Phishing campaign uses math symbol to imitate Verizon logo

Fake logo fools victims into thinking they are dealing with the real company

Verizon sign on the side of a building

Security researchers have discovered a new phishing campaign that uses a math symbol in the Verizon logo to fool victims.

Researchers found the campaign impersonating Verizon in dozens of fake emails sent from various Gmail addresses in the first half of September. Instead of using a V symbol at the end of the logo, phishers used either a square root symbol, a logical NOR operator, or the check mark symbol. 

All three types masqueraded as voicemail notifications. Verizon does provide voicemail services, including notifications, according to researchers at Inky.

Researchers said even though corporations have huge marketing budgets to spend on logo design, people are terrible at remembering them. This works for criminals who can deceive their victims with made-up logos that look about right. 

Researchers said that while the graphics were off, they did the job. Another thing that helped phishers was that Verizon had changed its logo a couple of times since Bell Atlantic Corporation was renamed Verizon in 2000.

Regardless of the symbol used, each email had a malicious link to a credential-harvesting site that targeted Microsoft Office 365 users. All three types masqueraded as voicemail notifications. Verizon does provide voicemail services, including notifications.

“Clicking on the button (black or red, depending on the version) prominently displaying the text “Play >” (made up of the word plus a close-angle-bracket character) led to a site that appeared to be Verizon's, but was in fact a malicious impersonation,” said researchers.

They added that phishers could easily steal separate HTML and CSS elements from Verizon’s real site to put together a custom job that included a correct version of the logo.

Researchers said the criminals had created and registered the fake site via Namecheap barely a month ago, according to a WHOIS lookup. Namecheap has since taken the site down, and it now has an “NXDOMAIN” status, meaning it no longer exists, they added.

At the bottom of the fake page it invited targets to “play, listen, or download” their voicemail with Office365 credentials. Using the red “Authenticate with Office365” button led to a fake Microsoft log in dialog box.

Related Resource

How to reduce the risk of phishing and ransomware

Top security concerns and tips for mitigation

Large letter 'O' against a background of a city - whitepaper from MimecastFree download

When researchers attempted to log in to the fake site, they received a response saying the password was incorrect. The second attempt elicited a bogus error message. However, the site harvested credentials on the back end both times.

“This pattern, the double ask, is fairly common. It’s not entirely clear what the phishers are up to, but it's possible that they want the victim to confirm the correctness of the data, or that they hope the victim will try a different account, yielding them two sets of credentials for the price of one,” researchers warned.

Researchers advised users to be suspicious of voicemail notifications coming from Gmail or other free email providers such as Yahoo, AOL, or Hotmail. “They should also distrust emails that claim to be from Verizon but come from a Gmail sender,” they added.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

A quarter of all malicious JavaScript is obfuscated
hacking

A quarter of all malicious JavaScript is obfuscated

20 Oct 2021
Almost 70% of CISOs expect a ransomware attack
ransomware

Almost 70% of CISOs expect a ransomware attack

19 Oct 2021
Acer Taiwan falls victim to cyber attack
hacking

Acer Taiwan falls victim to cyber attack

18 Oct 2021
Marsh McLennan reveals its cyber risk analytics center
risk management

Marsh McLennan reveals its cyber risk analytics center

15 Oct 2021

Most Popular

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021