This scam is somewhat different to most of the other scams featured here, in that instead of a weekly subscription of £4.50 or less, it immediately takes £40 from your phone account- yes, that’s right £40. The charge is made via 4 premium rate texts from shortcode 65019 charged at £10 each.
Please, if you’ve been scammed by ModoMobi, leave them a review on their Trustpilot page.
Also, make sure you report them to the regulator.
Details for ModoMobi are;
Customer Service Phone: 0330 058 6508
Email: help@modomobi.com
Address:
Modo Mobi Ltd
Philbessant Ltd
72 Caerau Road
Newport
NP20 4HJ
United Kingdom
ModoMobi has one director: Darren Randall.
Darren Randall is also Compliance and Operations Manager at SB7 Mobile Ltd. SB7 have operated a large number of these scams in recent years.
The scam seems to be confined to the Three network where it has generated a large number complaints in the last couple of months. It seems to be exploiting the last remaining loophole in the system, which allows a single payment to up to £40 to be taken without any two factor authorisation.
Most complainants have no idea of how they became “subscribed” to this “service”. Some complainants have identified a YouTube advertisement for the service as a probable entry point. Interestingly, these advertisements only seem to be displayed when using mobile data on the Three network. The same phone connected over wifi won’t display the advertisement. Also phones connected via the O2 network won’t display the advert.
It therefore seems that this particular scam is only active for Three customers and is not allowed to operate by other networks. This is an increasingly common occurrence and seems to reflect Three’s total disregard for online security of their customers.
Three ought to be taking more responsibility for these fraudulent charges, as they seem to have made a conscious decision to allow this company to operate on their network.
In theory, in order to subscribe you will need to do two mouse clicks. The video below shows what SHOULD happen
Link in this tweet goes to page where you can sign up for a single payment of £40. Able to go through the signup process on a WiFi connection and it appears to be a two step as opposed to two factor authorisation (easily spoofed).
Sign up process looks like this. No username/password. No PIN. Just two clicks. None of the safeguards in @ThreeUK statement to @BBCWatchdog . Wouldn’t stand up in court as evidence of consent to charge as plenty of evidence of “auto-subscription” scams using this method.
It is, frankly, ridiculous that Three are allowing such an insecure signup mechanism. It conflicts with assurances given to BBC Watchdog:
There is no sign of any username/password dialogue, nor any PIN procedure. Just two clicks of the mouse and you’re down £40. The real problem though, is that these two mouse clicks can be easily “spoofed” by using iFraming and clickjacking exploits. These are described in this research report produced by an internet security company for BBC Watchdog.
https://www.surecloud.com/services/blog/bbc-watchdog-research-paper-payforit
What to do if you’ve been scammed by ModoMobi
As this is a one-off payment, there should be no risk of any more money being taken (other than the fact that Three is so insecure!). Ignore any advice to send a STOP message – you don’t need to as the £40 that was taken is supposedly a one off payment for a subscription for 6 months.
You now need to contact ModoMobi to insist on a FULL refund.
If you claim your refund within their advertised two week “free trial” period, you should get a full refund without too much difficulty. Let us know if that is not the case.
If you are outside the 14 day “free trial” period, then things become more difficult. This company will often offer only a partial refund initially, and may need to be pressured to refund in full. As far as we know has always refunded in full when pressed. If you have difficulty obtaining a refund, please let us know and we’ll try to help.
Update: February 2020.
It has become apparent that Modomobi will often only offer a full refund when threatened with court action. Don’t waste time trying to negotiate with them. If your initial request for a full refund is refused, make your next email to them a “letter before action” (LBA). This will make it clear to them that you will use the Small Claims court if they refuse to refund in full.
It is important that you send your LBA to Modomobi. If you have dealt with Telcosupport previously, by all means copy them in. The correct email address is help@modomobi.com’.
You should allow at least two weeks from the date ModoMobi receive your LBA for them to respond. If you start a Small Claim without giving them enough time to consider their response it will damage your case in court.
You can also serve a copy of the LBA by post, although this is only necessary if you have been unable to get clear acknowledgement or receipt from ModoMobi. You don’t need to use a signed for service. Just send the letter by first class post to the company’s registered address and get a certificate of posting. This is sufficient to prove legal service.
