Mobile text messages that try to get the user to do something that ends up benefitting scammers are nothing new. But it’s worth reminding people every now and then that these messages come in many different varieties and use different more or less clever tactics to extract sensitive information from their victims.
Here is an example of such a phishing message, that ESET Ireland received and analysed today. One of our Vodafone mobiles received a text message that read:
Someone sent you special Flowers. Click on the link below or copy, paste on your browser and login Vodafone to see the Flowers & Sender. http://www.<hidden>/flowerz
If you click on the link, it takes you to a faked My Vodafone site which looks a lot like the real one (with various special offers on phones, etc.), but at a different web address and asks you to log in to your My Vodafone account with your phone number and password. If you enter them (or as we did, enter a rude message for the scammer), you’re re-directed to the actual vodafone.ie My Vodafone page, which again asks you to log in. So what just happened? Well, anyone who typed in their actual phone number and password for My Vodafone into the faked website, has just handed over their login info to a cybercriminal, who can then log into their My Vodafone account and use and abuse it at will.
A quick search reveals the domain owner of the faked website as Latorcorp Limited using an address from Fremont, California and it seems to also host a couple faked matchmaking websites. The name Latorcorp is otherwise connected to a web design company from Nigeria, but also comes up in connection to over 20 domain names and several other 419 scams, which in our opinion could merit a bit of a criminal investigation by law enforcement.
Unlike Irish banks that warn their customers of the many scams abusing their bank’s name, we could unfortunately find no easily visible warning on Vodafone.ie website and upon ringing their customer support about being concerned that customers are being targeted by scams and are not warned about it, were told, by a very polite representative, that if someone rings and asks about a dodgy text they’ve received they’d certainly advise against opening it and if a user had already handed their login credentials to cybercriminals they could change their password for them, but in our opinion that’s too little, too late, as by then the damage could already be done. The first step of fighting cybercrime is to be aware of it and a timely warning could go a long way here.
ESET Ireland therefore recommends computer and mobile device users to think before they click and if they’re unsure of any content, whether it relates to their online banking, mobile provider, etc., to contact their customer support and try to find out whether the message they received was legitimate or a scam.