There are many ways that fraudsters will try to gain access to an account or private information. We’re committed to supporting victims of fraud in the following ways:
Online help pages detailing different types of fraud, guidance on how customers can best protect themselves and how to report fraud.
Working with law enforcement agencies to combat fraudsters and identify current trends.
Working with other UK networks and industry partners to combat organised crime and phishing trends
A dedicated fraud team to manage customer concerns. We also use a sophisticated suite of systems to monitor and mitigate fraudulent activity
These are the most common types of fraud you should watch out for:
Wangiri fraud (a Japanese term meaning “one and cut”) is when a fraudster calls a number and hangs up after one or two rings, which encourages you to call them back. These numbers are often based internationally, so you could receive a charge for calling them back. We're taking the necessary measures to protect and maintain security on our network. However, if you have received an unexpected call from an unknown international number, do the following:
• Don't answer the phone
• Don't call the number back
• Never share any personal information
If you suspect you've received one of these calls, please Contact Us. When you do, please ensure you include the full number of the call received, country code and date/time of the call received.
Spam messages are usually marketing messages that are sent to you without you requesting them. The people who send these messages may be trying to access your personal information (smishing), sell you a premium rate service or encourage you to contact them so that you can be referred to another company that will try to sell you something.
Legitimate marketing messages will usually be received from a shortcode or company that you recognise because in the past you've asked to receive their messages or used a service from them. Find out more about shortcodes.
Report the message to us by:
1.Forwarding the unwanted message free of charge to 7726
2.Forwarding the number of the person who sent you the message free of charge to 7726
If you're worried about the spam messages you've received, you can also report your message to the Information Commissioner's Office (ICO) who will be able to help you.
It may not be possible for the ICO to follow up individual complaints if you haven't got any details about the company.
Text spam (known as SMS Phishing or Smishing for short) is something scammers use to trick you into going to a website or to call a specified number. If you respond, they’ll ask you to provide confidential details, attempt to infect your device with malware, or get you to respond to a premium rate service.
These messages can be very convincing and they might look like they’re from organisations you’ve used before.
Scammers can make Smishing look like genuine messages, but keep an eye out for some of these clues:
Smishing might make you think:
• You’re going to be locked out of your account, or that your account has been compromised
• You've won something or can get something for free or at a bargain price if you reply quickly.
Remember: you have to reply to one of these messages to put your device at risk, so they’ll always ask you to take an action.
They might want you to:
• Click on a link (which might install malware on your device)
• Enter confidential info like a password or date of birth
• Phone a number so they can ask you for sensitive info or get you to call a premium rate number
If you think that you have been sent one of these messages don't worry – just remember:
• Don't click on links unless you're 100% sure they're genuine
• Think about whether the sender would contact you in this way – most companies won't ask you to confirm bank details over text message
• Remember that if it looks too good to be true, it probably is
Don't respond to any suspicious messages, you can also report the message by:
• Forwarding the message to 7726 for free so we can investigate and act.
If you're still not sure, get in touch with the organisation that seems to have sent you the message to see if it's from them.
Just make sure you don't use any of the contact details from the text – go to their website to find more info.
Three will never ask you for personal details. Our URL links on our SMS comms will always be ‘3.UK’ or ‘Three.co.uk’. If you receive a message with a variation of these links, please report it.
For more information on smishing, please visit our article what is Smishing?
A phishing attack is a scam where people try to get your personal information and use it to commit fraud. Phishing is typically carried out by email, SMS or through websites that are designed to look like well-known banks or retailers but are built with the purpose of getting your personal information, such as login details and passwords.
A standard phishing email might warn you that there's a problem with your account and include a link to where you can ‘fix’ the problem. Clicking on links within these emails will take you to websites designed to trick you into entering personal details, such as your password or credit card number. If you give out your personal information to these websites, fraudsters may be able to access your account and set up fraudulent accounts in your name.
Phishing attacks can also happen over the phone where fraudsters pretend to be calling from an organisation such as a bank or retailer. They may ask you to confirm your personal details to continue the call. By asking these questions, they may get enough information to pretend to be you and get through the security checks of your real account with that organisation.
The best way to avoid being the victim of a phishing attack is to be aware of the tricks that scammers use and stay vigilant.
These messages can be really convincing, and they might look like they’re from organisations you’ve used before.
Avoiding a phishing attack
• Be suspicious of any unexpected phone calls, text messages, or emails asking you about your account or personal information, such as your full name or date of birth. Don't give out any personal information to anyone who has contacted you. Don't follow links attached to an email even if they seem to be from a reputable source
• Pay attention to the web address of any website you visit. Malicious websites may look identical to legitimate websites, but the URL may be spelt differently. Or it may have the same spelling but be registered to a different domain, for example .net rather than .com
• Don't enter personal information on a website until you have checked that it has a security certification. This may be signposted by a 'Lock' symbol next to the company's name in the URL. If you have any doubts, contact the company directly
• If an email seems suspicious, it's a good idea to contact the company directly to check that it's legitimate. Don't use the contact details given in the email or website that's linked to the email. Instead, check your previous emails for contact details
• Take advantage of any anti-phishing features offered by your email provider and web browser
Receiving malicious or nuisance calls
If you receive malicious or nuisance calls, the following action may be useful:
• If the caller makes a direct threat of harm, call 999. If the threat isn’t immediate, call 101 - the non-emergency number for the police
• Wait for the caller to speak first
• Keep calm, don’t talk to the caller and hang up quickly
• Don’t share any personal information
If you’re worried about receiving malicious or nuisance calls, the following action may be useful:
• Don’t leave your name and number on your voicemail
• Don’t reply to texts from numbers you don’t recognise
You can also report the number of the nuisance caller by:
Texting CALL followed by the number of the nuisance caller to 7726.