The correct mailing address for service is
Modo Mobi Ltd
Philbessant Ltd
72 Caerau Road
Newport
NP20 4HJ
United Kingdom
Here is a template Letter before Action:
Dear Sir or Madam
Letter Before Action
You took £40 from my phone account 07nnn nnnnnn on [date]without my permission. I enclose evidence of this deduction.
I repudiate any suggestion that I ever entered into a lawful contract with you. I insist on the return of the £40 taken from my account and that you explain how you came to have my phone number in order to claim such a payment.
There are numerous reports of consumers becoming subscribed to this “service” probably as a result of clickjacking and iFraming exploits. BBC Watchdog recently demonstrated how this can happen. As I never intentionally “interacted” with your “service”, I maintain that this is probably what has happened. Any interaction cannot therefore be taken to represent legal consent to charge.
Should the matter go to court, I will introduce evidence to refute any suggestion that I consented to these charges, regardless of any ‘evidence’ you may have.
Para 6.78 of the Ofcom 2012 review of PRS services states:
6.78 This scam demonstrates how a fragmented supply chain, with separation between the service provider and the billing party, can be exploited in an (unlawfully) opportunistic way. The greater transparency of PFI services would not prevent this harm. Rogue software can be embedded in such a way as to circumvent any verifiable method of consumer consent to charges (like a PFI checkout).
Furthermore, I will introduce as evidence reports from reputable antivirus companies, highlighting the fact that these subscriptions can be started by Android malware without any awareness of the user.
Your service fails to use the two step authorisation process now required for all subscriptions services. As it is not a recurring payment, it seems to be an attempt to circumvent those rules. However, your service fails to comply with the current PSA guidance on Consent to Charge . It appears to be a deliberate attempt to circumvent the rules in order to make unlawful charges using a method which has been shown to be vulnerable to abuse.
I would like to see the following:
- Screenshots of the subscription workflow where you allege I have signed up for this service.
- A description of what the service I am supposed to have subscribed to provides? Is this a newsletter, access to a web portal?
- Any evidence that after allegedly signing up for your service I subsequently used it
- The complete web server log of the subscription, including the User Agent strings containing all device details (browser, device type, device IP address) together with dates and times.
- Full company details of the company operating the service, country of registration, full name of company, company number and registered company address.
- Details of any ADR scheme I can refer the matter to in the event that you refuse a FULL refund.
I maintain that I never used the service you have charged me for and would like to see any evidence you can provide that I did.
I would like a reply as soon as possible so that I know you have received this letter. A simple acknowledgement will suffice, if you wish to take few days to consider your position. If you don’t agree to the refund, could you please then send me a detailed response, saying why you don’t agree, and provide evidence of the contract which you claim existed between us and evidence of my usage of your service. Failure to provide this evidence at this stage will be brought to the attention of the court should I decide to proceed with this action.
To avoid taking court action, I am willing to consider the use Alternative Dispute Resolution to resolve this matter.
If I do not receive a satisfactory response from you by [date, allowing at least 2 weeks for a response], I intend to issue proceedings against you in the county court without further notice. This may increase your liability for costs.
I refer you to the Practice Direction on pre-action conduct under the Civil Procedure Rules, and in particular to paragraph 4 which sets out the sanctions the court may impose if you fail to comply with the Practice Direction.
I look forward to your acknowledgement.
Yours faithfully
In the unlikely event that a refund is refused, there are various routes open to you.
- ADR. ModoMobi are members of CommsADR. However, consumers’ experiences with CommsADR have not been good, with lengthy delays and boiler-plate responses siding with the scam company, without any consideration of the legal issues around consent to charge. The ADR process is supposed to be a mediation process, but appears to be deciding cases without any attempt at mediation. We advise you not to use CommsADR, but if you do, you can still go to the Small Claims court, if you are unhappy with the resolution they propose. If you go to the Small Claims court, there is usually a further opportunity for mediation, this time using a properly independent, court appointed mediator.
