Virgin Media customers reaching out to contact the firm’s official Twitter account about tech support and broadband issues are being victimised by a relatively unsophisticated fraudster posing as the internet service provider (ISP) and phishing for account and credit card details.
The @virgneimedia account joined Twitter in March 2020 and has amassed only 36 followers. It has duplicated the official @virginmedia header and biography and appears only to retweet official Virgin Media content.
However, for at least a fortnight, the fake account has been contacting Virgin Media customers through their Twitter direct messages (DMs)
Multiple screenshots of the scam posted to Twitter by more eagle-eyed Virgin Media customers show that the account holder is attempting to phish for their credit card details.
The account first asks for the full name and account number associated with the user, so that it can assist. A follow-up DM reads: “Before we proceed, for security purposes of your account [sic] please confirm the card number, expiry date, csc and card holder name that’s linked to your account, if you don’t have any linked currently it can be any card registered under your home address, that would be sufficient to pass a security check.”
It is unknown how many Virgin Media customers may have had their account or financial data compromised by the scam account. The real Virgin Media has responded to a number of its customers who have reported the scam account, saying it has reported it to Twitter. However, the fake account was still active on the afternoon of Friday 7 August.
A Virgin Media spokesperson said: “Virgin Media takes the security of its customers very seriously. If any customers receive suspicious calls, messages or any other form of contact on social media, we urge them not to engage. They should report the incident to Action Fraud or the respective social media platform.”
The past few months have seen a significant and sustained rise in phishing attacks, and media organisations such as Virgin Media are particularly at risk, at least in part because account details for such services can fetch significant amounts when sold on the dark web. Valid credit card numbers and other financial data are also highly sought after.
Kelvin Murray, senior threat researcher at Webroot, said: “Household names are often impersonated with phishing scams because it’s a fairly simple and easy way for attackers to target a large volume of individuals.
“These threats are unfortunately only becoming more sophisticated and using popular public streaming services allows cyber criminals to appear more believable, and it only takes one click to put users at risk.”
Defending against phishing is often as simple as being alert to this particular scam’s most notable failing – the misspelling of Virgin Media. It is also worth noting that legitimate Virgin Media customer services will never contact users asking for their credit card details via social media, or, for that matter, email.
The UK’s National Cyber Security Centre (NCSC) has a range of advice on protecting yourself from phishing attempts, which can be accessed online. People who have received a phishing email are also encouraged to forward it to the NCSC’s recently established reporting inbox. Virgin Media also operates a reporting service, which users can access through a central security hub.