“SMiShing” – Mobile Phone Scams supported by EE?

SMiShing (SMS phishing) is a type of phishing attack where mobile phone users receive text messages containing a Web site hyperlink, which, if clicked would download a Trojan horse to the mobile phone.



I have been receiving regular text messages for some time now, saying “You subscribed to Clicnscore for £4.50 per week from ClicNScores until you text STOP” – bad English I know. I had another message from “Loaded Mobi”- “You can access the games portal here” followed by a link.

Thinking both were merely “SMiShing, I clicked on neither STOP nor the link. Unfortunately our phone bills go straight to our Accountant, but I had cause lately to query a bill I thought was high. It turns out both of these companies have been regularly paid through my EE account.

EE informed me it was not there responsibility & gave me text links to cancel subscriptions & phone numbers to complain & ask for a refund. Both numbers are automated, ClicnScore gives you a message “there are no charges to your phone” – then cuts you off, Loaded Mobi puts you in a call queue then cuts you off.

I have since searched these 2 companies on the internet, they have been investigated on Watchdog, reported on BBC, The Express & Mail Newspapers. The Sun Newspaper first reported this back in the 19th of May 2016.

EE say while they are aware, had so many complaints & have investigated, they still have no responsibility as you have the option to block all payments from your account. Shouldn’t EE be at least protecting our accounts against such well publicised Common Scams? It would be so simple for EE to set up authentication, so why not take responsibility for Customer Data & Accounts – have they a vested interest?

Perhaps merits an ICO investigation? I’ll certainly report!

“SEXTORTION” – I Have Been Hacked!

Imagine my surprise when I received an email in my Inbox containing my password in the Subject line – “ Your Password is xxxxxxxxx”!

The email goes on to say that you have been watching Porn, they have filmed you, have all your contacts & will distribute if you don’t pay a Bitcoin Ransom. Luckily I don’t have a penchant for pornography & never visit dodgy sites on any of my devices, so immediately recognised the Scam & reported to Action Fraud.



I was still left with a sick feeling in my stomach at the intrusion, the nature of the email & more importantly that somebody had stolen one of my passwords. On consideration the email & password combination had only existed on a Google Account that I had since changed many times.

A few weeks ago I made a Linkedin Post on the importance of password selection – number & type of characters etc. This however has led me to focus on something that lacked from that post – the number of your Passwords, variance & the frequency you change your passwords? My password was stolen some time ago but has only just been used, so you may have to assume that all of your passwords have been stolen unless you really know otherwise?? To mitigate this I would suggest –

• Have multiple but varying Passwords

• Change your Passwords frequently

• Use 2 Step or Multi-Factor Authentication

Remember if you only have a one Password fits all policy – they will steal from the weakest account & use it to access all of your accounts!

Controversial but……If you have so many complex passwords & feel you have to write them on a piece of paper & store safely, what is the chance someone will break into your house or office looking for Passwords, or steal your purse/wallet in order to obtain passwords rather than Cash or Credit Cards – just don’t keep the 2 together ????. Besides Passwords can be changed quicker than you can cancel Credit Cards & we wouldn’t be without them. I am a systems rather than an IT Tech person, so seek out good advise….

Stay Safe People

Full Article on This Scam