Phishing campaign uses math symbol to imitate Verizon logo
Fake logo fools victims into thinking they are dealing with the real company
Researchers found the campaign impersonating Verizon in dozens of fake emails sent from various Gmail addresses in the first half of September. Instead of using a V symbol at the end of the logo, phishers used either a square root symbol, a logical NOR operator, or the check mark symbol.
All three types masqueraded as voicemail notifications. Verizon does provide voicemail services, including notifications, according to researchers at Inky.
Researchers said even though corporations have huge marketing budgets to spend on logo design, people are terrible at remembering them. This works for criminals who can deceive their victims with made-up logos that look about right.
Researchers said that while the graphics were off, they did the job. Another thing that helped phishers was that Verizon had changed its logo a couple of times since Bell Atlantic Corporation was renamed Verizon in 2000.
Regardless of the symbol used, each email had a malicious link to a credential-harvesting site that targeted Microsoft Office 365 users. All three types masqueraded as voicemail notifications. Verizon does provide voicemail services, including notifications.
“Clicking on the button (black or red, depending on the version) prominently displaying the text “Play >” (made up of the word plus a close-angle-bracket character) led to a site that appeared to be Verizon's, but was in fact a malicious impersonation,” said researchers.
They added that phishers could easily steal separate HTML and CSS elements from Verizon’s real site to put together a custom job that included a correct version of the logo.
Researchers said the criminals had created and registered the fake site via Namecheap barely a month ago, according to a WHOIS lookup. Namecheap has since taken the site down, and it now has an “NXDOMAIN” status, meaning it no longer exists, they added.
At the bottom of the fake page it invited targets to “play, listen, or download” their voicemail with Office365 credentials. Using the red “Authenticate with Office365” button led to a fake Microsoft log in dialog box.
How to reduce the risk of phishing and ransomware
Top security concerns and tips for mitigationFree download
When researchers attempted to log in to the fake site, they received a response saying the password was incorrect. The second attempt elicited a bogus error message. However, the site harvested credentials on the back end both times.
“This pattern, the double ask, is fairly common. It’s not entirely clear what the phishers are up to, but it's possible that they want the victim to confirm the correctness of the data, or that they hope the victim will try a different account, yielding them two sets of credentials for the price of one,” researchers warned.
Researchers advised users to be suspicious of voicemail notifications coming from Gmail or other free email providers such as Yahoo, AOL, or Hotmail. “They should also distrust emails that claim to be from Verizon but come from a Gmail sender,” they added.
Modern governance: The how-to guide
Equipping organisations with the right tools for business resilienceFree Download
Cloud operational excellence
Everything you need to know about optimising your cloud operationsWatch now
A buyer’s guide to board management software
Improve your board’s performance
The real world business value of Oracle autonomous data warehouse
Lead with a 417% five-year ROIDownload now