Payforit is a mobile payment system which was originally set up by the four “big” UK mobile operators, EE, O2, Three and Vodafone. It would allow subscribers to purchase products and services directly through their mobile phone, and the charge would be added to the subscriber’s phone bill, or deducted from their mobile credit.
The problem with this system is the single-click purchase method. When this is invoked, it requires no authorization, which means simply clicking or tapping on a button will result in a charge being made to the subscriber’s phone bill, or deducted from their mobile credit, through the Payforit system.
This can be exploited easily in order to make easy money for scammers.
One example, scammers could disguise the Payforit single-click confirm button as a totally transparent button which covers the entire webpage. Clicking or tapping anywhere on this malicious webpage will result in a charge.
However, more concerningly, scammers have now turned to using malicious Javascript code, which will automatically click the Payforit single-click button without any user input whatsoever. That means you could be charged, simply for having the misfortune of landing on a malicious website! They use self-redirecting adverts to force unlucky users to these malicious websites.
The purpose of this website is to provide an insight into how this type of scam works, what the operators and reguators are doing to prevent this (nothing), and how you should go about claiming a refund if you have been scammed by this.
The Payforit SCAM 