Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.mobile.android > #154224

Re: SMS spoofing

From "Carlos E. R." <robin_listas@es.invalid>
Newsgroups comp.mobile.android
Subject Re: SMS spoofing
Date 2026-06-18 19:14 +0200
Message-ID <n9inbnF97blU3@mid.individual.net> (permalink)
References <n9hmvmF3t7sU3@mid.individual.net> <97F*NkpJA@news.chiark.greenend.org.uk> <n9i5hnF6v2gU4@mid.individual.net> <7b1hdr2kzzi0.dlg@v.nguard.lh>

Show all headers | View raw

On 2026-06-18 15:57, VanguardLH wrote:
> "Carlos E. R." <robin_listas@es.invalid> wrote:
> 
>> On 2026-06-18 12:38, Theo wrote:
>>> Carlos E. R. <robin_listas@es.invalid> wrote:
>>>> «Se ha dado de alta su siniestro 01202600362123, si lo desea realice su
>>>> seguimiento en https://oau.ocaso.es/qmVki-fOZ»
>>>>
>>>> www.ocaso.es is the real, actual URL.
>>>
>>> The shortcode is interesting - I wonder if it's a redirector that's been
>>> hacked in some way.  ie in a similar way that https://bit.ly/abc123 could be a
>>> redirect to https://evil.site/, anyone who controls the redirector can
>>> forward links to their chosen site.  That part of their website
>>> may be less well defended than the part that deals with money.  Maybe it has
>>> since been fixed to redirect back to the right place?
>>>
>>> Although for me it redirects to:
>>> https://clientes.ocaso.es/#/login?utm_source=giso&utm_medium=sms&utm_campaign=alta-siniestro
>>>
>>> The utm_ parts are typically a referrer codes used in tracking, for
>>> example commissions for advertising.  'alta-siniestro' is 'claim
>>> registration' and utm_medium=sms, so it sounds like a genuine link.
>>>
>>> Or perhaps somebody in operations had fat fingers and sent SMSes to the
>>> wrong people?
>>
>> There is an extra data point. I logged to www.ocaso.es from my boomarked
>> link, logged in normally, and then opened the suspect site on another
>> tab. In this situation, the second tab, if genuine, should recognize
>> that I'm already logged in, and proceed. But instead it asked for my
>> login credentials.
> 
> Another tab seeing you have the same session ID should not request
> another login if the webdev did the proper coding.

Exactly. That got me convinced it was not legit.

> 
> As I recall for Firefox to see the session ID, hit F12 -> Storage ->
> Cookies.  You could check if the session ID is the same for both tabs.
> Session cookies are reusable at the same domain.  I don't know if that
> is true for subdomains (www versus oau). 

Up to the site programming.

> Firefox can purge cookies on
> its exit, but you aren't exiting.  An add-on that putzes with cookies,
> like expire them instead of the web browser doing that, could interfere
> with using session cookies.
>

But I don't get that trouble with other sites.

> If you use Private Browsing, a new session ID gets generated.  That's
> how you can use Private  Browsing to log in multiple times to a website.
> 
> Did you open 1 tab only in Firefox, navigate to the website, login, open
> a 2nd tab in Firefox, and check if you are prompted to login again?

Ah. Wait.

If I login on https://www.ocaso.es/inicio, I get another tab that ends 
in https://clientes.ocaso.es/inicio. The first tab doesn't notice the 
login, and if I click on login it asks again for credentials.

So they have a programming issue. And... now I see that they show that I 
have a claim running! :-o

It is subtle to find in the web page.

> 
> Did you disable all add-ons in Firefox?  If you still get a login prompt
> in every tab you open to a website where you already logged in, and
> disabling add-ons did not help, use a fresh Firefox profile to eliminate
> all add-ons, all about:config tweaks, userchrome.css, or anything else
> you've done under your normal profile to modify Firefox.  With a fresh
> Firefox profile, test if a 2nd tab still asks for a login when you have
> already logged in using the 1st tab.


-- 
Cheers,
        Carlos E.R.
        ES🇪🇸, EU🇪🇺;

Back to comp.mobile.android | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-18 10:01 +0200
  Re: SMS spoofing VanguardLH <V@nguard.LH> - 2026-06-18 03:36 -0500
    Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-18 14:04 +0200
      Re: SMS spoofing Andy Burns <usenet@andyburns.uk> - 2026-06-18 13:07 +0100
        Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-18 14:18 +0200
      Re: SMS spoofing VanguardLH <V@nguard.LH> - 2026-06-18 08:40 -0500
        Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-18 19:00 +0200
          Re: SMS spoofing AJL <noemail@none.com> - 2026-06-18 18:08 +0000
            Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-18 20:49 +0200
          Re: SMS spoofing VanguardLH <V@nguard.LH> - 2026-06-19 01:05 -0500
            Re: SMS spoofing Andy Burns <usenet@andyburns.uk> - 2026-06-19 07:46 +0100
              Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-19 12:12 +0200
              Re: SMS spoofing VanguardLH <V@nguard.LH> - 2026-06-20 03:14 -0500
                Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-20 10:25 +0200
            Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-19 12:11 +0200
  Re: SMS spoofing Andy Burns <usenet@andyburns.uk> - 2026-06-18 10:13 +0100
    Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-18 14:05 +0200
  Re: SMS spoofing Theo <theom+news@chiark.greenend.org.uk> - 2026-06-18 11:38 +0100
    Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-18 14:10 +0200
      Re: SMS spoofing Philippe <p.naudin+nntp@free.fr> - 2026-06-18 14:48 +0200
      Re: SMS spoofing VanguardLH <V@nguard.LH> - 2026-06-18 08:57 -0500
        Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-18 19:14 +0200
  Re: SMS spoofing AJL <noemail@none.com> - 2026-06-18 15:56 +0000
  Re: SMS spoofing Jörg Lorenz <hugybear@gmx.net> - 2026-06-19 09:13 +0200
    Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-19 12:13 +0200
      Re: SMS spoofing Jörg Lorenz <hugybear@gmx.net> - 2026-06-19 14:16 +0200
        Re: SMS spoofing Theo <theom+news@chiark.greenend.org.uk> - 2026-06-19 17:22 +0100
          Re: SMS spoofing Jörg Lorenz <hugybear@gmx.net> - 2026-06-19 21:23 +0200
          Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-20 01:17 +0200
        Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-20 01:14 +0200

csiph-web