EE Points Scam: How It Works, Warning Signs, and How to Protect Yourself

Introduction

The EE Points scam is one of the most widely reported phishing and smishing frauds currently targeting mobile phone customers in the United Kingdom. Thousands of EE customers have received convincing fake text messages, emails, and WhatsApp notifications claiming they have unclaimed reward points, a loyalty bonus, or a special prize that is about to expire — and thousands have lost money or had their personal data stolen as a result. If you have been searching for information about the EE Points scam, this comprehensive guide will give you everything you need to know.

EE is the UK’s largest mobile network operator, serving tens of millions of customers across the country. Its size and brand recognition make it an exceptionally attractive target for fraudsters who know that impersonating a household name dramatically increases the credibility of their fake communications. The EE Points scam exploits the trust that EE’s customers have built up over years of genuine interactions with the company — trust built through real texts about bills, real emails about account updates, and real notifications about plan changes.

What makes the EE Points scam particularly dangerous is how technically sophisticated it has become. Fraudsters use sender ID spoofing to make their fake texts appear in the same message thread as genuine EE communications on the victim’s phone. The fake websites they create are near-perfect replicas of EE’s official portal, complete with the correct logo, colour scheme, and navigation structure. At first glance — and even on careful inspection — the EE Points scam is extremely difficult to distinguish from a genuine EE communication.

This guide from Scammers Expose provides a thorough breakdown of the EE Points scam: the exact mechanics of how the fraud operates, the specific tactics used to deceive customers, how the scam has evolved to become increasingly convincing, real accounts from affected customers, what EE and UK authorities say about this type of fraud, and the concrete steps you should take to protect yourself and recover if you have already been targeted. Understanding the EE Points scam in full is your most powerful defence against it.

What Is the EE Points Scam?

The EE Points scam is a smishing (SMS phishing) and phishing campaign that impersonates EE — the UK’s largest mobile network — to steal customers’ personal information, account credentials, and payment card details. The scam operates by sending unsolicited messages that appear to come from EE, claiming the recipient has accumulated reward points, earned a loyalty bonus, or won a prize that will expire unless they take immediate action.

The EE Points scam is part of a broader category of telecommunications impersonation fraud that has grown significantly in recent years. According to data published by UK Finance, impersonation fraud — in which criminals pretend to be from trusted organisations including banks, utilities, and telecommunications providers — accounted for hundreds of millions of pounds in losses to UK consumers in recent years. The EE Points scam represents one of the most active and widespread variants within this category.

The EE Points scam typically seeks to obtain one or more of the following from its victims:

• EE account login credentials — username and password
• Personal details — full name, date of birth, home address
• Payment card information — card number, expiry date, CVV
• Bank account details for a supposed prize payment
• One-time passwords or verification codes

Once this information is obtained through the EE Points scam, it is used to commit identity fraud, make unauthorised card purchases, access the victim’s EE account to run up charges or steal device upgrade credits, or sold to other criminal networks for ongoing exploitation.

How the EE Points Scam Works Step by Step

The EE Points scam follows a carefully designed sequence that exploits the trust EE’s customers have in their network provider at every stage. Understanding this sequence makes the fraud significantly easier to recognise and resist.

Step 1: The Fake Message Arrives

The EE Points scam begins when the victim receives an unsolicited text message, email, or WhatsApp notification. The message is carefully written to mimic the tone, language, and formatting of genuine EE communications. A typical EE Points scam message reads something like: “EE: You have 500 reward points expiring today. Claim your free gift before midnight: [link]” or “Your EE loyalty bonus of £35 is ready to claim. Don’t miss out — offer expires in 24 hours: [link].”

The message creates immediate urgency through expiry deadlines and time pressure — classic social engineering tactics that discourage the recipient from pausing to verify the communication before clicking. The EE Points scam operators know that urgency is one of the most effective ways to bypass critical thinking.

