three-security-hub-1908x460

Stay secure with Three

Protect Yourself & Your Children Online


Protect yourself against fraud

How to avoid fraud and scams

There are many ways that fraudsters can try to gain access to a customer’s account(s) or their private information. As such, it is vitally important that all consumers remain vigilant and aware of the potential dangers of online activity. We’re committed to supporting our customers against fraud in the following ways:

  • By providing online help pages that detail different types of fraud, guidance on how customers can best protect themselves, and how to report suspected fraudulent attempts.
  • By working with Regulatory bodies and taskforces, law enforcement agencies and other Irish networks and industry partners to help combat fraudulent trends.
  • Using our dedicated Care teams to manage customer concerns. We also use a sophisticated suite of systems to monitor and mitigate fraudulent activity.

     

Most common types of fraud

Spam SMS

Spam messages are usually marketing messages that are sent to you without you requesting them. The people who send these messages may be trying to access your personal information (smishing), sell you a premium rate service, or encourage you to contact them so that you can be referred to another company that will try to sell you something.

Legitimate marketing messages will usually be received from a short code or a company that you recognise because in the past you've asked to receive their messages or used a service from them.
 

Smishing

What is Smishing?

Text spam also known as SMS Phishing or Smishing for short, is something scammers use to trick you into going to a website or to call a specified number. If you respond, they’ll ask you to provide confidential details, attempt to infect your device with malware, or get you to respond to a premium rate service.

These messages can be very convincing, and they might look like they’re from organisations you’ve used before.

Scammers can make Smishing look like genuine messages, but keep an eye out for some of these clues:

Smishing might make you think:

  • You’re going to be locked out of your account, or that your account has been compromised.
  • You've won something or can get something for free or at a bargain price if you reply quickly.

Remember: you would have to reply to one of these messages to put your device at risk, so they’ll always ask you to take an action.

They might want you to:

  • Click on a link (which might install malware on your device).
  • Enter confidential information like a password or date of birth.
  • Phone a number so they can ask you for sensitive info or get you to call a premium rate number.
     

If you think that you have been sent one of these messages don't worry – just remember:

  • Don't click on links unless you're 100% sure they're genuine.
  • Think about whether the sender would contact you in this way – most companies won't ask you to confirm bank details over text message.
  • Remember that if it looks too good to be true, it probably is.~
     

Don't respond to any suspicious messages:

  • If you're still not sure, contact the organisation that seems to have sent you the message to see if it's from them.
  • Just make sure you don't use any of the contact details from the text – go to their website to find more info.

Three will never ask you for personal details via SMS. If you receive a potential suspicious message which you suspect is using a fake Three Ireland link, please report it to our Care teams.
 

What happens if you respond to a Smishing message?

These types of messages are designed to be convincing. So, if you fall victim to one – don’t beat yourself up. It really could happen to anyone.
If you’ve responded to a message that you think is suspicious, there are some steps you can take:

  • Change your passwords. Do this as soon as you can for things like your Three account, online banking, and email address.
  • Contact your bank. It’s a good idea to get in touch with your bank, just to make them aware of the situation. They’ll be able to let you know the best course of action.
  • Contact us. If you think your account’s been compromised, please report it to our Care teams. We’ll help guide you through what steps need to be taken to protect your mobile account.
     

Receiving malicious or nuisance calls

If you receive malicious or nuisance calls, the following action may be useful:

  • If the caller makes a direct threat of harm, call 112 or 999. If the threat isn’t immediate, for non-emergency or general enquiries, contact your nearest and/or local Garda Station. Telephone numbers for all Garda stations and key offices are available at Garda Stations Directory.
  • Wait for the caller to speak first.
  • Keep calm, don’t talk to the caller, and hang up quickly.
  • Don’t share any personal information.
     

If you’re worried about receiving malicious or nuisance calls, the following action may be useful:

  • Don’t leave your name and number on your voicemail.
  • Don’t reply to texts from numbers you don’t recognise.
     

Spoofing - nuisance callers changing their caller ID

What is spoofing?

Most phones let you see the number of the person calling before you answer, but fraudsters deliberately change their caller ID. This is what’s called spoofing.

Sometimes there's a good reason for a caller to modify the Caller ID, like leaving an 0800 number for the customer to call back. But spoofing callers do this to hide their identity or make you think it's a legitimate call.

For example, identity thieves looking to steal sensitive information such as your bank account or login details might use spoofing to make it look like your bank or credit card company is calling.

ComReg is working with the international regulators and the telecoms industry to stop this from happening. 