- The Small Claims procedure is probably the fastest and most appropriate method of getting your money back. In most cases this will obtain a refund within a couple of weeks. More details of this are here: I’ve been refused a full refund.
Please contact us for advice BEFORE starting a claim through Moneyclaim Online, so that we can properly explain the process and potential costs and risks. ModoMobi have not yet defended a case, but there could always be a first time.
Don’t forget three other things:
- Report ModoMobi to the regulator here: https://psauthority.org.uk/for-consumers/report-an-issue
- Leave a review of ModoMobi on Trustpilot: https://uk.trustpilot.com/review/modomobi.com
- Leave a Google review of Modomobi:
https://www.google.com/search?q=modomobi+ltd
ModoMobi have begun reporting the comments on the Trustpilot website. I have archived the reported comments here:
If your review has been removed, please amend it to conform to Trustpilot guidelines and resubmit it. Even if you just say “Trustpilot won’t let me say how unethical this company is”. The one-star review will then continue to count.
It is, frankly, ridiculous that Three are allowing such an insecure signup mechanism. It conflicts with assurances given to BBC Watchdog:
There is no sign of any username/password dialogue, nor any PIN procedure. Just two clicks of the mouse and you’re down £40. The real problem though, is that these two mouse clicks can be easily “spoofed” by using iFraming and clickjacking exploits. These are described in this research report produced by an internet security company for BBC Watchdog.
https://www.surecloud.com/services/blog/bbc-watchdog-research-paper-payforit
What to do if you’ve been scammed by ModoMobi
As this is a one-off payment, there should be no risk of any more money being taken (other than the fact that Three is so insecure!). Ignore any advice to send a STOP message – you don’t need to as the £40 that was taken is supposedly a one off payment for a subscription for 6 months.
You now need to contact ModoMobi to insist on a FULL refund.
If you claim your refund within their advertised two week “free trial” period, you should get a full refund without too much difficulty. Let us know if that is not the case.
If you are outside the 14 day “free trial” period, then things become more difficult. This company will often offer only a partial refund initially, and may need to be pressured to refund in full. As far as we know has always refunded in full when pressed. If you have difficulty obtaining a refund, please let us know and we’ll try to help.
Update: February 2020.
It has become apparent that Modomobi will often only offer a full refund when threatened with court action. Don’t waste time trying to negotiate with them. If your initial request for a full refund is refused, make your next email to them a “letter before action” (LBA). This will make it clear to them that you will use the Small Claims court if they refuse to refund in full.
It is important that you send your LBA to Modomobi. If you have dealt with Telcosupport previously, by all means copy them in. The correct email address is help@modomobi.com’.
You should allow at least two weeks from the date ModoMobi receive your LBA for them to respond. If you start a Small Claim without giving them enough time to consider their response it will damage your case in court.
You can also serve a copy of the LBA by post, although this is only necessary if you have been unable to get clear acknowledgement or receipt from ModoMobi. You don’t need to use a signed for service. Just send the letter by first class post to the company’s registered address and get a certificate of posting. This is sufficient to prove legal service.
The correct mailing address for service is
Modo Mobi Ltd
Philbessant Ltd
72 Caerau Road
Newport
NP20 4HJ
United Kingdom
Here is a template Letter before Action:
Dear Sir or Madam
Letter Before Action
You took £40 from my phone account 07nnn nnnnnn on [date]without my permission. I enclose evidence of this deduction.
I repudiate any suggestion that I ever entered into a lawful contract with you. I insist on the return of the £40 taken from my account and that you explain how you came to have my phone number in order to claim such a payment.
There are numerous reports of consumers becoming subscribed to this “service” probably as a result of clickjacking and iFraming exploits. BBC Watchdog recently demonstrated how this can happen. As I never intentionally “interacted” with your “service”, I maintain that this is probably what has happened. Any interaction cannot therefore be taken to represent legal consent to charge.
Should the matter go to court, I will introduce evidence to refute any suggestion that I consented to these charges, regardless of any ‘evidence’ you may have.
Para 6.78 of the Ofcom 2012 review of PRS services states:
6.78 This scam demonstrates how a fragmented supply chain, with separation between the service provider and the billing party, can be exploited in an (unlawfully) opportunistic way. The greater transparency of PFI services would not prevent this harm. Rogue software can be embedded in such a way as to circumvent any verifiable method of consumer consent to charges (like a PFI checkout).
