Math Symbols Used for Spoofing Purposes in Phishing Campaigns
The Mathematical Symbols Were Used to Evade Detection.
Phishing is a malicious technique used by cybercriminals to gather sensitive information from users.
Phishing attacks happen when the attackers pretend to be a trustworthy entity so they can bait the victims into trusting them and revealing their confidential data, later to be used for financial theft, identity theft, and to gain unauthorized access to the victim’s accounts.
It seems that the phishing actors are now making use of mathematical symbols on impersonated company logos in an attempt to evade detection from the anti-phishing systems.
The researchers at INKY analyzed a sample involved in the Verizon recent spoofing, a large U.S.-based telecommunication service provider.
As explained by BleepingComputer, in this specific scenario, the malicious actors seem to be using a square root symbol, a logical NOR operator, or the checkmark symbol itself.
All these elements are helping to create a fine optical differentiation that unfortunately is able to trick the AI-based spam detectors.
The main concern is that if we consider the large number of people that don’t keep up with the latest logo changes though, we can assume the delivery success and user engagement rates will be quite high.
All three forms of spoofing are disguised as voicemail alerts with an integrated ‘Play’ button that, when activated, redirects the user to a phishing gateway that seems to be a Verizon website.
The landing domain is definitely not part of Verizon’s official webspace, with sd9-08[.]click being one example mentioned in the complaint.
The actors gamble on the target’s negligence, as the parody site appears to be rather genuine otherwise. Inky also discovered that this phishing effort depended on unreported newly-registered domains.
The phishing actors copied most of the HTML and CSS components from the original Verizon site, so the cloned site’s logo is authentic.
The alleged voicemail can be found by scrolling down on the fake page, but it can only be accessed if the visitor enters their Office365 account credentials in the sign-in form.
The first attempt will result in an “incorrect password” message, whereas the second attempt will result in a bogus error that will terminate the login process.
This step is essentially a “quality assurance” step for the phishing actors to ensure that the victim hasn’t mistyped their password on the first attempt.
Stay Safe from Phishing Attacks
You can read more about all the ways in which you can stay safe when it comes to phishing attacks in Alina’s article, but it’s important to know that proper scrutiny could be the key factor to not falling victims to these scams.