What you can do:

Never give out personal information on an incoming call, and don't rely on caller ID to identify a caller, especially if they claim to be from someone like your bank.
Hang up the call and call the company back using their official details – maybe check your account statement or the company's website – to find out if the call was genuine. Try to wait at least 5 minutes before you do this to make sure the line clears and you're not contacting fraudsters.
 

Phishing

What is phishing?

Phishing is a cybercrime where attackers trick you into revealing sensitive information or performing harmful actions through deceptive emails, messages, or websites.

A standard phishing email might warn you that there's a problem with your account and include a link to where you can ‘fix’ the problem. Clicking on links within these emails will take you to websites designed to trick you into entering personal details, such as your password or credit card number. If you give out your personal information to these websites, fraudsters may be able to access your account and set up fraudulent accounts in your name.

Phishing attacks can also happen over the phone where fraudsters pretend to be calling from an organisation such as a bank or retailer. They may ask you to confirm your personal details to continue the call. By asking these questions, they may get enough information to pretend to be you and get through the security checks of your real account with that organisation.

The best way to avoid being the victim of a phishing attack is to be aware of the tricks that scammers use and stay vigilant.

These messages can be convincing, and they might look like they’re from organisations you’ve used before.
 

Steps to avoiding a phishing attack

  • Be suspicious of any unexpected phone calls, text messages, or emails asking you about your account or personal information, such as your full name or date of birth. Don't give out any personal information to anyone who has contacted you. Don't follow links attached to an email even if they appear to be from a reputable source.
  • Pay attention to the web address of any website you visit. Malicious websites may look identical to legitimate websites, but the URL may be spelt differently. Or it may have the same spelling but be registered to a different domain, for example .net rather than .com.
  • Don't enter personal information on a website until you have checked that it has a security certification. This may be signposted by a 'Lock' symbol next to the company's name in the URL. If you have any doubts, contact the company directly.
  • If an email seems suspicious, it's a good idea to contact the company directly to check that it's legitimate. Don't use the contact details given in the email or website that's linked to the email. Instead, check your previous emails for contact details.
  • Take advantage of any anti-phishing features offered by your email provider and web browser.


Securing Your Account

Three uses information we have relating to you to verify your identity when you contact us through our care channels. If your information becomes available to third parties, they could be able to access your account by impersonating you. They could then be able to change the details on your account, or take over your phone number.

If a fraudster gains control of your phone number they are able to contact individuals at your cost. If you use services with any providers such as banks who send two-factor authentication codes by sms, fraudsters may be able to intercept these messages, resulting in financial and other loss.

Three has measures in place to prevent this kind of fraud, however if fraudsters have enough information about you, it may not be possible for us to know when you are being impersonated for fraud purposes.
 

What should you do?

We recommend that you follow these simple steps to help stay secure:

  • The more information we have about you, the more questions we can ask to verify your identity. If you have an unregistered account, you should consider registering it.
  • Never disclose any sensitive or personal information such as login details, bank details, passwords or passcodes to any source.
  • Don’t put personal information about yourself online.
  • Don’t call or text back to suspicious or unfamiliar numbers.
  • Don’t reuse passwords across multiple accounts. If one of your accounts has been hacked, fraudsters may be to guess the password to another account.
  • Never ignore a message alerting you to a pending SIM swap request on your account.
  • If you experience a sudden loss of service, contact Three immediately.
  • If you register your phone with another service for two-factor authentication, be sure to monitor it for unusual activity. Do not register a rarely-used phone number for two-factor authentication.
  • Protect your mobile device via password or biometric security. Where possible, set the screen auto-lock timer to activate after just a few minutes of inactivity.
  • Disable automatic connections. Some devices automatically allow connections to available Wi-Fi networks, and Bluetooth devices may connect and transmit data without your knowledge.
  • Consider using your manufacturer’s applications which allow you to find and track your device if lost. These applications also give you the option of locking or wiping your phone remotely if required.
  • Do not open emails from unknown sources – even if these appear legitimate or authentic and seem to come from your banking institution.
  • Never follow a link provided to you in an email to access the Internet Banking site for your banking institution. Instead physically type the address into the browser address bar.
     

