Scam calls?

g12345 · ‎09-24-2024

Hi, I'm getting lots of very persistent calls advertising a "too-good-to-be-true" promotion (50% off my monthly bill for being a loyal customer and a free set of airpods), which normally I'd write off as a scam straight away, but they know a lot about me and my Three account (addresses, monthly bills, bank account number etc) and have sent auto-texts from the numbers marked "From Three" and "Three UK". Phone numbers are 0330 320 0953 and 0333 338 1001, and they've also sent me emails from promotions@threeguk.com. Can anyone answer if this is a legit promotion because it feels wrong whenever I'm on the phone to them and I've been hanging up.

luna7stic3cong0 · ‎10-24-2024

It is a scam call. I got a similar call 2 days ago, which involved the same email address and phone numbers. I contacted Three afterwards via the website Chat pop-up and they confirmed that there was a request on my account to change the email address, which was not me.

In my case, the call was from 01294 ****** (apologies @JonathanB if the full number is not allowed). I initially did not pick up that it could be a scam, so I confirmed my name and email address with them. The person who called me transferred me to another person, to "their manager". After being repeated what the promotion was, I received an email from the same email address as you, promotions@threeguk.com, with the promotion they aregued they're offering me on behalf of Three UK.

They offered a free gift of choice between Apple Watch and AirPods. I realised that something is off when they offered the free gift + 45% off what I'm currently paying + unlimited data because it sounded to good to be true. Moreover, I looked at the caller ID and it was saying "Simply Scrumptious", which should have been my first clue.

Fortunately, I didn't offer them any other information, but I was naive to offer them 2 or 3 passcodes I received from Three that acctually came from Three. They also asked for a passcode that I received from the VERIFIED Yahoo Business account on WhatsApp. During the process, the second person told me that if the call gets interrupted or I have any issues to call 0330 320 0955 and ask for "Isaac Volter" with extension 7012. They saying to wait because they had some error with their system. They eventually said they have to call later.

Thankfully, when they called later from 0330 320 0955 and from other numbers, my phone didn't ring because it identified the numbers as SPAM. I have now reported all phone numbers by texting "CALL {phone-number}" to 7726 (replacing the curly brackets part to the actual phone number I reported). I also reported promotions@threeguk.com as a pishing address to Google.

I am ashamed I didn't realise it was a scam at first and that I even provided them with some passcodes, but luckily no damage was done. I am posting this because fraudsters and scammers can catch anyone offguard! I am a software engineer and I am very careful with divulging personal information online and over the phone, yet I still confirmed some info they had on me. I use 2FA everywhere it's available and long random passwords generated by a password manager. I am also aware of SIM swapping and that having a phone number hacked can give someone access to receive 2FA codes for accounts that uses SMS for 2FA, which is why I avoid SMS for 2FA. I prefer TOTP codes and hardware security keys (e.g. YubiKey).

JonathanB · ‎09-25-2024

Hi @g12345,

This does look like a scam, we wouldn't use a domain like @threeguk.com when we have legitimate email addresses on our actual website domain @three.co.uk. Unfortunately scammers also use "spoofing" technology to appear to be calling from different numbers than they are actually calling from.

There's more guidance on spam, scams, fraud, and how to report them on our Fraud to watch out for page here.

Thanks,
Jonathan

Mod tip! The author of a post can hit 'Accept as Solution', to highlight a reply that helped solved their query.