Possible scam? Aviva plus Vodafone

Banking and money
#1

Just got a link by SMS to this…

Screenshot_2021-02-08-19-39-23-455_com.android.chrome
Screenshot_2021-02-08-19-39-23-455_com.android.chrome720×1520 261 KB
Screenshot_2021-02-08-19-39-29-097_com.android.chrome
Screenshot_2021-02-08-19-39-29-097_com.android.chrome720×1520 224 KB

I can’t find anything about it, so it screams SCAM

So, warning, but also wondering if anyone else has had this.

I’m used to scam sites being a little less sophisticated, to say the least!

1 Like
#2

If you got sent it by SMS, I would go with scam. Are you an investor?

Quick google shows an URL of https://investors.vodafone.com/ rather than the one shown, so that would make me suspicious.

Would be interested to see what the SSL cert issued to that page is.

Hope you didn’t enter any details?

1 Like
#3

That cert was only issued a couple of days ago and didn’t undergo any company verification.

image

The one on their shareholder centre looks like:

image

1 Like
#4

No, 100% treated this as toxic. Was bringing it to attention really.

But I did change my Aviva marketing preferences recently, so was wondering.

Now, I know it’s very easy to mix up cause and effect - there could be a totally unrelated scam, but it did seem to come very close on the heels of changing my preferences…

#5

Oh, thanks! Yeah, confirms my suspicions.

Don’t worry. I wasn’t duped. Just surprised at the sophistication of this one

#6

Looks like they are also using that site template to scam SSE investors.

Was built with R_Gen, a ‘landing page builder’.

1 Like
#7

Ah, well I think that clinches it!!

For the sake of completeness, here’s the SMS

IMG_20210208_200036
IMG_20210208_200036701×1460 109 KB

If this is an Aviva hack though, I called it :joy:

#8

From what I can see, the form is supposed to be a ‘login’ form, which has been customised for this purpose.

It Posts it’s payload to https://vodafoneplcinvestors.com/page-thankyou.php , which you can view the ‘thanks’ screen for even if you don’t fill in the form.

Presumably that PHP sends your details somewhere by email or bangs them in the scammer’s database.

1 Like
#9

Yeah, pretty conclusive on this one!

It’s the presentation that surprised me - above average quality. I suppose it’s not that surprising that scammers are upping their game as desperation rises too

#10

I’ve reported the scam to their hosts, Namecheap.

They can be scarily good, some of them. Also some of the phishing attempts are scarily specific.

Currently getting a lot of the Amazon refund scam calls when I am at the office too. I like playing with those people.

1 Like
#11

Ha! Keep at it!!!

#13

Just checked, the site is gone now.

2 Likes