Step 2: Sender ID Spoofing Makes It Look Genuine

One of the most technically sophisticated aspects of the EE Points scam is the use of sender ID spoofing. In the UK, SMS sender IDs — the name or number that appears at the top of a text message thread — can be spoofed relatively easily using commercially available messaging services. The EE Points scam operators set the sender ID to “EE” or “EE Network”, which means the fake message appears in exactly the same text thread on the victim’s phone as genuine EE messages about bills, service updates, and plan changes.

This is what makes the EE Points scam so particularly deceptive. A victim who looks at their message thread and sees a history of genuine EE texts followed by the fraudulent message has every reason to believe the new message is also genuine. The spoofed sender ID is not a flaw in the victim’s judgement — it is a deliberate technical deception.

Step 3: The Convincing Fake Website

Clicking the link in the EE Points scam message takes the victim to a website that closely replicates EE’s official online portal. The fake site uses EE’s logo, brand colours, and page layout. The URL is designed to look plausible — it might be something like “ee-rewards.co.uk”, “claim-ee-points.com”, or “ee-loyalty-bonus.net” — close enough to the official “ee.co.uk” domain to seem credible at a casual glance, particularly on a small mobile screen where the full URL may not be visible.

The fake site presents the visitor with a reward claim form. Depending on the variant of the EE Points scam, this form may ask the visitor to log in with their EE username and password, enter personal details to verify their identity, provide a delivery address for a physical prize, or enter payment card details to cover a small delivery or administration fee.

Step 4: Credentials and Card Details Are Harvested

Every piece of information entered on the fake website is captured by the EE Points scam operators in real time. Login credentials are used immediately to access the victim’s genuine EE account — where the scammer can view personal information, upgrade devices to be sent to a different address, take out new contracts, or accumulate charges. Card details are used to make fraudulent purchases, often at online retailers where card-not-present fraud is easier to commit.

In more sophisticated variants of the EE Points scam, the fake website operates a real-time man-in-the-middle attack: it passes the credentials the victim enters directly to the genuine EE login portal, captures the OTP that EE sends to the victim’s phone, asks the victim to enter that OTP on the fake site under the pretext of verification, and then uses it immediately to authorise account changes or transactions on the real EE account.

Step 5: The Victim Receives a Thank You Page

After submitting their details, the victim of the EE Points scam typically receives a thank you page confirming their reward claim has been submitted. They may be told to expect their gift within 5 to 7 working days. This delay gives the scammer time to exploit the stolen information before the victim becomes suspicious. When no reward arrives, many victims assume there was an administrative delay rather than immediately recognising they have been defrauded.

Step 6: The Damage Emerges

The full impact of the EE Points scam typically becomes apparent when the victim notices unauthorised charges on their bank statement, receives an EE bill for services they did not authorise, is told by EE that their account password has been changed, or discovers that a new device has been ordered on their account at a different delivery address. By this point, significant damage has already been done — and reversing it requires urgent action across multiple fronts.

EE Points Scam Warning Signs Every Customer Should Know

Recognising the EE Points scam before clicking any link is far better than attempting to recover from the consequences. These are the specific warning signs that every EE customer should know:

