Watch out for this phishing email posing as a Vodafone invoice in your inbox

5 Nov 2019

Image: © robcartorres/Stock.adobe.com

The latest phishing scam hitting Irish inboxes is a very sophisticated imitation of a Vodafone email.

ESET has warned Irish internet users of a phishing attempt using a well-known brand as bait.

The IT security company says this latest attempt at sourcing user details is a “professional-looking” email masquerading as a reminder from Vodafone to check your invoice details for uninterrupted service.

Signing off as “Customer Department”, the phishing email informs customers that payment of an invoice has failed and that this may result in being cut off from the service.

“You must update your information to avoid any interruption of services,” the email claims, in an effort to convince users that they will need to share payment information with the scammers via a link provided.

Very convincing Vodafone imitation

ESET noted that the link directs to a US-registered website mimicking a Vodafone page, with all the familiar logos and brand attributes.

As well as credit card information, the form requests details such as name, address, phone number and email, which alone can be exploited for further personalised scams or identity theft.

As always, users are advised not to reply to phishing emails or click any links in them. It’s best to mark it as spam, if your email provider allows, and warn friends and colleagues who may be at risk of falling victim to this scam.

How to spot a phishing email

This is the latest email phishing trap set for Irish users following a TV licence scam reported by ESET last month and an aggressive sextortion email in September.

As these emails become more sophisticated at imitating legitimate requests, users must be vigilant at spotting a real from a fake.

With all emails, but particularly those asking for personal or payment information, users are advised to check the email headers for details that may reveal a phishing attempt. Check that the sender is from a trusted domain (such as, in the case of Vodafone, Vodafone.ie) and not just imitating one. In some cases, scammers have substituted letters in familiar domains to better mimic trusted brands.

Phishing emails often create a sense of urgency to prompt users to act without thinking things through. It is advised that if any urgent calls for details come via email, users should call their provider directly to confirm that it’s a legitimate request.

Elaine Burke is the host of For Tech’s Sake, a co-production from Silicon Republic and The HeadStuff Podcast Network. She was previously the editor of Silicon Republic.

editorial@siliconrepublic.com