Furthermore, I will introduce as evidence reports from reputable antivirus companies, highlighting the fact that these subscriptions can be started by Android malware without any awareness of the user.
Your service fails to use the two step authorisation process now required for all subscriptions services. As it is not a recurring payment, it seems to be an attempt to circumvent those rules. However, your service fails to comply with the current PSA guidance on Consent to Charge . It appears to be a deliberate attempt to circumvent the rules in order to make unlawful charges using a method which has been shown to be vulnerable to abuse.
I would like to see the following:
- Screenshots of the subscription workflow where you allege I have signed up for this service.
- A description of what the service I am supposed to have subscribed to provides? Is this a newsletter, access to a web portal?
- Any evidence that after allegedly signing up for your service I subsequently used it
- The complete web server log of the subscription, including the User Agent strings containing all device details (browser, device type, device IP address) together with dates and times.
- Full company details of the company operating the service, country of registration, full name of company, company number and registered company address.
- Details of any ADR scheme I can refer the matter to in the event that you refuse a FULL refund.
I maintain that I never used the service you have charged me for and would like to see any evidence you can provide that I did.
I would like a reply as soon as possible so that I know you have received this letter. A simple acknowledgement will suffice, if you wish to take few days to consider your position. If you don’t agree to the refund, could you please then send me a detailed response, saying why you don’t agree, and provide evidence of the contract which you claim existed between us and evidence of my usage of your service. Failure to provide this evidence at this stage will be brought to the attention of the court should I decide to proceed with this action.
To avoid taking court action, I am willing to consider the use Alternative Dispute Resolution to resolve this matter.
If I do not receive a satisfactory response from you by [date, allowing at least 2 weeks for a response], I intend to issue proceedings against you in the county court without further notice. This may increase your liability for costs.
I refer you to the Practice Direction on pre-action conduct under the Civil Procedure Rules, and in particular to paragraph 4 which sets out the sanctions the court may impose if you fail to comply with the Practice Direction.
I look forward to your acknowledgement.
Yours faithfully
In the unlikely event that a refund is refused, there are various routes open to you.
- ADR. ModoMobi are members of CommsADR. However, consumers’ experiences with CommsADR have not been good, with lengthy delays and boiler-plate responses siding with the scam company, without any consideration of the legal issues around consent to charge. The ADR process is supposed to be a mediation process, but appears to be deciding cases without any attempt at mediation. We advise you not to use CommsADR, but if you do, you can still go to the Small Claims court, if you are unhappy with the resolution they propose. If you go to the Small Claims court, there is usually a further opportunity for mediation, this time using a properly independent, court appointed mediator.
- The Small Claims procedure is probably the fastest and most appropriate method of getting your money back. In most cases this will obtain a refund within a couple of weeks. More details of this are here: I’ve been refused a full refund.
Please contact us for advice BEFORE starting a claim through Moneyclaim Online, so that we can properly explain the process and potential costs and risks. ModoMobi have not yet defended a case, but there could always be a first time.
Don’t forget three other things:
- Report ModoMobi to the regulator here: https://psauthority.org.uk/for-consumers/report-an-issue
- Leave a review of ModoMobi on Trustpilot: https://uk.trustpilot.com/review/modomobi.com
- Leave a Google review of Modomobi:
https://www.google.com/search?q=modomobi+ltd
ModoMobi have begun reporting the comments on the Trustpilot website. I have archived the reported comments here:
If your review has been removed, please amend it to conform to Trustpilot guidelines and resubmit it. Even if you just say “Trustpilot won’t let me say how unethical this company is”. The one-star review will then continue to count.
Update 1st October 2020
This service appears to have been discontinued in July 2020 and we have stopped receiving complaints about it. It is unclear whether it was Three or Tap2Bill who pulled the plug. In any event, yhis scam was allowed to continue for far too long.
As far as we are aware, everyone who has raised a complaint and followed out guidance has received a FULL refund. We’d like to be made aware if anyone has not been refunded in full.