• Unsolicited messages about reward points you did not expect: EE does operate a loyalty programme, but genuine communications about it do not arrive unexpectedly with expiry deadlines. Any unsolicited message about expiring EE Points is a major EE Points scam warning sign
• Extreme urgency — “expires today” or “claim within 24 hours”: Genuine EE communications about loyalty rewards give customers reasonable time to respond. Extreme urgency is a hallmark of the EE Points scam designed to prevent careful verification
• A link that does not go to ee.co.uk: EE’s official website is ee.co.uk. Any link in a message claiming to be from EE that leads to any other domain — however similar it looks — is a EE Points scam phishing site. Always check the full URL before entering any information
• Requests for payment card details to claim a free reward: EE will never ask for your payment card number, CVV, or expiry date to release loyalty points or a free gift. Any such request is a definitive sign of the EE Points scam
• Requests for your EE account password: EE will never ask for your account password through a text message or email link. Entering your password on any site other than ee.co.uk accessed directly through your browser exposes you to the EE Points scam
• Grammar errors or awkward phrasing: While many EE Points scam messages are now well-written, some still contain subtle grammatical errors, unusual phrasing, or formatting inconsistencies that differ from genuine EE communications
• The message appears in your genuine EE thread: The presence of the message in the same thread as genuine EE messages is not proof of authenticity — it is the result of sender ID spoofing, which is a core technical component of the EE Points scam
• Requests to enter an OTP to claim a reward: No legitimate reward claiming process requires you to enter a one-time password sent to your phone. Any such request in the context of a reward claim is a man-in-the-middle attack — a sophisticated variant of the EE Points scam

Real Stories: How the EE Points Scam Affects Real People

The human cost of the EE Points scam is most clearly visible in the experiences of the customers it targets. The following anonymised accounts are representative of the types of complaints reported by genuine victims of this fraud to Action Fraud, EE’s customer service, and consumer forums.

Story 1: The Spoofed Thread Victim

A woman in her forties received what appeared to be an EE text in her existing EE message thread — the same thread where she received her monthly bill reminders and service notifications. The message told her she had 750 reward points expiring at midnight and directed her to click a link to claim a free smartwatch.

Because the message appeared alongside genuine EE texts she had received over two years, she had no reason to doubt its authenticity. She clicked the link, was taken to a page that looked exactly like EE’s website, and entered her EE login details and the delivery address for her prize. Within two hours, her EE account had been accessed and a new iPhone had been ordered under a device upgrade, set for delivery to an address she did not recognise. The EE Points scam had cost her months of dispute with EE and significant personal stress before the fraudulent contract was reversed.

Story 2: The Card Details Theft

A young professional received an email claiming to be from EE telling him his loyalty bonus of £40 was ready to redeem. The email looked genuine — it used EE’s logo, the correct font, and familiar email layout. It asked him to click a link and enter his card details to cover a £1.99 delivery fee for his gift.

He entered his card details, received a confirmation page, and thought nothing more of it. That evening he received bank alerts for three unauthorised transactions totalling £847 from online retailers he had never used. He reported the fraud to his bank and had the transactions disputed, but the process took over three weeks during which his card was frozen. He described the EE Points scam as “the most convincing fake email I have ever seen — I had no idea it wasn’t real.”

Story 3: The Elderly Grandfather

A grandfather in his mid-seventies received a text message about expiring EE Points. His grandson — who helped him with technology — was not available, so he followed the instructions in the message independently, entering his EE login details and personal information on the fake website. He also entered his bank card details when the site asked for them to verify his identity for the prize delivery.

Over the following week, his bank card was used for a series of online purchases and his EE account was used to take out a tablet contract at a different address. The total financial damage exceeded £1,400 before his family discovered what had happened and reported the EE Points scam to both EE and his bank. His bank recovered some of the funds under the Contingent Reimbursement Model code, but not all. The experience left him deeply shaken and reluctant to use his phone for online activity.

What EE and UK Authorities Say About the EE Points Scam

The EE Points scam has been the subject of repeated warnings from EE itself, from Action Fraud, from the National Cyber Security Centre, and from Ofcom — all of whom have published guidance specifically aimed at helping consumers recognise and avoid this type of telecommunications impersonation fraud.

EE has published official fraud awareness guidance on its website, explicitly stating that it will never ask customers to click a link in a text message to claim reward points, and that it will never request payment card details or passwords through unsolicited messages. EE encourages customers who receive suspicious messages to forward them to 7726 — the UK’s free SMS spam reporting service — and to contact EE directly on 150 to verify any communication they are unsure about. EE’s official fraud guidance is available at ee.co.uk/help/security.

