Possible scam? Aviva plus Vodafone

Just got a link by SMS to this…

I can’t find anything about it, so it screams SCAM

So, warning, but also wondering if anyone else has had this.

I’m used to scam sites being a little less sophisticated, to say the least!

1 Like

If you got sent it by SMS, I would go with scam. Are you an investor?

Quick google shows an URL of https://investors.vodafone.com/ rather than the one shown, so that would make me suspicious.

Would be interested to see what the SSL cert issued to that page is.

Hope you didn’t enter any details?

1 Like

That cert was only issued a couple of days ago and didn’t undergo any company verification.

image

The one on their shareholder centre looks like:

image

1 Like

No, 100% treated this as toxic. Was bringing it to attention really.

But I did change my Aviva marketing preferences recently, so was wondering.

Now, I know it’s very easy to mix up cause and effect - there could be a totally unrelated scam, but it did seem to come very close on the heels of changing my preferences…

Oh, thanks! Yeah, confirms my suspicions.

Don’t worry. I wasn’t duped. Just surprised at the sophistication of this one

Looks like they are also using that site template to scam SSE investors.

Was built with R_Gen, a ‘landing page builder’.

1 Like

Ah, well I think that clinches it!!

For the sake of completeness, here’s the SMS

If this is an Aviva hack though, I called it :joy:

From what I can see, the form is supposed to be a ‘login’ form, which has been customised for this purpose.

It Posts it’s payload to https://vodafoneplcinvestors.com/page-thankyou.php , which you can view the ‘thanks’ screen for even if you don’t fill in the form.

Presumably that PHP sends your details somewhere by email or bangs them in the scammer’s database.

1 Like

Yeah, pretty conclusive on this one!

It’s the presentation that surprised me - above average quality. I suppose it’s not that surprising that scammers are upping their game as desperation rises too

I’ve reported the scam to their hosts, Namecheap.

They can be scarily good, some of them. Also some of the phishing attempts are scarily specific.

Currently getting a lot of the Amazon refund scam calls when I am at the office too. I like playing with those people.

1 Like

Ha! Keep at it!!!

Just checked, the site is gone now.

2 Likes