For more details on how to manage nuisance calls, please visit:
Telephone Preference Service (TPS) http://www.tpsonline.org.uk/tps/index.html
Spoofing- Nuisance Callers Changing their Caller ID
Most phones let you see the number of the person calling before you answer, but there've been more and more instances when callers and criminals deliberately change their caller ID. This is what we call spoofing.
Sometimes there's a good reason for a caller to modify the Caller ID, like leaving an 0800 number for the customer to call back, but spoofing callers do this to hide their identity or make you think it's a legitimate call.
For example, identity thieves looking to steal sensitive information such as your bank account or login details might use spoofing to make it look like your bank or credit card company is calling.
Ofcom is working with the international regulators and the telecoms industry to put a stop to spoofing, so don't worry – we're fighting it!
What you can do
Identity thieves and other fraudsters often pose as representatives of banks, credit card companies, creditors, or government departments to get people to reveal their account numbers and other sensitive information.
Never give out personal information on an incoming call, and don't rely on caller ID to identify a caller, especially if they claim to be from someone like your bank.
Hang up the call and call the company back using their official details – maybe check your account statement or the company's website – to find out if the call was genuine. Try to wait at least 5 minutes before you do this to make sure the line clears and you're not contacting fraudsters.
If you think you've been a victim of call spoofing
1. Contact Action Fraud
You can call Action Fraud on 0300 123 2040 (standard call rates apply) Monday to Friday between the hours of 8am to 8pm or visit www.actionfraud.police.uk. Action Fraud is the UK's national reporting centre for fraud and internet crime. Remember, if debit cards, online banking or cheques are involved in the scam your first step should be to contact your bank or credit card company.
2. Tell Trading Standards
If you think something may be a scam, you can call 03454 04 05 06 (standard call rates apply) Monday to Friday between the hours of 9am to 5pm and tell the Citizens Advice Consumer Service, who can pass details of the case on to Trading Standards.
The Trading Standards service is responsible for protecting consumers and the community against rogue traders and traders acting unfairly.
3. The Telephone Preference Services (TPS)
Register your mobile number with The Telephone Preference Service (TPS), it's a free service and is the official central opt out register where you can choose not to receive unsolicited sales or marketing calls from all companies you have given consent to - https://www.tpsonline.org.uk/tps/number_type.html
New account fraud
This is where a fraudster will take out an account in another person’s name. Usually the fraudster will have access to a person's personal information and/or bank details.
If you suspect new account fraud, please contact us or visit our Report a problem Page for more information and support.
This is where a fraudster will gain access to a person’s personal information in order to commit upgrade fraud or take control of an account.
If you suspect account takeover fraud, please contact us or visit our Report a problem Page for more information and support.
SIM swap fraud
This is where a fraudster will gain access to a customer’s phone number by swapping the account to a different SIM card. They will then be able to intercept calls and messages intended for you.
If your SIM card suddenly stops working and your phone says it's not registered, please contact us or visit our Report a problem Page for more information and support.
This is where a fraudster will use your personal information to place a call divert on your phone so that any inbound calls are diverted to them instead.
If you suspect a divert has been placed on your phone without your permission, please contact us or visit our Report a problem Page for more information and support.
Porting fraud is where a fraudster will attempt to transfer your number from Three to another network in order to gain control of your phone number.
We recommend that you set passwords on your Three account. This is a strong verification method that fraudsters will find difficult to exploit. You can set memorable name of place as a password via My3 of the Three app.
If you receive a text about your number being ported without your knowledge, you should please contact us or visit our Report a problem Page for more information and support.
Protecting yourself from card fraud
Here are some tips to help you make it tougher for someone to get hold of your cards and card numbers:
• If you receive an email asking for your card details, don’t click any links in the email and delete it immediately. We’ll never ask you to confirm any financial details by email, so if you receive one it could be an attempt to steal your information and you should never reply.
• When making online purchases, before entering your card details, make sure the web address uses “https” rather than “http”. Also, make sure that your browser displays a lock icon, similar to the one shown below.
• Never write down your credit/debit PIN number and remember to always change your default PIN after receiving your card.
• If someone calls you and you’re unsure of who you’re speaking to, never give your financial details over the phone. If someone calls and claims to be from your bank, offer to call them back on a known number to validate the request and then provide them with the information, once you know the request is genuine.
• If you change your address, inform your bank immediately