Online scams target direct-to-bill mobile services

Online scams target direct-to-bill mobile services

Online scams exploiting direct-to-bill payment options offered by mobile operators is on
the rise, according to research from Malwarebytes.

The free security software provider granted Mobile exclusive access to research that shows how scammers are extracting money from victims by taking advantage of direct-to-bill payment methods, which charge users via their mobile number.

The scams, which Malwarebytes estimates have been running for a number of years, take users, who unwittingly click on a dodgy link, through a complex series of pop-up adverts to an unidentifiable one-time-use web address.

This process bypasses the security protocol, which victims only discover when then receive a text such as ‘you’ve paid £5 for 1 entry for visiting our website.’ 

The complex system makes scammers incredibly hard to track as Christopher Boyd, malware intelligence analyst at Malwarebytes, explained: ‘It’s very difficult to know what the scammers are doing behind the scenes to pull this off, by potentially hiding payment buttons or offering up dubious adverts. You’d need advance knowledge of where one of these adverts would appear, have a test phone in hand, and also be in a position to research and track what is taking place.

'The advert placement is random so it’s pretty much needle in a haystack time. You can find direct links to some of these websites – often posted on social media by angry people with charges to their account – if you visit the links, they won’t do anything.’


Direct-to-bill online services have been on the rise for several years as operators make it easier for consumers to pay online for products and services using their mobile phones.

One of these is Payforit, jointly launched in 2007 by Three, EE, O2 and Vodafone. Payforit offers a quick and convenient way to pay for low-cost content and services, requiring no registration with either the merchant or mobile network. Payforit automatically detects a user’s number from their mobile network to bill the subscriber.

The service is regulated by PhonepayPlus, which monitors all premium rate services with Ofcom’s approval. Three and O2 said they work together to crack down on such scams and help those involved when incidents do occur, particularly through Payforit.

A Three spokesperson said: ‘We are working with services that use Payforit to make sure costs are clearly set out for customers. In the minority of cases where this isn’t the case, we work with customers and service providers to see those costs returned.’

An O2 spokesperson said that it operated a strict policy when it came to Payforit collaborators: ‘We check and audit any Payforit service before it’s available to our customers. If a content provider introduces unclear terms to customers, we suspend the service until changes are made to our satisfaction. We also investigate any negative customer feedback and follow up with our partners to ensure that content providers are abiding by our standards.

‘We work with other operators, PhonepayPlus and industry trade associations such as the Association for Interactive Media and Entertainment, to share knowledge and insight and ultimately eradicate mis-practice. There will always be those who attempt to profit from deception. We are committed to doing everything we can to protect our customers from such instances.’  

Mobile contacted Vodafone and EE – both were unavailable for comment at the time of going to press.


Please wait...

Please write code to prove you're human