Bailiwick Data Protection Advisory

Published: 5 March 2025

Islanders warned about scammers sending fake telecoms bills

The Office of the Data Protection Authority (ODPA) is aware of a series of phishing emails containing fake bills sent to islanders by scammers, claiming to be from Sure. These can mimic the legitimate billing template quite convincingly.

The email prompts users to click on a link to view their bill online, which could lead to a fake payment portal or a malware download.

Islanders who use CWGSY email accounts are being specifically targeted in this instance and should be particularly vigilant.

“Email phishing attempts from fraudsters spoofing legitimate service providers are a common tactic used to steal your data and money”, said Bailiwick Data Protection Commissioner Brent Homan. “Pausing to ‘think before you click’ can help protect you against such scams.”

Protect yourself and others! Sure has published guidance which includes the following pointers:

  • Check that your billing email addresses you by name, rather than a generic “Sir/Madam” or “customer” greeting
  • Sure specifically will include your account number in a legitimate bill, which scammers typically will not have access to

The ODPA also highlights the following advice:

  • Practice vigilance. Texts and emails can easily be forged, attachments can contain malware that can steal your personal information. Someone you know may have had their account compromised.
  • Check the email address of the sender. A billing email should come directly from the relevant organisation, and hovering over or previewing the sending account can reveal whether they are legitimate or not
  • Verify suspicious emails by contacting the sender by an alternative, trusted channel such as the telephone.
  • Be on guard for red flags. Is there an urgency to action or call-back? An uncharacteristic spelling mistake or formatting error? A link to a log in page? A phone number to call for help? An enticing attachment? Beware!
  • Think before you click. Do you know this person or deal with this organisation? Is this how the person or company normally contacts you? Don’t open texts, attachments or emails without being sure of the sender.
  • Protect your passwords. Use different passwords for different websites, accounts and devices. Two-factor authentication is best. And regularly update security settings.

If you have friends or family members who are less tech-literate, share this guidance with them and help them to understand the warning signs