I’m not the sort of person to normally blog directly about a company, especially with something like this – but after repeaded efforts of trying to inform them, I have decided to vent my annoyance in this simple blog post,
The network provider known as Three has recently sent out a Marketing SMS message to I would assume the majority of it’s 8.5-10million~ subscribers, if we say that as a conservative number only 70% of them receive this text message, then it went to around 5-7 million individual people. The text message in question was fairly standard – it’s a message about getting some money off a popular flight company and provides a nice shortened URL link to the terms and conditions – now this is where it gets interesting,
On Jan the 10th 2019 they sent out the following text message –
As you can see, the short URL should link to ‘bit.ly/ej£150’ however, due to the handset (that Three sold it’s customer I may add) formatting the text message, it ends up breaking the link and showing it as ‘bit.ly/ej’ as the phone has turned the £150 directly into a currency/number, breaking the link.
The correct link (that cant be clicked, or copy/pasted easily) would be ‘bit.ly/ej£150’ which correctly redirects to,
However, The link ‘bit.ly/ej’ forwards to the following website, which is certainly not appropriate, and rated 18+
So essentially, any customer whom received this text message and attempted to click the link, would have been redirected to the following website. I did attempt to raise this issue with Three, 3 times (ironically) and the first 2 attempts I was unable to raise any complaint as I was not a customer and had no authorisation on another account, I did finally talk to another customer service representative whom assured me he would raise my complaint and I’d hear back within 48 hours – I didn’t.
My friend who did receive the text did also complain to three who accused him of visiting adult sites himself and clicking on popups, having malware and assuring him that Three did not send the text (it must have been a fake text) – I can assure you, it’s not – I have confirmed several other people on Three also received the same message and had broken formatting. I only became aware of it after being shown the text due to the fact a friends daughter whom was playing with his phone had clicked the T&C’s link and loaded the adult website up! – oops.
They also couldn’t grasp the concept that the phone displaying the message breaks the link and thus allows this unauthorised hijack and redirection to happen and was unwilling to help or push this issue further, I guess this could become another supply chain attack against big marketing companies, fooling them into sending out marketing short-links that will intentionally break against handsets.
It’s a shame Three have terrible complaints handling procedures still, and I’m glad I didn’t purchase anything with that network even though at one point it seemed the only way to raise a complaint with them over the phone,
I’m sure we will see this pop up a little more, such as ‘bit.ly/free-mcdonalds-meal-£0/’ and ‘bit.ly/free-mcdonalds-meal/’ getting snapped up and sent via spoofed text to people, watch what links you click on!!
I’m still chasing this further with Three and hope to have an update one day, have you experienced this text and/or complained about it?
Update 2020: Nothing back from Three, no returned call or anything.