Scammers are going all out to target Starlink subscribers with fake emails and login pages that try to trick people into providing their account passwords, credit card details and even Social Security numbers.
On Wednesday, a Reddit user alerted Starlink customers to the phishing scam, which arrives as an email from “Starlink Team 2024.” The fake email tells unsuspecting users that “their registered payment method has been deleted due to incorrect data we had on file” and asks them to re-enter their information “to avoid late payment fees “.
(Credit: Reddit user I_dont_know_you_pick)
The malicious email then directs users to click a link to access their Starlink accounts. But in reality, the link will send victims to a login portal, but with malicious intent, Starlink.
To trick users, the malicious Starlink login page contains links that will take you to the official Starlink pages from SpaceX. But the main component of the portal, the email login and password, will send you to another site controlled by hackers – this one designed to collect your most sensitive personal information under the guise of verifying your payment information.
(Credit: Starlink Malware Site)
The final stage of the attack requires the user to provide their payment card details, as well as their date of birth, social security number, mother’s maiden name and driver’s license number. “This is a mandatory security measure due to a change in our system,” the phishing attack claims.
(Credit: Starlink Malware Site)
If a victim falls for the scam, the malicious site will accept all the information and then display a new page saying “Your payment information is now VERIFIED. No payment until next date Thank you for the updated information. You will be redirected to starlink.com shortly.” Victims may therefore walk away thinking they went through a normal Starlink payment process without realizing they gave up their most sensitive personal information to an elaborate hacking scheme.In the wrong hands, the details could be used to make accusations to commit credit card fraud and other identity theft schemes against the victim.
The good news is that the scam can be easily detected if you look at the fake Starlink email sender and the malicious login page URL: None will be attached to an official Starlink domain. In fact, this particularly fake Starlink email came from “[email protected],” according to the Reddit user. Meanwhile, the phishing site itself was hosted on a .es domain from Spain.
Recommended by our Editors
Malicious Starlink sites will also accept any information you enter, including a made-up password – a telltale sign that the phishing attack is designed just to collect your information.
But an ongoing mystery is whether fraudsters have found a way to identify Starlink subscribers. The Reddit user who received the phishing attack told PCMag: “No idea how they would know I’m a Starlink customer, it could just be a mass email scam with the idea that a certain percentage of recipients are customers of Starlink. Email it. It was sent from an xplornet address I was a customer with before switching to Starlink.”
Like what you’re reading?
Register for Security Watch newsletter for our best privacy and security stories delivered straight to your inbox.
This newsletter may contain advertisements, deals or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You can unsubscribe from newsletters at any time.
About Michael Kahn
Senior reporter
