Jump to content Jump to navigation


O2 Products and Services

  • Phishing explained

    Phishing is a type of identity theft. Online criminals use a fake website to lure people into typing in their user name and password or other security details.


    Phishing usually happens in two steps:


    A fake email
    Scammers send an email out to thousands – maybe even millions – of people. It’s designed to look like it's from a major bank or other large organisation. It uses their logo and font.


    The email doesn’t just go to that organisation’s customers. But because it goes to so many people, the criminals know a lot of them will be customers.


    The email starts ‘Dear customer’. It says all customers need to confirm their details at the organisation’s website. Then there's a link to click on.


    A website
    Anyone who clicks on the link in the email goes to a website. It looks just like the organisation’s real site. But it isn't.


    The site has an online form for people to type in their details. It'll ask for some general information, and then more private things. Like username and password, bank account details or PIN.


    There are lots of different ways of phishing. But they’ll have one thing in common. Anyone unlucky enough to be fooled is likely to end up with a stolen identity or an empty bank account.


    How can you spot phishing emails?

    They’re not always hard to spot. If you think you've been sent one, look for things like this:


    Spelling mistakes and inconsistencies

    Scammers behind most phishing attempts often don't have a good grasp of English. So look for spelling mistakes. And check the 'from' address on emails. If it's not from the company named in the email, be suspicious.


    A sense of urgency

    Sometimes you'll be asked to take action straight away because 'your account will be suspended'.


    A generic ‘dear customer’

    Emails that don’t use your actual name suggest whoever's behind them has no idea who you are.


    Suspect web links

    Look for extra letters, numbers and substitutions. The web address might only be different from the legitimate one by a few characters. But it still means you'll be going to a completely different site. For example, the letter 'O' might be replaced with a zero.


    Requests for personal information

    Think carefully. Would the organisation ask for this in an email?


    If you’re in any doubt about where an email's come from, don't do what it asks. If you’re not sure, check with the company involved to see if they really sent it.


    Anti-phishing software

    Spotting phishing attempts isn't just down to you. Some security software has phishing detection built in.


    McAfee Security for O2 Home Broadband filters emails it thinks aren’t genuine. It also has a section called McAfee SiteAdvisor, which tells you whether or not you can trust a website.


    How to report a phishing email

    It is important that we see examples of phishing emails so we can investigate. Where appropriate we'll take action and close bogus websites down.


    Simply create a new email, type 'Phishing' in the subject field, attach the suspicious email and send to phishing@o2.com. Please do not send us any confidential information such as your account details, PINs or passwords by email.

    Share this

  • How do I report a phishing email?

    It is important that we see examples of phishing emails so we can investigate. Where appropriate we'll take action and close bogus websites down.


    Simply create a new email, type 'Phishing' in the subject field, attach the suspicious email and send to phishing@o2.com  Please do not send us any confidential information such as your account details, PINs or passwords by email.

    Share this

  • Can I see some examples of Phishing emails?

    Below are examples of the current Phishing emails that we've seen. Even though they might appear to be genuine, NONE of the examples below are emails sent by O2.


    Example 1


    Example 2

    Phishing email example2


    Example 3

    Phishing email example 3



    Example 4

    Phishing email example4


    Example 5

    Phishing email example5

    Example 6

    Phishing email example6


    Example 7

    Phishing email example7


    Share this

  • I’ve received a call from someone saying they are working for O2. They asked me to download some software from a website that is not O2, what should I do?

    Do not download anything from a website that you are not absolutely sure about as this might contain a virus or allow a fraudster to capture personal information that they can use in the future to make purchases on your behalf or to clear out your bank account!


    If you've already filled in the form then reset your password to a new, different one. Reset all passwords for all websites where you login using your email address. Run anti-virus software on your computer/laptop and make sure the latest security patches are installed.


    More information about password do’s and don’ts can be found at Common security threats – how viruses infect your computer

    Share this

  • The security of my o2.co.uk email account has been breached. I’ve rang customer services who have reset it. Is it ok to change it back to my old password?

    No, because that information is in the public domain, i.e. the fraudster knows what it is so can still access your account and will probably use it to send spam emails to hundreds or even thousands of people. Always change it to something completely new.


    Reset all passwords for all websites where you login using your email address. You should also run anti-virus software on your computer/laptop and make sure the latest security patches are installed.