Additional guidance

From Three:
https://www.three.ie/news/three-team/4-ways-to-spot-scams.html

From An Garda Síochána:
https://www.garda.ie/en/crime/fraud/

From The Data Protection Commission: 
https://dataprotection.ie/en/dpc-guidance/blogs/when-your-personal-data-has-been-affected-breach

From Citizens Information: 
https://www.citizensinformation.ie/en/consumer/buying-digital-content-and-services/scams-and-fraud/

From The Competition and Consumer Protection Commission: 
https://www.ccpc.ie/consumers/money/scams/scams-what-to-watch-out-for/

From Fraudsmart (identity theft guidance): 
https://www.fraudsmart.ie/personal/fraud-scams/phone-fraud/identity-theft/

From “Which?” Magazine: 
https://www.which.co.uk/news/2020/04/sim-swap-fraud-how-criminals-hijack-your-number-to-get-into-your-bank-accounts/

From Experian: 
https://www.experian.co.uk/consumer/identity/what-to-do-if-victim.html


Child safety with mobile phones and accessing broadband

Three is committed to creating an environment in which children can use their mobile phones and access broadband safely.

Three is a signatory to the European Framework for Safer Mobile use by younger teenagers and children. Its aim is to ensure that younger teenagers and children can safely access content on their devices and that, at a minimum, operators provide the option to block or filter internet access upon request.
 

Top tips for parents

This section highlights some top tips for parents to help manage mobile phones and broadband access for children as safely as possible.

1. Internet Access Controls

  •  Understanding how the technology works yourself is the best way of making sure your child uses their mobile phone safely and responsibly.
  • Ensure that you set up Parental Controls around your child’s device when setting the device up initially.
  • Contact your mobile provider to check their access and agree who is the authorised contact for services provided.
  • Consider internet safeguards available e.g. filtering technologies and apps. Three can provide internet filters upon request by a customer to limit access to material that may not be suitable for children. To apply these filters, please contact our Messaging Team or just call our team on 1913.
  • On many smartphones you can activate parental controls and restrictions on the actual handset. The Google Play Store and Apple App store both have settings that allow parents to control what applications are being downloaded, how much screen time needs to be adhered to, setting pass codes for all purchases etc. This will give you much more control regarding what your child is downloading on to the device.

2. Gaming

  • Where possible, have your children gaming where you can see them so you can keep an eye on what they are doing – especially when they are young.
  • Check out any game that your child wishes to play first so you are happy that it is appropriate for your child, and be familiar with the different features that each game offers – e.g. chatrooms, private messaging etc. Keep yourself up to date by playing with them from time to time.
  • Set the ground rules around use: where, when and for how long.
  • Keep an eye on who they are chatting to in multiplayer games.
  • Be aware of in-app spending or disable it so that they must ask if they want to spend money. It is possible to spend a significant amount of money on items such as skins, power ups, virtual currencies, and loot boxes/card packs in games that they play.
  • Be aware of loot boxes, which are psychologically akin to gambling but feature in games/ apps that are marketed at children.
  • ComReg’s website provides clear information on what Premium Rate Services (“PRS”) are, how to recognise them, the types of charges associated with PRS, and details solutions to common problems that may arise with these services.

3. Social Media

  • If your child has a profile(s) on social media, they will likely access it on their mobile phone. Ensure they know why it is important to only post or share information with people they know in the real world. It is important to talk with your child to find out about which websites and social media platforms they visit to make sure they are visiting sites appropriate for their age. Also, you should check if these social networking websites / platforms have parental controls available and what privacy policies are in place.
  • Be aware of minimum age restrictions for any social media or instant messaging site that your child wants to access and check it out yourself first to make sure it is appropriate for your child. Common Sense Media is a great resource in this regard.
  • Agree ground rules around use.
  • All accounts are set to ‘public’ by default, so it is important to encourage your child to set their account to ‘private’. This means only ‘friends’ can view their personal information. However, children should still be careful about publishing personal information online. Even a profile set to ‘private’ is not 100% secure.
  • Encourage children to keep their friends list to just people they know well offline.
  • Keep an eye on what they are posting and who they are sharing it with.
  • Ensure location services are set to off within the apps they are using as some of these will be set to ‘on’ by default. Some features also require location to be on in order to send but this should always be switched to ‘off’ immediately after use.
  • Most importantly, have regular conversations about what your children are seeing and doing online and encourage them to come to you or another trusted adult if they come across anything that makes them feel uncomfortable or upset.
  • Talk to your children about the risks associated with posting information online – they need to think twice before sharing content – they need to consider would they share this information in the real world with their teachers and friends – would they post this or share this on the school billboard?

