We will never email, text or call you and ask for a one-time code, password, or other security information you’ve set up on your O2 account.

Phishing is when fraudsters attempt to get hold of sensitive information such as usernames, passwords, and credit card details, by pretending to be a trustworthy source in an email. When this happens through text message, it’s known as smishing. When someone calls you, it’s vishing.

These scams work by sending you an email, text, or by someone calling you pretending to be from your bank, service provider, the Police or another trusted company. The message or caller might ask for personal or financial information such as personal security details, bank details, one-time codes or passwords, or they might ask you to visit a fake website that looks real. The site will have a form asking for personal information like usernames, passwords, bank account details or pins.

These messages or calls can be very convincing and look or sound like genuine messages sent by organisations you already deal with. They might even appear within an existing text message string from an organisation you know, for example, some of ours are ‘My O2’, ‘o2uk’, ‘O2SwapMySim’.

Signs of a phishing, smishing or vishing scam

Signs that an email, message or call might not be genuine:

  • it contains spelling mistakes
  • there’s a generic 'dear customer' header
  • it asks you to provide sensitive personal or financial information, passwords, or to make transactions by following a link in the message
  • there are suspect links or there’s a name in the header with extra letters, numbers or substitutions. For example, a phishing scam trying to imitate O2 might replace the letter 'O' with the number zero
  • it asks you to call a certain number you don’t recognise. In this case, call your bank on a number that you trust, like the one on the back of your card, to check the message is authentic
  • the sender uses an urgent tone, telling you to act now.

Receiving a suspicious email, text or voice call won’t harm you in any way. It’s only dangerous if you interact with it. Remember:

  • don’t click on links unless you’re 100% sure they’re genuine
  • take a moment to stop and think. Trust your instincts. If it looks suspicious or too good to be true, there’s probably a catch
  • don’t give away any of your personal details

If you're suspicious about an email, text or call, report it immediately.


Reporting a scam email, text or call

Some scams might pretend to be from O2, or from an organisation you already deal with. It's important that we see examples of phishing emails, texts and websites so we can investigate and shut down scammers. To report a suspicious email, text or website:

  • Forward the text message, including phone number or company name, to 7726. It won’t cost you anything and it means we can investigate the sender
  • If your phone supports SPAM reporting (currently available if you have an Android device using the Google Messenger App, but others will be available soon), then press the SPAM button to automatically forward the message to 7726. 
  • Information shared to 7726 will be available to all mobile operators, the Information Commissioner's Office and various approved organisations who are involved in criminal investigations (including the National Cyber Security Centre (NCSC) and Serious Fraud Office (SFO) to enable them to identify the senders. Information may also be shared with the organisations who are being targeted by the Smishing attacks to help them protect their customers from fraud.
  • For emails, forward the message to the organisation that it claims to be from. You can look up the email address to send it to on that organisation’s website
  • For suspicious emails claiming to be from O2, create a new email draft with ‘Phishing’ as the subject. Attach the suspicious email and send it to spam@o2.com.

Remember, if someone calls you saying they're from O2 and they ask for personal information, one-time codes, passwords and PINs, including bank details, make sure you check who they are first. Ask where they're calling from and take a number to call them back. If you have any doubts, call us to check - these could be nuisance calls, so see our advice on what to do about them.

Think a fraudster might have access to your O2 account? See our fraud advice, and report it to us straight away.


Malware ‘FluBot’ text scam

FluBot is a text message scam that is part of a large-scale smishing attack. Currently, it only affects Android devices and is downloaded under the guise of a message with a link to a tracking app or to retrieve a voicemail. The messages can appear to be from a delivery service like DHL, or other companies like Argos and Amazon.

If you click the link in the message, the malware may automatically download to your device. If the app is installed, the malware can take over your device, allowing more infected text messages to be sent to your contacts without your knowledge. The fraudster could also gain access to your messages and online banking details.

What should I do if I receive the message?

I’ve received the message but haven’t clicked on the link

You can just delete it. If you’d like, you can still report it by forwarding the message free of charge to 7726.

If you have an Apple device, it won’t be affected, and you can just delete the message.
 

I’ve received the message and clicked on the link, but haven’t downloaded the app

Your phone won’t be infected if you haven’t downloaded the app, so you can just delete the message. You can still report it by forwarding it to 7726, for free.
 

I’ve received the message, clicked on the link, and downloaded the app

Please be aware that your device, including any sensitive information stored on it, may have been accessed by fraudsters. If you think your device has been infected, please follow the steps below immediately to remove the malware.


I think my device is infected – what should I do?

Do a factory reset

The National Cyber Security Centre recommends doing a factory reset on your device. This will wipe the device and remove the malware. For help on how to carry out a factory reset, please visit the NCSC website.

Please note, you should NOT perform a backup to reinstall anything on your device after the factory reset, as that will also reinstall the malware. So, it’s likely that you will lose data like photos, contacts and downloads.


Activate Google Play Protect

Turn on Google Play Protect in the Play Store app and do a complete device scan. This action may also allow you to identify the FluBot app and delete the malware.

This step is only recommended if you haven’t been able to remove the malware by doing a factory reset.


Activate Safe Mode

Follow your device manufacturer’s guidelines to activate Safe Mode. This will place a temporary block on third party apps, stopping them from running. You may also be able to identify the FluBot app and uninstall it.

This step is only recommended if you haven’t been able to remove the malware by doing a factory reset.


More ways to protect yourself:

If you use an online banking app, you should contact your bank immediately. They will be able to assist you with securing your account.
Change any passwords stored on your device – in web browser, notes, or text messages.
Change any passwords that you may have entered while the FluBot app was installed.

 


Why is there a bar on my outgoing text messages?

If we’ve identified that your device may be infected by a FluBot malware as part of monitoring of our network, we may bar your outgoing text messages in order to protect you, your contacts, and our network.

To have this bar removed, please follow the advice above on how to remove the malware. Once you’ve done this, give us a call on 0344 809 0202.

Please note, if you advise us that you’ve removed the malware, but this hasn’t been completed, the bar is likely to be reinstated.


Why are there extra charges on my monthly bill?

If you’ve incurred charges to your bill due to a FluBot malware, this will be reviewed and where applicable these charges will be credited back to your account.
 

However, if you advise us that you’ve removed the malware, but this hasn’t been completed, and you continue to incur costs due to the FluBot malware, you may be liable for these charges.


For more information:

  • Take Five to Stop Fraud - straightforward and impartial advice to help you protect yourself against financial fraud
  • FFA UK - information about the various types of payment fraud, plus helpful tips and advice
  • Action Fraud - the UK’s national reporting centre for fraud and cybercrime
  • Get Safe Online – a resource for unbiased, factual and easy-to-understand information on online safety.
  • Which – advice on scams
  • You should also report your phishing experiences to report@phishing.gov.uk. The information provided lets law enforcement organisations remove fraudulent sites, and identify patterns of attack used by the scammers to help us all defend against them.

    The National Cyber Security Centre (NCSC) offers the following advice to help protect yourself online:
    • Turn on two-factor authentication for important accounts
    • Protect important accounts using a password of three random words
    • Create a separate password that you only use for your main email account
    • Update the software and apps on your devices regularly (ideally set to ‘automatically update’)
    • Save your passwords in your browser
    • To protect yourself from being held to ransom, back up important data.
Was this information helpful? Yes | No

Thank you for sending your feedback.

Can't find what you're looking for?