    More information about password do’s and don’ts can be found at Common security threats – how viruses infect your computer

    Share this

  • About age verification

    Some types of Internet content are classified by The Independent Mobile Classification Body as suitable only for people aged 18 or over. You will need to verify your age in order to gain access to such content. There are 4 ways to verify your age:


    1. At the O2 Shop, you'll require official documentation such as a passport or a photocard driving license
    2. Via our automated service - dial 61018 and follow the prompts.
    3. Via the Web https://ageverification.o2.co.uk/
    4. By calling your customer services number


    To verify your age remotely, options 2, 3 and 4; you'll be asked to enter credit card details.


    As part of the age verification process, we need to confirm that your card is valid and that you are who you say you are and, for this reason, £1 will be debited from your card. Once this transaction is complete we will reimburse you with £1 adding to your Pay Monthly or your Pay & Go airtime credit. In case of a Mobile Broadband service, the £1 will be given back as a data credit to your account.


    Once verified you can set up Parental Control which will allow you to switch access on and off.


    Unable to access after completing verification


    If you’re still unable to access them after 24 hours, try accessing other sites to see if it’s a problem you’re having with all sites. It may be that the site you are trying to access has been barred, is a black listed site or that the URL has been removed or taken down.

    Share this

  • Activating parental control

    If you're not happy with the content that you or your child is able to access, you can activate 'Parental Control' by dialling 61818 or by clicking here for other ways to contact us.

    Share this

  • Mobile Security

    The introduction of smartphones and tablets have changed mobile communications dramatically and your mobile device is no longer simply a ’phone’ but is now a ‘mobile computer’ with much more personal information on it or accessible through it. This means that, undoubtedly, they are now targets for fraudsters and criminals trying to access your personal information and are also becoming more susceptible to malware etc.


    Here are some simple steps that you can take to reduce the risk of your phone being hacked or infected:


      - Always secure your device through PINs or unique passwords so your personal information is less at risk of being compromised. Theft through access of personal, sensitive information is on the rise in this new digital age so the protection of a device through PINs or passwords decreases the chances of identity and financial theft. By not securing your device, you may be making yourself vulnerable and a potential victim to identity fraud.


      - Never ignore or override security prompts displayed by your phone unless you are confident that you fully understand the risks associated with this action.


      - Never install any software onto your device unless you know and trust the source of that software and you were expecting to receive it. This means any software or application that you receive on your phone through any channel e.g. by download over WAP/web, attached to an SMS, MMS, Instant Message or E-mail, through Bluetooth™, infra-red or data connection, via synchronisation with a computer or from a memory card or other temporary storage device read by the phone.


      - Never load unauthorised (‘pirate’) copies of software onto your phone as these may be carrying hidden viruses or other malicious code.


      If you're concerned around the potential infection of your phone by mobile malware, you should consider installing specialist anti-virus software on your phone. This is offered by a number of independent anti-virus companies. Other security software solutions, such as firewalls and anti-adware software are also now available for mobile phones.



    Further information is available from 'Get Safe Online - Smartphones & Tablets'


      Share this

    1. General Security Advice

      Always use a good-quality password. The same goes for answers to security questions. For example, don’t make your answers something that people can guess easily.


      Using the same password for different accounts isn’t a good idea. If one account gets hacked, the others might too. It’s also a good idea to change your passwords every so often. Say twice a year.


      Don’t use the ‘remember password’ option some websites offer. Especially if you share your computer with other people.


      Some websites let you choose extra security options. For example, they might text you a code to type in when you sign in. Use these extras if you can.


      Make sure you install the latest software updates. They might beef up security for certain programs or for the whole computer.


      If you get an email, text or something else from someone you don’t know, be careful. If you’re not sure what to do, just delete it. Don’t reply, or you might get more unwanted emails or texts.


      Never type your password or other security information into a website you got to through a link. The site might look genuine but it could be a fake. So always go to the web address you know is the right one, like www.o2.co.uk.


      Any email that asks you to verify your security details by clicking on a link to the website is likely to be a fake. It’s called phishing (more on this later). No genuine website would ask you to do that. So don’t click on it.


      Also watch out for emails or texts saying you’ve won a prize. Again, it’s likely to be a scam and they’re probably after your money or security details. If an offer sounds too good to be true, it probably is.


      Make sure you scan your computer for malware or viruses with your anti-virus software. If you don’t have any, it’s time to get it. It’s cheap or even – sometimes – free. Just make sure you use a well-known brand to be safe.


      Be careful with pop-up windows. Some might say you’ve got a virus and all you need to do is click the link to fix it. This could be a trick to actually infect your computer. Make sure any virus warning messages are coming from your own anti-virus program, and nowhere else.


