Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.mobile.android > #154221

Re: SMS spoofing

From VanguardLH <V@nguard.LH>
Newsgroups comp.mobile.android
Subject Re: SMS spoofing
Date 2026-06-18 08:57 -0500
Organization Usenet Elder
Message-ID <7b1hdr2kzzi0.dlg@v.nguard.lh> (permalink)
References <n9hmvmF3t7sU3@mid.individual.net> <97F*NkpJA@news.chiark.greenend.org.uk> <n9i5hnF6v2gU4@mid.individual.net>

Show all headers | View raw

"Carlos E. R." <robin_listas@es.invalid> wrote:

> On 2026-06-18 12:38, Theo wrote:
>> Carlos E. R. <robin_listas@es.invalid> wrote:
>>> «Se ha dado de alta su siniestro 01202600362123, si lo desea realice su
>>> seguimiento en https://oau.ocaso.es/qmVki-fOZ»
>>>
>>> www.ocaso.es is the real, actual URL.
>> 
>> The shortcode is interesting - I wonder if it's a redirector that's been
>> hacked in some way.  ie in a similar way that https://bit.ly/abc123 could be a
>> redirect to https://evil.site/, anyone who controls the redirector can
>> forward links to their chosen site.  That part of their website
>> may be less well defended than the part that deals with money.  Maybe it has
>> since been fixed to redirect back to the right place?
>> 
>> Although for me it redirects to:
>> https://clientes.ocaso.es/#/login?utm_source=giso&utm_medium=sms&utm_campaign=alta-siniestro
>> 
>> The utm_ parts are typically a referrer codes used in tracking, for
>> example commissions for advertising.  'alta-siniestro' is 'claim
>> registration' and utm_medium=sms, so it sounds like a genuine link.
>> 
>> Or perhaps somebody in operations had fat fingers and sent SMSes to the
>> wrong people?
> 
> There is an extra data point. I logged to www.ocaso.es from my boomarked 
> link, logged in normally, and then opened the suspect site on another 
> tab. In this situation, the second tab, if genuine, should recognize 
> that I'm already logged in, and proceed. But instead it asked for my 
> login credentials.

Another tab seeing you have the same session ID should not request
another login if the webdev did the proper coding.

As I recall for Firefox to see the session ID, hit F12 -> Storage ->
Cookies.  You could check if the session ID is the same for both tabs.
Session cookies are reusable at the same domain.  I don't know if that
is true for subdomains (www versus oau).  Firefox can purge cookies on
its exit, but you aren't exiting.  An add-on that putzes with cookies,
like expire them instead of the web browser doing that, could interfere
with using session cookies.

If you use Private Browsing, a new session ID gets generated.  That's
how you can use Private  Browsing to log in multiple times to a website.

Did you open 1 tab only in Firefox, navigate to the website, login, open
a 2nd tab in Firefox, and check if you are prompted to login again?

Did you disable all add-ons in Firefox?  If you still get a login prompt
in every tab you open to a website where you already logged in, and
disabling add-ons did not help, use a fresh Firefox profile to eliminate
all add-ons, all about:config tweaks, userchrome.css, or anything else
you've done under your normal profile to modify Firefox.  With a fresh
Firefox profile, test if a 2nd tab still asks for a login when you have
already logged in using the 1st tab.

Back to comp.mobile.android | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-18 10:01 +0200
  Re: SMS spoofing VanguardLH <V@nguard.LH> - 2026-06-18 03:36 -0500
    Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-18 14:04 +0200
      Re: SMS spoofing Andy Burns <usenet@andyburns.uk> - 2026-06-18 13:07 +0100
        Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-18 14:18 +0200
      Re: SMS spoofing VanguardLH <V@nguard.LH> - 2026-06-18 08:40 -0500
        Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-18 19:00 +0200
          Re: SMS spoofing AJL <noemail@none.com> - 2026-06-18 18:08 +0000
            Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-18 20:49 +0200
          Re: SMS spoofing VanguardLH <V@nguard.LH> - 2026-06-19 01:05 -0500
            Re: SMS spoofing Andy Burns <usenet@andyburns.uk> - 2026-06-19 07:46 +0100
              Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-19 12:12 +0200
              Re: SMS spoofing VanguardLH <V@nguard.LH> - 2026-06-20 03:14 -0500
                Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-20 10:25 +0200
            Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-19 12:11 +0200
  Re: SMS spoofing Andy Burns <usenet@andyburns.uk> - 2026-06-18 10:13 +0100
    Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-18 14:05 +0200
  Re: SMS spoofing Theo <theom+news@chiark.greenend.org.uk> - 2026-06-18 11:38 +0100
    Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-18 14:10 +0200
      Re: SMS spoofing Philippe <p.naudin+nntp@free.fr> - 2026-06-18 14:48 +0200
      Re: SMS spoofing VanguardLH <V@nguard.LH> - 2026-06-18 08:57 -0500
        Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-18 19:14 +0200
  Re: SMS spoofing AJL <noemail@none.com> - 2026-06-18 15:56 +0000
  Re: SMS spoofing Jörg Lorenz <hugybear@gmx.net> - 2026-06-19 09:13 +0200
    Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-19 12:13 +0200
      Re: SMS spoofing Jörg Lorenz <hugybear@gmx.net> - 2026-06-19 14:16 +0200
        Re: SMS spoofing Theo <theom+news@chiark.greenend.org.uk> - 2026-06-19 17:22 +0100
          Re: SMS spoofing Jörg Lorenz <hugybear@gmx.net> - 2026-06-19 21:23 +0200
          Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-20 01:17 +0200
        Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-20 01:14 +0200

csiph-web