contadores de paginas web Saltar al contenido

Phishing of Movistar Uruguay with double recharge of balance

phishing movistar uruguay

Circulate fake emails that simulate being sent by Movistar and are aimed at users from Uruguay. Under the Subject Recharge Online from $ 100 and we give you Double! the appearance of the message is as follows:

To make it more credible, they supplant the company's email with a technique known as email spoofingIn this way, the mail appears to come from a trusted address, although it was not actually sent from it. To see its real origin, you will have to access the message header as discussed in this article.

On the other hand, in the body of the message they include an image with a design similar to those used in legitimate campaigns.

Up to here many would think that it is a real mail, in addition there is no type of warning of spam or suspicious mail, however there are some details that the careful eye and common sense can detect.

The first of them is the destination of the link that is included in the mail, you can see it clearly by hovering over the image which is a strange address that starts with ******. com / upload / although it includes the text movistar.com.uy in reality it is not the Movistar website that is being loaded in the browser.

If the victim clicks, they will end up on a page that has a design very similar to the original, where they will be asked for the mobile number and the amount they want to load. Then, regardless of the data entered, another page will be loaded (payment.htm) to request the bank information, among other personal data:

The good thing is that the page was quickly blocked by anti-phishing filters, but while this did not happen a good number of users were possibly deceived.

Here are some more weird details that should catch your attention, in addition to the suspicious URL, the padlock or HTTPS does not appear in the address bar. Whenever sensitive data such as a credit card is going to be entered, the padlock must be present … although this is not a synonym of absolute security (since HTTPS can also be configured on false pages), it is a detail that gives you some degree of reliability to the site.

On the other hand, the information required to make the payment is not normal … the attackers request too much personal data including the available balance in the bank and its limits, clearly something strange is happening.

Once all these fields are completed, the information is sent to a remote server and the fake web simulates processing the balance load:

The result is not a double charge on the phone, but a significant loss of money for transfers made by the scammers to their accounts or purchases made online in distant countries.

As we see, falling into these deceptions is a matter of minutes but detecting them is not complicated… just pay attention to certain details and not be so confident in believing everything we receive in the mail. In case of doubts, the ideal is always to contact the company in some way and consult.

Thanks @masternet for sending.

If you receive emails like that and want to report them, you can forward them to Alejandro + complaint (at) spamloco.net