Action Fraud — the UK’s national reporting centre for fraud and cybercrime — has documented the EE Points scam and similar telecommunications impersonation frauds extensively, noting that smishing (SMS phishing) attacks of this type are among the fastest-growing categories of consumer fraud in the UK. Action Fraud advises customers to report suspected fraud by calling 0300 123 2040 or online at actionfraud.police.uk.

The National Cyber Security Centre operates a free suspicious email reporting service and has published detailed guidance on recognising SMS phishing attacks. The NCSC specifically warns about sender ID spoofing — the technique that makes EE Points scam messages appear in genuine EE message threads — and advises consumers never to trust the apparent identity of a message sender when it arrives with a link and a request for personal information. Suspicious emails can be reported to the NCSC at report@phishing.gov.uk and suspicious websites at ncsc.gov.uk.

Ofcom — the UK’s communications regulator — has been working with mobile networks including EE to implement technical measures to reduce SMS sender ID spoofing, which is the core technical mechanism behind the EE Points scam. While progress is being made, the regulatory and technical solutions are not yet complete, meaning consumers must remain vigilant in the interim. Ofcom’s consumer guidance on scam calls and texts is available at ofcom.org.uk.

How to Protect Yourself from the EE Points Scam

Protecting yourself from the EE Points scam requires internalising a small number of firm rules that eliminate the possibility of the scam succeeding against you, regardless of how convincing the message or website appears.

Never Click Links in Unsolicited EE Messages

This is the single most effective rule for defeating the EE Points scam. If you receive any text message or email claiming to be from EE about reward points, a loyalty bonus, or a prize — regardless of how genuine it looks and regardless of whether it appears in your existing EE message thread — do not click the link. Go directly to the EE app or type ee.co.uk into your browser manually. If there is a genuine reward waiting for you, it will be visible in your account. If it is not visible in your account, the message was fraudulent.

Check the URL Before Entering Any Information

If you have already clicked a link before reading this guide, check the URL in your browser’s address bar before entering any information. The only legitimate EE web address is ee.co.uk. Any other domain — regardless of how similar it looks — is a EE Points scam phishing site. If the URL is not exactly ee.co.uk, close the browser immediately without entering anything.

Forward Suspicious Texts to 7726

The UK’s free SMS spam reporting service — accessed by forwarding suspicious texts to 7726 — is run by Ofcom and the mobile networks. Forwarding EE Points scam texts to 7726 costs nothing and helps the networks identify and block the fraudulent sender IDs and numbers being used. This takes less than ten seconds and contributes directly to reducing the volume of EE Points scam messages being sent to other customers.

Contact EE Directly to Verify

If you receive a message about EE Points or a loyalty reward and you want to verify whether it is genuine, call EE directly on 150 from your EE device. Do not use any number provided in the suspicious message — it may be a fake customer service line staffed by EE Points scam operators. EE’s genuine customer service team will be able to confirm immediately whether any reward is associated with your account.

Never Share OTPs to Claim a Reward

A one-time password sent to your phone is a security measure to protect your account. No legitimate reward claiming process will ever ask you to enter an OTP sent by EE. If a website asks for an OTP that you just received from EE, you are being subjected to a man-in-the-middle EE Points scam attack. Do not enter the OTP. Close the browser and call EE on 150 immediately.

Set Up a Strong, Unique Password for Your EE Account

Use a password for your EE account that you do not use for any other service. Enable two-step verification on your EE account if available. A unique password means that even if you accidentally enter your email address on a EE Points scam phishing site, the attacker cannot access your account without also knowing a password that is not reused elsewhere.

Educate Elderly and Vulnerable Family Members

Older adults are disproportionately affected by the EE Points scam because they may be less familiar with the technical deception involved — particularly sender ID spoofing — and more inclined to trust official-looking communications. Take time to explain to elderly parents, grandparents, and less digitally experienced family members that messages appearing in a genuine EE thread are not necessarily genuine, and that EE will never ask them to enter card details or passwords through a text message link.

