CYBER SECURITY ENTHUSIAST

Phishing is a malicious technique used by cybercriminals to gather sensitive information from users.

Phishing attacks happen when the attackers pretend to be a trustworthy entity so they can bait the victims into trusting them and revealing their confidential data, later to be used for financial theft, identity theft, and to gain unauthorized access to the victim’s accounts.

What Happened?

It seems that the phishing actors are now making use of mathematical symbols on impersonated company logos in an attempt to evade detection from the anti-phishing systems.

The researchers at INKY analyzed a sample involved in the Verizon recent spoofing, a large U.S.-based telecommunication service provider.

As explained by BleepingComputer, in this specific scenario, the malicious actors seem to be using a square root symbol, a logical NOR operator, or the checkmark symbol itself.

Source

All these elements are helping to create a fine optical differentiation that unfortunately is able to trick the AI-based spam detectors.

The main concern is that if we consider the large number of people that don’t keep up with the latest logo changes though, we can assume the delivery success and user engagement rates will be quite high.

All three forms of spoofing are disguised as voicemail alerts with an integrated ‘Play’ button that, when activated, redirects the user to a phishing gateway that seems to be a Verizon website.

The landing domain is definitely not part of Verizon’s official webspace, with sd9-08[.]click being one example mentioned in the complaint.

The actors gamble on the target’s negligence, as the parody site appears to be rather genuine otherwise. Inky also discovered that this phishing effort depended on unreported newly-registered domains.

The phishing actors copied most of the HTML and CSS components from the original Verizon site, so the cloned site’s logo is authentic.

The alleged voicemail can be found by scrolling down on the fake page, but it can only be accessed if the visitor enters their Office365 account credentials in the sign-in form.

The first attempt will result in an “incorrect password” message, whereas the second attempt will result in a bogus error that will terminate the login process.

This step is essentially a “quality assurance” step for the phishing actors to ensure that the victim hasn’t mistyped their password on the first attempt.

Stay Safe from Phishing Attacks

You can read more about all the ways in which you can stay safe when it comes to phishing attacks in Alina’s article, but it’s important to know that proper scrutiny could be the key factor to not falling victims to these scams.

What is Spear Phishing? Definition, Examples, Prevention Strategies

What is Polymorphism? Documenting a Malware’s Middle-Life Crisis

These Counter Spoofing Measures Will Keep You Safe

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP