Security researchers have uncovered a credential phishing campaign targeting customers of US cellular network Verizon.
According to Armorblox, a cloud security platform, the phishing email attempted to trick people by posing as an important message sent by Verizon's support team.
In a blog post, Armorblox claimed that the email asked the carrier's customers to log into their online accounts to read the urgent message.
The culprits attempted to further heighten the "sense of fear" and emphasize the "lack of time" by using "Your attention is urgently required" in the subject line of the email.
In the email, the cyber scammers instructed victims to click on a link that would take them to Verizon's website. However, using a "redirect" technique, the victim was sent to a spoofed Verizon website, where he had to provide his e-mail address, Verizon account password, e-mail account password, and phone number.
The researchers further explained that the phishing campaign was able to bypass email security mechanisms because it "did not follow more traditional phishing attack doctrine."
First, it used an "unrelated parent domain" as part of its phishing campaign.
Armorblox explains: "By hosting the phishing page on an unrelated parent domain after a redirect, the attacker can bypass security controls based on URL/link protection and get past filters that block known malicious domains.
What also helped fraudsters evade detection was the development of "look-alike websites with a complete phishing flow." According to the researchers, the attackers hoped that "people would fall prey to the phishing site's superficial similarity to the Verizon website."
They explained: "Once the target enters their login details (user ID and password), the phishing flow continues, with another screen prompting the target to enter their email address and email password.
"In this way, the attacker attempts to steal as much information as possible from the target once they have believed the false legitimacy.
Finally, hackers opt for socially manipulated phishing campaigns. Says the researcher: "Unlike the spray-and-spray email scam attempts, this email was explicitly created and sent to provoke the necessary response.
"The sender's name is "Verizon Support" and the title of the email is "Your attention is urgently required" to create a sense of fear and emphasize that the target has little time at their disposal. The wording and topic of the email was intended to induce urgency due to its confidential nature (secure message from Verizon); the "LOGIN HERE" call to action is simple and effective; and the "LOGIN HERE" call to action is a good example of a "LOGIN HERE" call to action.
Armorblox said it detected the attack because of the "language, intent, and tone of the emails," "low communication history," "low domain frequency," and "suspicious phishing emails."
The company added, "Based on the above insights, along with many other detection signals, Armorblox flagged the email as a credential phishing threat. The email was automatically quarantined based on preconfigured remediation actions for the credential phishing detection category.
ESET security specialist Jake Moore told Tom's Guide: "Phishing emails, whether they are traditional or bespoke, contain several telltale signs to watch for. The receiving address should always be examined, which can be tricked or compromised with sophisticated tools.
[32] "However, to mitigate compromise, it is important to check the links in the communication before clicking on them. It is easy to duplicate a website and make it look like what you expect it to look like, but difficult to make the URL look quick and legitimate.
Comments