However, the bad actors took the trouble to obtain SSL certificates for the domain in order to legitimately display this HTTPS lock symbol simply to gain the trust of users. According to the researchers who investigated this scam, it became much easier for website owners, including fraudsters, to obtain these certificates.
In fact, it is this level of detail that makes this latest EE scam so worrying.
In the form where users are asked to enter credit card information, cybercriminals have posted a small message "You will not be charged" in the upper right corner to assure email recipients that it is a legitimate website.
After the details are placed on the form, users will be automatically redirected to the EE website. Therefore, users should not suspect, unless they are looking at the URL, that something has gone wrong.