O2 warns of shady marketing phishing scam

O2 is warning customers not to give out any personal information if they are called by people pretending to be part of the company and asking about web browsing habits.

The warning comes as TechEye spotted a Tweet by Dan Lane from Pibbix. He wrote: “Had a strange call from @O2 saying ‘we notice you’ve been looking at the HTC desire on our website’.. very strange!!”, before adding: “(to be fair to @o2, I was probably logged in).”

We contacted Dan who told us he was an O2 customer and had been looking at the HTC desire page the other day so he could advise a colleague on his purchase. “I haven’t had a call like this from them before,” he told us. He also added he hadn’t been logged on at the time but he was unsure if the site had used cookies present in his browser that linked to his account which they could have used to identify him.

We had never heard of a company doing this before so we called up O2 as a concerned customer. An employee at customer services told us: “We never call customers who have been looking at products on the site even if they are signed in or not.

“The only calls we’ll ever make is an automated billing one or a call back following a request. This call seems to be a phishing escapade and could have been as a result of someone hacking into a wireless account and trying to obtain information.”

He warned customers never to give out any personal details if they come across such a call.

However Dan says that his wireless connection is secure. He also says that caller ID revealed the company which called him is a marketing agency called LBM which claims that O2 is a client for outbound marketing campaigns. We tried to contact this company to see what it had to say and whether it felt OK that a client, O2, reckons it’s running a “phishing scam”. However, it seems it’s too busy making more of these calls as we haven’t heard back.

We also contacted Graham Cluley, Senior Technology Consultant at Sophos to get his view but he was baffled as to how Dan’s details could have been taken from the website. He suggested that perhaps O2 did actually have a widget that identified customer’s views and sent them through to the marketing agency. He also said that another possibility, although unlikely, was that the PC had spyware that monitored the sites he was looking at and fed them through to a company.

“I’d have to look at the machine he was using to be sure though,” he told us.