Great care! Movistar is not writing to tell you that you have points that you can exchange for a terminal. This is the return of smishing, a type of SMS attack to which users have become accustomed and which usually uses the names of different companies to impersonate them. This time it is Movistar and the problem is that the messages that are arriving may seem real, but they are not. We explain what you need to know to avoid becoming a victim of this scam.
Movistar publishes through his blog a security notice so that all your customers are aware that smishing operations have been reactivated. Scammers are up to their tricks again by sending an SMS message that is loaded with poison and you have to be very careful with. Everything they promise you will be a lie, so don’t trust what you receive.
The promise of redeeming points
Attackers know that a point exchange sounds like a really juicy idea that few people can resist. That is why they have opted for this method in which they try to make you think that you have the opportunity to get a free mobile in exchange for those supposed points that are available in your account.
This smishing action has been carried out massively, so it is very possible that you have received the SMS or that it will arrive soon. When you get the message, delete it as soon as possible and, above all, do not click on the link that appears. What the scammers want is for you to click on the link so they can scam you. The problem with this attack is that it has been improved compared to previous smishing initiatives, which is reflected in the fact that the message now looks more believable and carries a higher level of risk.
Now, for example, reference is made to a URL that uses the name of Movistar itself: http://movistar-vip.com. But remember that it is a fake domain that is not owned by the operator and with which they are simply trying to scam you. You have to think that registering a domain is very easy and that Movistar cannot have control over all those who register in the world. Using a VIP domain extension seems like an additional idea on the part of scammers to make you think that it is a real and safe website.
Be very careful with smishing
The attack includes the text that you can see in the previous image, which indicates that the points you have from Movistar are going to expire today. In addition, a large number of points are added so that you think that you can get a good mobile without paying anything. They also add more text with which they try to create a sense of urgency among recipients by telling them that they have to redeem the points as soon as possible because, if they expire, they will no longer be valid.
If you click on the link that includes the scam, you will arrive at a web page where you will end up asking for your credit card details. That is how the smishing attack will end, since once you enter this information you will have given the scammers access to it. That means that you could lose all the money you have in the account and that they very possibly use the credit card to make online purchases in different places. As you can imagine, it is an unpleasant and dangerous situation.
For this reason, it is important that you remain alert to scams such as this smishing attack which, unfortunately, is not the first to occur. Mobile operators are often targeted by scammers because they know that the open rates of their fake URLs are higher when they are sent under their names. In the case of this scam, yes, Movistar has discovered it in time, just as they do with the threats they face in the Movistar Conexión Segura service and it is fortunate that we have been able to report it quickly. Let no one fall into the trap!
