necessary on the account. Do you use the giffgaff app?
Click to expand...
I dismiss all the other messages as nothing more than a monthly irritation, I don't click on them ... this one got my attention.
I don't use the app, I practically never interact with Giffgaff.
 
So it does!
 
It is interesting that collectively people know not to click links in emails etc due to phishing, but industry trends suggest SMS phishing is more successful. People seem to trust text messages more when in reality they are just as risky as emails (and the same precautions should be taken i.e. go to the genuine website directly and don't follow links).

I'm very surprised that GiffGaff appear to legitimately send shorthand links in text messages - this is extremely bad practice for the obvious reasons above.
 
Andy Into The Wild said:
It is interesting that collectively people know not to click links in emails etc due to phishing, but industry trends suggest SMS phishing is more successful. People seem to trust text messages more when in reality they are just as risky as emails (and the same precautions should be taken i.e. go to the genuine website directly and don't follow links).

I'm very surprised that GiffGaff appear to legitimately send shorthand links in text messages - this is extremely bad practice for the obvious reasons above.
Click to expand...
Yes, though I’m on giffgaff and can’t find or recall any shortened links in sms messages.
 
From a search, I'm not the only one to have received the scam text: https://community.giffgaff.com/d/33004738-suspicious-text-from-88688

and from that thread, a reply from a Giffgaff representative, the following: "Genuine links from giffgaff will only ever begin with giff.ly or giffgaff.com"
So short form links are used, though not the same short form as in the scam text obviously.
 
You must log in or register to reply here.
Back
Top