Virgin Media Phishing ?

I renewed my contract with Virgin Media last month and to my surprise I received an email titled: Disconnecting your Virgin Media services.
Virgin Media Disconnections <[email protected]>

The Email looks very genuine and all the links look genuine too so I called VM customer service for explanation and I was told by the lady that she suspects the Email is probably phishing? ....
To my knowledge if the domain name @virginmedia.co.uk is correct it cannot be phishing or am i wrong to assume that?
Now I don't know what to do ...should I ignore the Email as the India based customer service suggests?
I asked her to confirm what she said by email but she said they don't do that.

In reply to a post by karim31:

To my knowledge if the domain name @virginmedia.co.uk is correct it cannot be phishing or am i wrong to assume that?

It can be faked easily.

It is up to the receiving email system to attempt to validate incoming email, and there are a various optional and suggested technologies that email providers can use. None of which are standardised.

Delete it, or report as phishing in a web email client.

Thanks for the reply, ....Up to now I trusted all the Emails I receive with a reputable domain name but I think from now on I'll try to be more careful.
It's weird but everything looks genuine about the Email....Every single link points to virginmedia website ....I even tried to copy the addresses of the links and paste them in notepad and then copy them again and paste them in the URL box and all the links point to the genuine Virginmedia website and digitally signed.... how could that be spoofed?
If however as you pointed out the Email system interprets a fake sender as a genuine domain name then the criminals are definitely winning.
Just few years back one could easily spot a dodgy Email by following common advice but now it's becoming very confusing.

I often get random emails from VM, marketing and "surveys" even though I have all the marketing options off on my account.

Perhaps its a automatic email that was sent before you renewed, maybe the systems didn't update before it was sent? As you say all the links look genuine and point to the VM website, I would double check the spellings of any links though, scammers often register domains with similar names to try to catch you out.

Check you account on the VM website, and check your contract there, if it all looks OK according to your renewal then I wouldn't worry too much.

What was the email asking you to do?

In reply to a post by karim31:

Thanks for the reply, ....Up to now I trusted all the Emails I receive with a reputable domain name but I think from now on I'll try to be more careful.

It is insanely email to spoof an email, e.g. I could send you one that showed it was from [email protected] and it would be upto your receiving system to validate, and this is not an exact science.

The design of email goes back to when it was invented by universities. Links can be typed to go anywhere, and pictures can be taken from the web.

If all the links go to virginmedia.com then they are probably safe, as long as none of them redirect.

However if you're not expecting a mail then log into your account and check, or phone the call centre to ask if this is a valid email.

In reply to a post by jchamier:

In reply to a post by karim31:

Thanks for the reply, ....Up to now I trusted all the Emails I receive with a
However if you're not expecting a mail then log into your account and check, or phone the call centre to ask if this is a valid email.

Be aware that Virgin Media are not aware of what they do and don't send half the time, as this week they sent me a text going donwload your new E Sim profile from the email we sent you.
I look at the emails, none there so i ring, they go no such thing as E-Sim

I spend a good amount of time arguing, then they go, don't click on any links, I go, it's your site, it even has the same certifictificate and then the woman goes we don't do e sim we can't have emailed you about it.
I then go, how is it possible that i am calling you from a phone with no physical sim then, she then answers, you have an E Sim

You get the idea of this conversation and that they don't want to accept or decline it. The support doesn't understand anything clearly as how can you call them with an E Sim if apparently you don't have one but then 5 mins after you start this conversation you then do.

I did this a second time with another agent as well however they said its them but not valid.

Then last night at midnight I got emailed a new E Sim profile, and had been moved from Virgin Mobile EE to Virgin Mobile Vodafone with 5G

All i, saying is if they say your being canceled check it because they did something to my account which they told me twice would never happen and that I would never be on the vodafone network and now they say my sim doesn't exist. Virgin Media is all a little missmanged and simply put missmanged. But thats for you to decide, maybe try the Virgin Media Forum, the team on there seem to know what's going on the majority of the time.

I renewed almost 4 weeks ago and i received the Email yesterday...I actually received 2 identical emails 5 minutes apart.
If their systems don't update for almost 4 weeks then they must be in a big mess.
I did check the Email carefully and used Unicode character inspector to make sure there are no non-Latin characters (a trick often used by scammers)
I even checked the headers and they all pass.
As I said before the links look 100% genuine and digitally signed to virginmedia.com.
I also checked my account and the contract and all seem OK

The Email was just saying
"Hello,
We're sorry you're leaving - but we'll make sure your disconnection is as smooth and easy as possible. We just need to tie up a few loose ends, so please read on.
There are 3 steps in the disconnection process"
1 receiving your final bill ........
2 returning our kit ........
3 Disconnecting your services and other final actions ......

The account/contract checked fine and the first payment went through...nothing unusual.
I did call the customer service and I spoke to one of their outsourced staff from India.
She said the account looked fine and there is no order for disconnection then she put me on hold twice to check and then asked me who was the Email sender and I told her "[email protected]"
She then said that It is most likely a phishing Email

Another way you can check whether an email is genuine is by checking the DKIM, DMARC and SPF records. These are email security records and show PASS when it matches the domain (in this case VM's setup, which would match VM's domains).

You can do this by looking in the email properties/original email - but it depends on your email client.

On Gmail, you can go to the right hand side and click on the three dots on the email properties. See here..

Then, you can see whether SPF, DKIM and DMARC show as PASS. If they do - it should be OK. If not - then it's a no-go. This looks at matches with VM's servers themselves! See here.

If you're on another email client; try to find the 'original message' - and try to find the phrase 'spf=pass' and so on for DMARC and DKIM.

Hope this helps