Phishing emails typically masquerade as three types of companies: power companies, banks, and operators . Operators and electricity companies send invoices and communications to users by mail, while banks usually do so through their internal platform.
The alert was issued by Vodafone yesterday, but the email has been circulating on the Internet for days . As with all these fake emails, there are many details that make it obvious that it is a fake email, and that they are trying to impersonate the operator.
There are many indications that the email is fake
In the email, the user is alerted that they have an alleged debt with the operator pending. The “debt” corresponds to the billing period between July 30 and August 30, 2021 . Right from the start, this must seem suspicious to us, since Vodafone issues the invoices 4 or 5 days after the end of the billing cycle, and the charge in the bank is made between 10 and 12 subsequent business days.
Therefore, it is not possible that a debt has already been incurred when the collection process has not even started. In addition, each Vodafone invoice also shows the expiration date, which is the deadline we have to pay it. Finally, the billing cycles in Vodafone never start on the 30th of a month, since the operator starts the cycles on the 1st, 8th, 15th or 22nd of each month depending on the closest date on which the user has checked in. discharged.
No debt is incurred after 3 days of the period
This supposed debt also has a very high cost to scare the user, with a figure of 518.30 euros , and offering as a payment limit just 3 days, being fulfilled today in the case of this particular email, but that will surely go changing dates and figures to adjust to the shipping date.
The email clearly does not match the operator’s way of writing an email, nor does it match a real email or has the current logo , but uses an old one.
Vodafone does not detail exactly what the purpose of the email is, but it is likely that they are looking for the user to download malware onto their computer , or instead take the user to a fake website where they can enter their credentials. These credentials can give the attacker all of our personal information to impersonate our identity and subscribe to payment services.