4. Cyberbullying

Below are some tips and advice you can give your child if they experience cyberbullying or malicious communications:

  • Only give their mobile phone number to people they trust. Do not publish their number on a public forum such as the internet, where anyone can see it.
  • Advise your child not to respond to a call or text if they do not recognise the number.
  • When signing up to online accounts, always use an email address in preference to a phone number if given the choice.
  • Encourage your child to talk openly about the experiences they encounter while using their mobile phone. Make it really normal to talk about what they are seeing and doing online, which will hopefully encourage them to come to their parents if something goes wrong. Sometimes a child will hide a negative experience from parents because they fear their mobile phone or internet access will be taken away.
  • Encourage your children to talk to you if they receive a message that is frightening, threatening, rude or makes them feel uncomfortable. Reassure them they will not get in trouble by telling you about something negative they encountered on the internet or their mobile phone.
  • Advise your child not to reply to abusive or rude texts, pictures or video messages. Also, do not forward any such messages as they could be assisting a bully or breaking the law. Report offensive or illegal calls, messages or images to the Gardaí.
  • Keep a note of the dates and times of any abusive messages and calls, save the messages to their mobile phone (even taking a screen shot of abusive material is advisable), and always tell a parent or a trusted adult such as a teacher.
  • Do not send messages to someone when angry or upset.
  • Request that their operator provide them with a new mobile phone number if they are being bullied or harassed. The operator can, where appropriate, provide the new number free of charge.
  • If bullying is happening through a particular app, then use the block and report functions.

5. Memory cards

  • Many Android devices also allow for additional external memory cards to be inserted into the handsets. Ensuring you are aware of what is saved on the external memory card (if applicable) is extremely important.
  • To review the memory card files, just go in to ‘My Files’ on the android device. You will see multiple different sources of memory for the device. Internal storage relates to the phones internal memory.
  • SD Card will be the memory card storage. Your child may have pictures, videos and various different files saved within memory card folders. Please note that if your child removes the memory card from the handset you will not be able to view the contents.
     

Other helpful tips:

  • Take note of the IMEI number on your child’s mobile phone so the operator can disable the handset if it is lost or stolen.
  • Advise children to take care when using their mobile phone in public. A mobile phone is a valuable item and can be a target for theft.
  • Text ‘STOP’ to end a premium-rate subscription. Contact ComReg if this fails to work.
  • Apply service barring offered by your mobile provider e.g. premium SMS barring.
  • Forward suspected spam messages to your mobile operator’s reporting line.
  • Make your child aware that using a mobile phone in certain places is inappropriate, e.g. a cinema or library.
  • The internet is a public place and children can never be sure who is reading the information they publish online. They need to be very careful about publishing personal details. Name, address, telephone number, school and location can make a child identifiable in the real world.
  • Photographs and information published online are there forever. Children cannot get them back and cannot control how other people will use them. Children should think carefully – and ask a parent’s approval – before publishing (uploading) any photographs of themselves.
  • Do not trust everything they read or are told online. People online can lie. For example, an adult can try to win a child’s trust by pretending to be a child themselves. Children should never arrange a real-world meeting with someone they met online without first telling a parent or a trusted adult. And certainly, they should never go alone to meet a stranger.
  • Get involved in Safer Internet Day: Safer Internet Day (SID) is an EU wide initiative to promote a safer internet for all users, especially young people. It is promoted in Ireland by PDST Technology in Education and Webwise, and supported by industry partners in the telecommunications sector. https://www.webwise.ie/saferinternetday/

 

Further Information for Parents

View our Parent’s Guide for the Responsible and Secure Use of Mobile Phones.

Download here
 

Useful resources and websites

For more information on internet safety for your children see below:

Webwise provides useful ‘Advice for Parents on the use of Social Networking Websites’: www.webwise.ie

CyberSafeKids is another important resource which provides helpful information on online safety for families, including webinars for children and parents: https://www.cybersafekids.ie/

Three is a supporter and member of Hotline.ie. Hotline.ie is an anonymous facility for members of the public to report suspected illegal content encountered on the Internet, in a secure and confidential way: www.hotline.ie

BE SAFE ONLINE is Ireland’s official Online Safety Hub – it is the government’s campaign to highlight ways to help users stay safe online. The hub provides access to a wide range of online safety resources, to support online safety for all: https://www.gov.ie/en/campaigns/be-safe-online/

Other helpful resources include:

https://cybersafeireland.org/
https://www.internetmatters.org/
www.comreg.ie
www.internetsafety.ie

Industry Code of Practice

For more information check out the Irish Mobile Operators’ Code of Practice for the Responsible and Secure Use of Mobile Phones.

Read more