If you are not a Movistar customer, then you should not worry. But if you use any of the operator’s services, be careful, because as the Movistar Movisfera Blog warns, since last August 11 it has been a new phishing campaign detected against Movistar clients.
Fake email from Movistar
In this case, cybercriminals They impersonate Telefónica Empresas in order to obtain the victims’ Mi Movistar credentials. According to the operator, “the body and subject of the message is usually the same, but the link included in the email may vary”. The sender email address is [email protected] and it’s spoofed, which makes it easier for you to be deceived.
Although the link is apparently movistar.es, this really “Redirects to other domains” What:
- hxxps://grapeviners.de/movi/star/messages
- hxxp://saw.j-burger.de/nemesys/”
These domains in turn redirect to another page that is “the one that supplants our web portal Mi Movistar login ”.
Delete the email
To find out if it redirects to a suspicious page, you can hover over the link, without clicking, and the url it points to will appear. There you will see that this address is not the same as the one you put in the mail, so you can start to be suspicious. The URL that should appear when hovering over is https://www.movistar.es/Privada/DesafioUnico.
Therefore, and to avoid greater evils, if you have received the email delete it as is without opening it even. These are some examples of links on the page that impersonates Mi Movistar:
- hxxps://movistarbusiness-acces.com/clients/qfO2bg.php?verification
- hxxps: //movistar-empresas.j-burger.de/clients/CCfI6U.php? verification # _ movistar-empresas.mobi
- movistar-acceso.com
- movistar-access.net
- movistar-empresas.j-burger.de
- movistarbusiness-acces.com
Security measures that Movistar advises to follow:
- Be wary of any email where various spelling or grammatical mistakes are made, whose sender is suspicious or does not have company logos if they are of a certain entity.
- Avoid clicking links in emails, even if they have been received from an address we trust. Before, verify with the sender that he was the one who sent it.
- Avoid, as far as possible, entering username and password on pages whose address has not been written by us in the address bar of the browser.
- If they ask us for a username and password on a page, check that the address that appears in the address bar is correct and well written.
- Check that the password submission is encrypted (padlock next to the address in the address bar, and https: // instead of http: //)
- Frequently change the passwords for accessing the services we use. Do not use the same password in several services.
- Use, if possible, the two-step validation offered by various services (Office3656, Google, Hotmail …).
- Use strong passwordsthat have the following characteristics:
- Be longer than 8 characters
- Consist of an interleaved combination of uppercase, lowercase, numbers, and special characters (such as ~! @ # $% ^ & * () _ + =?> <., /)
- Avoid words found in dictionaries, colloquial expressions and / or obvious strings (123456, qwerty …
- Do not use dates or words related to ourselves (such as a pet’s name, surname or dates of birth)
.
