Mobile phone users in the UK are being targeted by phishing e-mails that appear to come from mobile service providers.
Security firm Symantec observed several attacks using this new phishing technique during July.
The e-mails ask recipients to confirm their billing information and link to a legitimate, but compromised web page that displays a form to be filled in.
Anyone filling in the form will be handing over enough personal information to allow the criminals behind the operation to steal their identity to commit fraud.
After the form is completed, the page redirects victims to the legitimate mobile service provider's site, completing the illusion of legitimacy.
Symantec has published a list of best practices for avoiding phishing attacks:
• Do not click on suspicious links in e-mail messages.
• Check the URL of the website and make sure that it belongs to the brand.
• Type the domain name directly into the address bar rather than following any link.
• Frequently update security software to protect against online phishing.