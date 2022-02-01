If yesterday we talked about all the phishing scams that we have been receiving for a long time by SMS, naming cases such as CaixaBank, BBVA, Santander or courier companies, today it is time to talk about a new variant of which we have received two practically consecutive SMS in yesterday, the Carrefour.

The attackers are now using the name of this well-known merchant to obtain our data, and as we saw with CaixaBank, they go all the way. In this case, we have been able to verify that it is even worse, because after entering our theoretical ID and Carrefour Pass password, the fraudulent website directly asks us for all the data of our bank card, unlike the last four figures that a priori requested in the case of CaixaBank.





THEFT OF DATA AND UNSOLICITED PACKAGES WHAT IS BRUSHING

A non-functional website with a very direct mission





In the case of Carrefour, we receive two SMS under the name (sender) of the ASM courier, no phone number. It is rare, but since multiple false senders have been used, it is even logical that they have made a mistake and used the name ASM instead of Carrefour. This, of course, should already make us very doubtful of the motivation behind the message. These are the texts:

Carrefour.es: Incorrect username or password, complete the required fields to avoid account blocking [URL] PassCarrefour: After the last purchase you will not be able to use your Pass card, activate the 2022 security system immediately [URL]

Unlike other more elaborate all wrong in terms of spelling and punctuation. And as always, it seems to matter and perhaps it is even intended. Those who are not alarmed by such linguistic bungling continue to give all their data without wondering if there is something strange about Carrefour asking you for a bank card and all their data to verify your password. This is what we find when entering our data in the first step.





As we can see, shamelessly, in this step we are no longer even reminded of the reason why the SMS has arrived. The web, directly, and in order for us to “take advantage of the offers” of Carrefour, urges us to write our card number. Because it is very normal to need a card number to subscribe to offers.

Once we enter false card data, which we can see in the screenshot, the website tells us that it has sent us an SMS with a code. And that’s where our adventure ends, because they haven’t asked us for a mobile phone nor have we received any code anywhere. But nevertheless, if our data were correct, the attackers would already have our ID, password, card, expiration date, CVV and date of birth. Data that is gold in the wrong hands.