Skip to main content
We are continuing to get a large number of reports of emails imitating Manx Telecom being sent to @manx.net addresses and are aware of over 35 subsequent account compromises.
Read More

What's the Scam?

We're seeing scams involving the imitation of Manx Telecom or the Manx.net email services. 

Emails range in design and wording; however, the email primarily features a Manx Telecom or Manx.net logo and asks recipients to take urgent action, such as updating account details. These emails use the classic social-engineering tactics of

  • Impersonation
  • Urgency 
  • Imitation

These tactics encourage victims to take actions they would not normally do, and in the case of the Manx.net scams, hand over email addresses and passwords.

 

Two examples of the scam email received

What happens? 

The victim is encouraged to click a link, at which point they are presented with a phishing page. 

This page is designed to capture an email address and associated password that, when submitted, will grant access to the criminal as part of an account compromise.

Criminals will then change the password to lock a victim out of the account, or in some cases will remain in the account undetected, redirecting emails to gather intelligence and sending out emails, unbeknownst to the account holder. 

What happens with the compromised accounts?

Once accounts are lost or have been compromised, the scammer has free rein to do as they wish with the information available. 

This includes:

  • Sending emails posing as the victim
  • Gaining access to other accounts associated with email, e.g., Facebook
  • Reading previous emails and downloading personal information
  • Using the victim's account for other illegal activity 

What we have seen with most of the compromises is the use of compromised accounts to facilitate gift card scams. These scams are done through already compromised accounts and are sent to potential victims who have previously had email exchanges with the account. This gives the emails a sense of legitimacy, and we urge residents to treat all emails, regardless of the sender, with a lesser degree of trust. 

These scams typically follow the following routine: 

  • Initial Contact: The scammer emails the potential victim from a compromised account, using details from previous email exchanges.
  • Creating Urgency: The scammer often uses tactics to create a sense of urgency, using excuses such as illness and time sensitivity to rush a victim.

 

 

 

 

 

  • Directing to Gift Cards: The scammer instructs the victim to buy gift cards, often from popular retailers. They might specify a particular amount or type of card. Sometimes scammers might tell you to purchase gift cards from multiple stores, so the checkout staff don’t get suspicious.
  • Getting the Details: Once the victim has purchased the gift cards, the scammer asks for the card numbers and PINs over the phone. They might provide reasons like using the details to verify the purchase, make a payment, or reward employees.
  • Using or Selling the Details: After obtaining the gift card numbers and PINs, the scammer can either use them to make purchases or sell them on the black market for cash.

What can I do to avoid becoming a victim?

As with any scam, there are a number of steps to stop you from becoming a victim. 

  • Do not click links you're not 100% sure are genuine; specifically with Manx.net scams, you are able to contact Manx Telecom to verify an email's legitimacy.

  • Don't automatically assume that just because an email comes from a known account, it's actually that person behind the email. 

  • Do not be pressured by any time-sensitive requests.

  • Treat your personal information the same as your physical assets; don't give it away to people you cannot trust.

If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.

Topics

  • Scam Alert
  • Phishing