From reputable VPNs cahooting with shady companies to ad-blockers injecting ads, nothing on the internet seems legit anymore.
Online phishing is everywhere, and the latest attempt involves none other than Verizon – one of the largest U.S.-based telecommunication service providers.
Apparently, scammers have found new ways to avoid detection and lure customers to a fraudulent website. What’s going on and how are these scammers pulling it off? Find out below.
Phishing Scams On the Verizon
When it comes to scamming users, phishing actors always come up with new tricks to lure their victims and steal their private information.
In fact, back in 2020, 75% of organizations around the world fell victims to some kind of phishing attack.
This time around, the attackers went all “Squid Game” on Verizon. However, instead of using the “Triangle, Square, and Circle” combination, they resorted to other mathematical symbols that include a checkmark symbol, a logical NOR operator, or a square root symbol.
If we were to speak about creating this slight optical differentiation, the mechanism is equipped to trick even the toughest AI-based spam detectors.
If you look closely at where the arrow is pointing, you’ll notice that the Square Root symbol substituted the V in Verizon.
Most non-tech-savvy users don’t notice such alterations, which do result in drastic repercussions, mainly involving their sensitive information.
It Gets Worse!
Showing slight clues about what a phishing email may look like is not the main focus of this article.
In fact, what happens next is all that matters. You see, when you receive the email presented above, a voice message can be seen attached to it.
The email shows the duration of the voice message and an embedded ‘Play’ button, which gives the idea of some kind of legitimacy.
However, when clicked, the Play Button takes the user to a phishing portal crafted to resemble the Verizon website.
Despite getting the right logo, this is definitely not Verizon. Again, if you look closely, the URL is d9-08[.]click, which is not the provider’s website.
According to INKY, the Verizon phishing campaign relied on the recklessness of users who click any link they come across.
The Process
When they see a button such as the one in the image above, they’ll click it without thinking twice.
Once they do, and they will as the page informs them that they have to use their official Office365 credentials to access the Voice Message, a fake Microsoft login dialog box appears.
INKY’s analyst provided a fake account to assess the sight. This resulted in an error message stating that the password was incorrect.
Apparently, this error has a purpose, which is to force the users to enter their credentials again to ensure that the victim hasn’t mistyped their credentials the first time around.
In other words, it’s a “quality assurance” step. Once entered, another error appears, ending the login process.
Unfortunately, as the login process ends, the data harvesting begins on the backend – both times.
Now, asking twice for your credentials doesn’t necessarily focus on getting the right credentials. It might also be an attempt to obtain two sets of credentials instead of one, as you might be tempted to insert submit a different account.
Important Advice
As mentioned, phishing scams are pretty common. To protect your data and avoid submitting your sensitive information to such parties, crucial steps should be taken.
As a website with enough cybersecurity knowledge to guide you, we recommend you do the following:
- No matter what email you get from whatever company, always take on the suspicious role and double-check everything.
- Never click on links embedded in an email. Instead, visit the official website manually and check everything there.
- No legit company such as Verizon would send an email as a Gmail user. Have you ever seen the likes of Netflix using a Gmail account?
- Never give away any sensitive information, especially accounts that include personal data.
If you follow the steps above, you’ll definitely be able to avoid being a Phishing attack victim.
Phishing Using Math Symbols – Users Did Not Calculate this One Well
The reason why this scam still existed is that it included recently registered domains that were unreported. And now, it has been taken down.
In the future, if the content within an email you received does not make sense in any way, it’s usually phishing, and you should junk it immediately.
