/ Money

EE phishing email: scam website taken down

A website designed to steal bank details has been taken down after we reported a phishing email to EE’s security team. Here’s the email you need to be wary of.

Following on from last week’s Netflix phishing email warning, another well-known brand’s customers are being targeted by scammers in the same way.

Just like other examples we’ve seen, the email tells you that your payment has failed due to billing details expiring or changing.

‘The payment for your latest EE bill failed’

A look at the email address this has arrived from will tell you that this has nothing to do with EE, however, if you were to miss it, you could be forgiven for thinking the email was genuine.

The professional layout and use of EE’s branding makes for a surprisingly legitimate appearance, while it’s also one of the most well-written scam emails I’ve seen this year.

How to spot an email scam

The threat of the disconnection of your service is an attempt to rush you into making a bad choice. If you receive an email like this, make sure you take your time.

Check the email address it’s come from and look for other clues – for example, my eyes were drawn to the bizarre question mark in the footer of the email.

If you’re not sure about an email you’ve received, contact the brand through its official channels and discuss it with them directly.

What happens if you click through?

If you were to click through on ‘update and verify billing details’, you would have been taken through to a fake site and instructed to enter your bank details and other personal information.

The scammers behind the site would then have had complete access to the card details you’d entered, along with your full name and address.

Fortunately this site in particular has now been taken down after quick work from EE’s security team. When we reported the phishing email to EE, a spokesperson said:

“Our dedicated fraud team works hard to keep our customers safe from scams and customers should forward any suspicious emails to phishing@ee.co.uk so they can be investigated.

Our security team will then work quickly to take down any fraudulent websites contained in the email to protect people. Customers should always double check the sender’s email address, as it may not be from who it says it is.

If a customer thinks they may have been a victim of a scam then they should contact Action Fraud immediately.”

If you’ve landed on a website and you’re not sure it’s legitimate, take a look at our eight-step guide to identifying a fake, fraudulent or scam website.

Have you received this email or a similar one from another brand? How did you deal with it? Let us know in the comments.


George – thanks for sharing. Nice to hear that EE were able to take effective action here.

This comment was removed at the request of the user

Thanks for the link. I also tried it, but it only seemed to work for about 50% of the test cases I used.

This comment was removed at the request of the user

Duncan its checks seems to give three outcomes equivalent to yes, no and can’t tell. Using quite a few real addresses gave the can’t outcome.

This comment was removed at the request of the user

This comment was removed at the request of the user

Thanks I’ll try those later when I’m sat at a proper PC.

Thanks Duncan, that second email checker seemed to be more decisive than the first one.

I also rechecked the first one and I think I actually got a false positive from it – i.e. it told me that a made-up false email was real. Of course, I don’t know for sure that the made up email won’t be real, but I do judge that to be very unlikely.

That last one caused my AVG to become agitated, Duncan; wouldn’t let me get to the site without warning me:

We’ve just saved you from an infected website

Infected URL: [URL removed by moderators]

Threat: URL:Phishing

This URL contains malicious code that could harm your computer.
If you’re willing to risk it, you can turn off your AVG Web Shield to continue.
But we strongly recommend walking away from this one.

EE has an email address to report suspected phishing, as George says in his introduction: phishing@ee.co.uk

Maybe other companies should provide an email addresses in this format to report problems. Having an email address rather than a web form makes it easy to attach photos or other information as evidence.

This comment was removed at the request of the user

This comment was removed at the request of the user

This comment was removed at the request of the user

It is always better to be safe than sorry when dealing with posted Web links.

This comment was removed at the request of the user

AVG was fairly specific, Duncan: “This URL contains malicious code that could harm your computer.” Now, it could be fine – but this is for a Mac, so could be Mac specific.

The thing is that this is the first alert I’ve had in months, so AVG rarely flags anything up. When it does, are you saying I should ignore it?

I’ve now tried it on two other browsers, and all three are blocking it. It would seem that the code on the site is designed to infect com.apple.webkit/networking on the Mac.

This comment was removed at the request of the user

This comment was removed at the request of the user

Indeed, and this paragraph seems to suggest I was wise not to follow the link:

“A report by Malwarebytes in March 2018 suggested that Mac malware grew by 270 percent in 2017. The same company reported that it had already seen an increase in Mac malware in 2019, with 16 million instances recorded in April – which is four times more than the previous record.”

Total virus itself shows four engines describing the URL as malicious, one of which was Google Safebrowsing.

However, I may have got to the bottom of things. The link you posted was for email-checkers . . com whereas the email checking service is actually https://www.email-checker.com

It appears that some dubious individuals have created a site that looks like the real thing but where the URL has an ‘s’ on the end and then embedded malicious code inside. They’re depending, I suspect, on people not being too careful when they copy URLs.

On the plus side it seems AVG was right.

This comment was removed at the request of the user

Digging a bit deeper into the “checkers” site, it has section titles such as:

“Does the email address checker was invented to benefit everyone?”

“Dealing with trust issues: how does Email Checker really ork?” (sic)

So all the characteristics of a spam email, in fact?


Also, many of the page options just seem to link back to the home page – or at least they do when viewing the page as user Guest on a Chromebook.

Sometimes, there are mitigating circumstances for poor English on a web page or in an app. For example, the authors might be acknowledged world experts in a given field, but might not use English as their native language.

…and here on XP(!!!) AVG also blocks the “checkers” site.

Peter walton says:
28 November 2019

I had a similar problem with my television license, exactly the same M.O. payment failed please resubmit. New it was wrong so telephoned TV Licensing and they confirmed scam. They were very matter of fact about the issue, just delete was advice.

This comment was removed at the request of the user

Ian Biggles says:
6 December 2019

I received a text from number +447517321753 saying “EE. We were unable to process your latest bill. In order to avoid fees, update your billing information via” and then gave a link. I have assumed that this was a scam and did not click on the link.

This comment was removed at the request of the user

R Alexander says:
7 December 2019

We got the EE one on the 3rd December as a text from 00447716080517.

Bridget says:
29 December 2019

I just had a message supposedly from EE telling me that I would win an iPhone or other items if I did a survey. I’m not sure if it’s for real so I deleted it.

Sue Fitzpatrick says:
31 January 2020

Hi I received a text message from these people this am saying there was a problem with paying my bill there is a web address that they expect me to click on