What to Do If the EE Points Scam Has Already Affected You

If you have already clicked a link, entered information on a fake website, or discovered evidence that your account or card has been compromised through the EE Points scam, act immediately. Speed is critical in minimising the damage.

Change Your EE Account Password Immediately

Go directly to ee.co.uk — not through any link in the fraudulent message — and change your account password immediately. If you cannot access your account because the EE Points scam operator has already changed your password, call EE on 150 immediately and report the account compromise. Ask EE to freeze your account and investigate any recent changes or orders placed on your account.

Contact Your Bank or Card Provider Immediately

If you entered card details on the EE Points scam phishing site, call your bank or card provider immediately and report that your card details have been compromised. Request a card cancellation and replacement, and ask your bank to review recent transactions for any unauthorised activity. If unauthorised charges have already occurred, initiate a dispute immediately. Under the UK’s Contingent Reimbursement Model, banks are expected to reimburse victims of authorised push payment fraud in many circumstances — discuss your eligibility with your bank.

Report to Action Fraud

Report the EE Points scam to Action Fraud at actionfraud.police.uk or by calling 0300 123 2040. Provide as much detail as possible — the content of the message you received, the URL of the fake website, the time and date, and what information you entered. Action Fraud uses these reports to build cases against EE Points scam operators and to issue public warnings.

Report the Phishing Site to the NCSC

Report the fake website URL to the National Cyber Security Centre at ncsc.gov.uk. The NCSC works to have fraudulent websites taken down quickly. Reporting the site helps protect other EE customers who may receive the same EE Points scam message and click the link before it is taken down.

Forward the Scam Text to 7726

Forward the EE Points scam text to 7726 to report it to Ofcom and EE’s spam filtering systems. This is one of the simplest and most effective ways to help prevent other customers from receiving the same fraudulent message.

Monitor Your Credit Report

If you shared personal identity information including your full name, date of birth, and address through the EE Points scam phishing site, monitor your credit report for signs of identity fraud. Services like Experian, Equifax, and TransUnion offer credit monitoring that will alert you if a new credit application is made in your name. You can also place a Notice of Correction on your credit file to flag that you may have been a victim of identity fraud.

Share the Warning With Your Contacts

If you received the EE Points scam message, others in your contact network may have received the same or similar messages — particularly if the fraudsters obtained your number from a data breach that also captured other people in your network. Warn your family, friends, and colleagues about the scam. Your warning could prevent someone else from falling victim.

Conclusion

The EE Points scam is a sophisticated, well-funded fraud operation that exploits the trust EE customers have built through years of genuine interactions with their network provider. The combination of sender ID spoofing, professional phishing websites, and psychologically compelling urgency messaging makes the EE Points scam one of the most convincing and dangerous forms of consumer fraud currently operating in the UK.

But the EE Points scam can be defeated by one simple habit: never clicking links in unsolicited messages about reward points or bonuses, and always going directly to ee.co.uk or calling 150 to verify any reward claim. If you apply this one rule consistently, the EE Points scam cannot succeed against you regardless of how convincing the message looks.

If this article helped you understand the EE Points scam, please share it with family, friends, and other EE customers — particularly those who might be less familiar with the technical deceptions involved. Awareness is the most powerful protection we have against this type of fraud.

Visit our news section to stay updated with the latest scam alerts and consumer protection advice. For more insights into online fraud, visit Scammers Expose.

Related Articles

If you found this article helpful, you may also want to read these related scam awareness guides:

• BurnSlim Scam: How It Works, Warning Signs, and How to Protect Yourself
• Ajit Pawar Scam: How It Works, Warning Signs, and How to Protect Yourself
• IDFC Scam: How It Works, Warning Signs, and How to Protect Yourself
• Phishing Scam Warning: Signs, Examples, and How to Stay Safe
• DealDash Scam: How It Works, Warning Signs, and How to Protect Yourself