We first reported on this scam last month when we came across at least 10 different versions of it, all of which tell you there are points in your account or you have a prize to claim.
Searches for this scam have spiked on Google, with an increase of searches for 'EE points program scam'.
Recipients of these texts should be wary, these scam texts lead to malicious sites that attempt to gather personal details and other data.
Read on to find out what these messages look like and how this scam works.
EE points scam
In the example above, the text is sent from a random mobile number and tells you that ‘there are 5,340 points in your account that were not successfully used due to system failure’.
It goes on to say that these points will expire in ‘three working days’ and to ‘redeem your prizes in time’.
We shared examples of these texts with EE in March and it confirmed they were scams.
It also explained that these texts weren't SMS messages, but Rich Communication Services (RCS) messages available on Android devices and powered by Google.
RCS is a type of modern messaging that uses mobile data or wi-fi and can provide a more secure platform for users with end-to-end encryption, but it is not impenetrable to scammers.
EE told us last month that it had taken steps to block the malicious link from being opened on its network. The messages were also reported to Google in March.
We spoke to Google about the RCS messages in March and it told us that it is continuously improving its spam and abuse detection systems to help protect users. It also added that users can report a suspicious conversation as spam in Google Messages, which blocks the sender and moves the message to your "Spam & blocked" folder.
Malicious links
We don't advise that you click on a link from a text message as malicious links can contain malware that will infect your device, but for the purposes of our investigation we investigated these malicious links.
One of the links we looked at took us to a website imitating EE, using copycat logos, links to the official EE social media pages and its other official business pages.
The site asks for your phone number before taking you to another page which provides instructions to ‘redeem your points’.
You’re then given various products to choose from and asked for your home address for the product to be shipped to.
We found that these message all included shortened links to mask the dodgy URLs.
The links we saw on these scam messages ended with either:
Why are shortened URLs used by scammers?
Link shorteners are a free tool to simply make long website links shorter. These services are legitimate, but can be used by scammers.
This is because they mask the actual URL and appear as a shortened link in an attempt to make recipients less suspicious.
If you receive a TinyURL link, you can preview the full link before clicking on it by adding ‘preview’ before ‘.tinyurl’.
You can also check Cuttly links by putting an @ symbol at the end of the link. This will allow you to see the original URL before deciding whether you want to follow it.
We contacted Cuttly, Rebrandly and TinyURL and asked them about scammers using their tools to create malicious websites.
TinyURL told us that links that violate its terms of use can be reported to abuse@tinyurl.com, so that its abuse team can remove them.
Read moreFour ways to spot a scam message
It's from an unknown number It asks for payments or personal details It contains spelling and grammatical errorsIt includes a link to followIf you do receive a suspicious text that has alarmed you, don't reply to it. Instead, contact the organisation it claims to be from, or log in to your account with the company, to verify whether the text is genuine.
source https://www.which.co.uk/news/article/ee-points-scam-fraudsters-target-customers-again-with-fake-competition-texts-abnBW7i17lCn