Fraud update from Three’s Chief Financial Officer

Three, Chief Financial Officer, Darren Purkis gives an update on our latest initiatives to protect our customers from fraud

Over the past year the volume of digital financial crimes being reported has seen a dramatic increase as fraudsters become ever more sophisticated.  This is partly the result of the pandemic accelerating the move towards online and other types of remote transactions and away from traditional face to face. This has left many more people vulnerable to fraud.

In addition, SMS messaging has been taken advantage of in various ways. The main way is through smishing (SMS phishing) when texts are made to look like they’re from a reputable company and the aim is to obtain personal information. SMS texts are also targeted because they have become a common method of customer verification. Equally, fraudsters can simply send texts or make calls to a range of numbers with minimal effort without knowing if those numbers are real or not – so called cold calling – in the hope that they will produce some sort of response.

With fraudulent activity on the rise, Three UK is committed to counteracting it and protecting our customers through various measures.

SMS fraud

Three is investing more than £2bn in state-of-the-art network and IT technology to enhance our customer experience. As part of this, we have deployed new technology which is designed to block inbound spam and fraudulent SMS traffic and currently blocks millions of malicious messages per day. The technology enables us to identify trends in SMS traffic and categorise those that are potentially a nuisance or malicious for customers, while ensuring that our customer’s privacy is always respected. Our ability to monitor and review suspicious campaigns is helping us dramatically reduce our spam share (i.e., the proportion of the traffic reported to the Spam Reporting Service (7726)). As a result, we have seen a reduction of 90% in reports to the 7726 service from Three customers since implementation.

The recent Flubot scam is a great example of how we’ve helped protect our customers. The malware the fraudsters were trying to get customers to download had the ability to harvest personal data from the device. Flubot has proven to be a dynamic and ever-changing campaign, yet despite the challenges it presents, our security teams have managed to stop over 90% of these messages reaching customers and as a result, our customer impact was a fraction of any other UK network. We are continuing to work with government and Law Enforcement agencies to tailor the UK response.

Fraudulent websites

At Three, we have a dedicated team of experts who are continuously engaging in monitoring and detecting fraudulent websites that use the Three brand to attempt to harvest personal information. Using a mixture of proactive detection techniques and monitoring of the customer reporting service 7726, over the last 12 months we have identified and taken down more than 2,000 fraudulent websites and working with agencies, been responsible for more than 30 arrests.

Enhanced security

We’ve introduced Multi Factor Authentication otherwise known as MFA, which is an additional layer of security to help us verify a genuine customer is trying to access information relating to their account. With MFA in place we have seen a fall of more than 95% in reports of SIM swap and PAC fraud on our network.


Customer communications

Whilst we are taking every precaution we can to protect customers, it is not possible to catch every smishing text. That is why educating our customers on the dangers is key, so we keep them as informed as we can on a regular basis.

We do so through several ways including:

  • In-app notifications, verified monthly SMS messages to our customer base and regular updates on all our social media channels on various fraud topics
  • A monthly newsletter to millions of customers is sent featuring security and fraud articles

We regularly receive high engagement with customers of these communications.


How can customers protect themselves?

We know that fraudulent calls and texts can have real world impacts on our customers. That’s why it’s important that customers remain vigilant, so here are some actions customers can take to keep safe:

  • Report it: We strongly urge that where a customer believes they’ve received a suspicious text or call, they report it to 7726, which spells out SPAM on a phone keypad. This service is provided free of charge by the mobile operators and enables the networks and law enforcement agencies to have visibility of scam messages that are in circulation. This information helps to improve our proactive defences and give law enforcement agencies the opportunity to focus on the most significant cases. Additionally, if a customer thinks something may be a scam they can also call Action Fraud, which is the national reporting centre for fraud and internet crime.
  • Add a memorable name/place: To help stop fraud and protect your account, add a memorable name or place as this will give an added layer of security. We have previously advised customers that adding these would also aid in faster verification when they need to contact us.
  • Don’t click on any links: If you’ve received a suspicious message, don’t click on any links. Get in touch with the company it’s supposed to be from first. They’ll let you know if it’s genuine or not. At Three, we only use the URL’s of ‘’ or ‘’ for anything financial or account related. Therefore, if you receive a message that doesn’t contain these URL’s, it is most likely fraudulent.
  • Don’t respond: If you think you’ve been targeted by a fraudulent message, just ignore and delete. Responding to a smishing message can encourage future potential attacks.

Here at Three we have a suite of sophisticated systems that detect fraudulent attacks and usage. This system protects customers while also suspending fraudulent accounts. We will continue to do everything we can to ensure that our customers are protected against all fraudulent activity.

Download the assets


Get newsletter alerts

Add your email address to stay up to date with the Three Media Centre.