Common scams to watch out for
Received a call from O2 out of the blue?
Stop
If someone calls you claiming to be from O2, pause and think. Does it feel right? If you start hearing things like “this is a limited one-time offer” or “you need to give me an answer right now” – hang up.
Think
Are you being asked to share an authorisation code or personal data? Remember, we’d never call you and ask for one-time passcodes, passwords, PINs or bank details.
Scammers can now clone the phone numbers of organisations they want to impersonate. Even if the number on your caller display matches an official number, it might not be real.
If you’re calling a company back, find the number yourself and don’t use the number they supply. Using the 159 service is the safest way to contact most UK banks after a supposed fraud call.
Learn more about caller ID
Being bothered by unwanted or malicious calls or texts? Check out our advice on nuisance calls and texts.
Got a suspicious text or email?
Take a second
Think you might have got a text or an email from a scammer? Don’t don’t respond to it or click any links. Instead, take a few seconds to let us know about it.
Scam texts
Forward suspicious texts to us on 7726 (which spells SPAM on your phone’s keypad). Reporting messages this way is free, and it means we can investigate the number and potentially block it.
Scam emails
“Phishing” emails try to get hold of your personal information by pretending to be from a trustworthy source. If you receive one, create a new email draft with "Phishing" as the subject, attach the suspicious email and send it to spam@o2.com.
Ways to tell if an email, text or call might not be genuine:
It contains spelling mistakes
There’s a generic 'dear customer' header
It asks for sensitive, personal or financial information and passwords
It asks you to follow a link to make a transaction
It asks you to call a number you don’t recognise
The sender uses an urgent tone, telling you to act now
There’s a name in the header with extra letters, numbers or substitutions. For example, a phishing scam trying to imitate O2 might replace the letter 'O' with the number zero.
Remember:Don’t click on links unless you’re 100% sure they’re genuine
Trust your instincts. If it looks suspicious or too good to be true, there’s probably a catch.
Don’t give away any of your personal details.
If you’re worried about an email, text or call, get in touch straight away.
FluBot is a large-scale text message scam.
Currently, it affects Android devices and is downloaded under the guise of a text with a link to a tracking app, or to retrieve a voicemail.
The texts can appear to be from companies like DHL, Argos and Amazon.
If you click the link in the text, the malicious software may automatically download and take over your device, allowing infected texts to be sent to your contacts without your knowledge. The fraudster could also gain access to your messages and online banking details.
Learn more
Received an unexpected delivery?
Delivery scams
Fraudsters may want to convince you to send your device to a false address. For example, they may order a device on your account, and then contact you with a false address to "return" the device to.
Check our address
Our address is: O2 Returns Centre, Communication House, Vulcan Road North, Norwich, NR66 6AQ We will only ever ask you to send a device here; never send it anywhere else. If it’s not right, call us.
Returning your device
If you need to return a device to us, please make sure you follow the steps laid out on our Returns page, so we can safely track and process your device.
)
Fraud on your O2 account
“Account takeover” is where a criminal gains control of your O2 account for two main purposes:
Intercepting communications – from your bank, email provider, or any online account that uses your mobile phone to reset passwords, such as social media or payment providers
Ordering upgrades, accessories or replacement SIMs, and applying for additional connections.
Fraudsters might call you for information to help them carry out fraud. They often pretend to be members of O2 staff and will be incredibly friendly. This is to try and convince you to give them your security answer and a one-time code they’ve sent you, so that they can reset your My O2 password and gain access to your account. One-time codes can also be used to change your address or perform a SIM swap, giving the fraudster access to your phone number. They might keep calling you until they have all the information they need to impersonate you and make changes to your account.
Thankfully occurrences of this are rare, but it’s better to know about them.
Remember, we will never call, text or email you and ask for a one-time code, password, or other security information you’ve set up on your O2 account.
Fraudsters use several techniques to perform an account takeover:
SIM swap
Swapping your SIM card number, which is connected to your mobile number, for one that’s in their possession. This lets them receive all calls and texts intended for you. This is associated with banking fraud – taking money from your bank account. If this happens, always contact your bank as soon as possible, as well as us.
Port out
Taking your number to another network, in order to gain control of your mobile number. This is very similar to a SIM swap.
Call divert
Diverting your calls to another number, in order to receive any calls intended for you. This is associated with banking fraud.
Lost or stolen bar
Reporting your number as lost or stolen, to stop you receiving texts and calls from us, your bank and other organisations.
Address or email change
Changing your address or email when ordering replacement sims (to facilitate banking fraud), upgrades, accessories and new connections.
Device delivery
Ordering new phones, tablets and accessories to your home address, then trying to intercept the parcel from the courier – for example, by posing as you and pretending to lock your front door or your car. If they fail to intercept the delivery, they might pose as another courier trying to collect the parcel, telling you it was delivered in error.
Resetting your My O2 password
This initiates a one-time code to your phone, and they call you to try to retrieve it by pretending to work for O2. You can avoid this by always using different passwords for your email account, My O2 account and any other online account. And by always being cautious if someone calls you unexpectedly.
The National Cyber Security Centre (NCSC) offers the following advice to help protect yourself online:
Turn on two-step verification
Use a password of three random words
Create a separate password that you only use for your main email account
Update the software and apps on your devices regularly
Save your passwords in your browser
Back up important data.
Read more about scams and fraud
More ways to get help
Take Five to Stop Fraud
Information and advice about payment fraud
Action Fraud
The UK’s national reporting centre for fraud and cybercrime
Get Safe Online
Factual and easy-to-understand information on online safety
Which?
General advice about scams
Was this information helpful?
