EE customers across the UK have been urged to be especially careful about messages they receive from the company following the detection of a dangerous new phishing threat. Cofense security researchers have uncovered a new phishing campaign that forges messages from the UK's largest mobile phone network, attempting to steal personal information. The campaign appears to heavily target business executives' login and payment information, which could give hackers access to lucrative business networks.
Phishing USA
The emails detected by the Cofense phishing center used official EE images, luring victims with the subject "See Bill -Error". The message inside reported that there was a problem with the customer's payment, prompting him to update his contact information with EE. However, by clicking on the hyperlink included in the email (illustrated below), the victim accesses a phishing page. Although this fake page has a supposedly secure HTTPS URL, it appears to be due to hackers obtaining SSL certificates to make the site legitimate.
![]()
(Image credit: Cofense) After completing the form on the fake site, which in the process sends this information to the criminals, the user is redirected to the real EE login site, leading them to think that their session may have expired. or that your password has been entered incorrectly. Cofense notes that users can often detect phishing emails due to errors and flaws in message design, despite the use of an apparently legitimate design. The team notes that in this example, the EE brand and company name are not included anywhere in the full email address, which instead comes from an entirely separate domain. Having an up-to-date and deep cybersecurity platform is also essential to protect users from threats, since the page always appears online and active.