      There are plenty of websites with advice on how to stay safe online, especially for young people. ‘Get Safe Online’ is one of them.

      Share this

    2. Common security threats – how viruses infect your computer

      Computer viruses and spyware don't come from nowhere. Like catching a cold, there are some places you're more likely to get them.



      Some websites can infect your computer when you go to them. The best way to avoid problems is to stick to websites you know and trust. Or ones linked to them.


      When you search online, McAfee Security for O2 Home Broadband shows you which websites are safe with SiteAdvisor.


      Free downloads

      Be wary of free downloads. Especially if you're getting them using peer-to-peer (P2P) software. Make sure you check everything for viruses before you use it. McAfee Security for O2 Home Broadband does this automatically.


      Fake emails and attachments

      Be careful of emails from people you don't know or recognise. Don't open any attachments unless you're sure they're safe.


      Even if an email is from someone you trust, be careful. Some viruses spread by emailing themselves from an infected computer without the owner knowing.


      McAfee Security for O2 Home Broadband checks your email for viruses before it even reaches your inbox.


      ‘Free’ or too-good-to-be-true software

      There's one simple rule to help you stay out of trouble. If it looks too good to be true, it probably is.


      If you see software that’s usually expensive being offered dirt cheap or free, be careful. You might end up with more than you bargained for.


      Double-check the small print of any software that says it’s paid for by advertising. Sometimes this is another way of saying 'it contains spyware'. And make sure you keep viruses off your computer by running regular scans.


      Passwords – dos and don’ts

      - Use a password. And don’t tell anyone what it is.


      - If you need to write your password down, keep it in a safe place away from your computer.


      - Make the password long enough for it to be safe. Eight characters or more is good.


      - Make your password more secure by using letters, numbers or other characters, like exclamation marks. Capitals will help, too.


      - Make your password easy to remember. But don’t use personal words, like family or pet names or key dates, like birthdays. The idea is to make your password hard to guess. Even by someone who knows you well.


      - It’s not a good idea to use the same password for different accounts. If one account gets hacked, so might all the others.


      - Don’t use a logical sequence of characters. Or repetitions. Like 111, 123, abc, or qwerty.


      - Don’t use the ‘Remember me’ option on websites. You should control a site, not the other way round.


      - Don’t use your password on a computer you don’t control. You don’t know if it can store it and read it.


      - Don’t go to websites where you type in your password in open or public Wifi networks. They’re not secure.


      - Don’t type your password into any site you’ve reached by clicking on an email link. It could be a phishing scam.


      - Change your password regularly. Especially if you think someone knows it.


      Using social media websites safely

      Social networking sites rely on connections and communications across the internet. So the sites want you to give them personal information.


      People might not think twice about giving out this sort of information online because:

      - the internet makes them feel anonymous


      - there’s no physical contact, so they get a false sense of security


      - they only write things with their friends in mind, forgetting that others might read them


      - they want to impress potential friends with details of where they work or how much they earn.


      Most people who use these sites don’t pose a threat. But there are some people who might use them to find things out about you. Predators might start building relationships with people online and then convince them to meet up in person. This could lead to dangerous situations.


      People can also use your personal information for a ‘social engineering’ attack. Using information you put online (like where you live, what you’re interested in and who your friends are), someone could pretend to be a trusted friend. Or convince you that they’ve got the authority to get hold of other personal or financial information.


      Attackers may also use these websites to spread Trojans, worms or viruses. Be extra wary of sites that offer applications developed by third parties. Attackers might be able to create customised applications that look innocent. But actually they’re infecting your computer or sharing your information without you realising it.


      Think of social networking sites as bars where everyone can hear what everyone else is saying. There are some things you just wouldn’t say if everyone was listening.


      Social media sites need to check you are who you say you are when you create an account. They do it by asking for personal information. Don’t use your real birthday. It’s just another bit of information people can collect about you. (You could use 1 January and then the year you were born. Or something similar.)


      Don’t post when you’ll be, or are, away on holiday. And don’t post pictures to social media sites while on your trip.


      Check your privacy settings on all your social media accounts because they keep changing the default settings.


      Be careful about using third-party applications on social media sites. Criminals could get access to your personal profile information with a virus.


      Keep track of comments and photos other people post that feature you. Make sure you’re comfortable with of the amount of information that’s being posted about you. And limit what you’re posting about yourself.


      If you have children, keep track of what they’re doing online. And talk to them about online security. To find out more, go here.


      And you can get help from the Information Commissioner's Office.

      Share this

    Topics 1 to 10 of 13
    1   2