Email stealing identity of Santander Bank
The UNAM-CERT received a notification which reported on a possible identity theft campaign. The threat arrives by email as a warning of possible fraud in telcel payment.
As you can see the fraudulent site is similar to legitimate bank site, however include in the address bar is not for the original site.
Within the registration form, we can see how it is processed by another file, PHP page (PHP pages are only interpreted by the server and not from client) so we can not see the management of those processing variables.
It is recommended not to access banking sites through links that arrive by email.