Fake Hot Mobile phishing Site

Fake Hot Mobile phishing Site

We see lots of phishing attempts for various credentials. This scam in Hebrew is a totally new one to me. As far as I can tell the Mobile phone company being spoofed Hot Mobile is an Israeli Mobile Phone company that has links to the Israeli defence Forces. All the info I am getting about this comes from Google translate or Wikipedia, so might not be 100% accurate. I don’t speak or read Hebrew at all, so am completely reliant on web translations.

Other countries also have regular phishing scams against their Mobile Phone or  other telecoms networks or companies. I have just never seen an Israeli / Hebrew one before.

You can now submit suspicious sites, emails and files via our Submissions system

Remember many email clients, especially on a mobile phone or tablet, only show the Name in the From: and not the bit in <domain.com >. That is why these scams and phishes work so well.

The email looks like:

From: Hot Mobile שירותי תמיכה <This email address is being protected from spambots. You need JavaScript enabled to view it.>(Translated) Support Services

Date: Sat 25/05/2019 04:55

Subject: אנו מבצעים סדרה של עדכונים לכל חשבונות המנויים, ואנו רוצים שמנויי HotMobile תעדכן את המידע האישי והפיננסי שלך, כך שהשירותים שלך לא ייסגרו או שחשבונך יוסר.( translated) We make a series of updates to all subscriber accounts, and we want HotMobile subscribers to update your personal and financial information so that your services are not closed or your account is removed

Body content:

שלום לקוחות יקרים,ברצוננו ליידע אותך שאנו עורכים סדרה של עדכונים לכל חשבונות המנויים שלנואנו רוצים שמנויי HotMobile תעדכן את המידע האישי והפיננסי שלך, כך שהשירותים שלך לא ייסגרו או שחשבונך יוסר.לחץ על הקישור “אנא עדכן את פרטי החשבון שלי” בהמשך

עשה זאת בהקדם האפשרי כדי שהחשבון שלך לא יוקפא

תודה על שיתוף הפעולהשירותים Hotmobile

עדכן את פרטי החשבון שלי

Translated:

Dear Customers,We’re writing to let you know that we’re making a series of updates to all of our subscriber accountsWe want HotMobile subscribers to update your personal and financial information so that your services are not closed or your account is removed.Click the “Please update my account information” link below

Please do so as soon as possible so that your account will not be frozen

Thank you for your cooperationServices Hotmobile

Please update my account information

Screenshot:

 

Hot Mobile Israeli Hebrew Phishing scam

Fake Hot Mobile “Update your Account ” email

 

screenshot of translation

screenshot of translation

If you follow the link in the email  you see a webpage looking like this: http://192.121.136.69/~digitalo/sabun/petek/paraben/in/freehot/in/alkhot/predo/pre/aree  that adds session IDs to the visit.

 

Fake Hot Mobile phishing Site

Fake Hot Mobile phishing Site

Hot Mobile Israeli Hebrew Phishing scam

Translated Fake Hot Mobile phishing Site

After you input a phone number and an ID number you get forwarded to a payment details page ( I think) But because I don’t read or understand Hebrew  I cannot fully fill in the details with acceptable information so pressing send after using fake details gives me an error page saying “Mailer Error: SMTP connect() failed. https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting”

Fake Hot Mobile phishing Site

Fake Hot Mobile phishing Site

Hot Mobile Israeli Hebrew Phishing scam

Translated Fake Hot Mobile phishing Site

 

phishing error page

phishing error page

We all get very blasé about phishing and think we know so much that we will never fall for a phishing attempt. Don’t assume that all attempts are obvious. Watch for any site that invites you to enter ANY personal or financial information. It might be an email that says “you have won a prize” or “sign up to this website for discounts, prizes and special offers”

Please read our How to protect yourselves page for simple, sensible advice on how to avoid being infected by this sort of socially engineered malware.

All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email. Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Or whether it is a straight forward attempt, like this one, to steal your personal, bank, credit card or email and social networking log in details. Be very careful when unzipping them and make sure you have “show known file extensions enabled“, And then look carefully at the unzipped file. If it says .EXE then it is a problem and should not be run or opened.

 

Read more https://myonlinesecurity.co.uk/hot-mobile-israeli-hebrew-phishing-scam/

Add comment

By entering a comment, if it is of a commercial nature, you will be auto enrolled in our customer care course as detailed in our rate card.
By entering a comment you legally agree to the course and to pay. Thanks


Security code
Refresh