Phishing actors now use mathematical symbols on spoofed company logos to evade detection by anti-phishing systems.
One notable case spotted by INKY analysts involves identity theft of Verizon, a major US-based telecommunications service provider.
In this case, the actors use a square root symbol, a logical NOR operator, or the check mark itself, all helping to create a slight optical differentiation that could fool AI-based spam detectors.
However, for many people who aren’t keeping up with the latest logo changes, these slightly edited logos look good enough, so delivery success and user engagement rates are more likely to stay high.
You have a fake voicemail
All three types of impersonation masquerade as voicemail notifications containing a built-in ‘play’ button that, when clicked, directs the user to a phishing portal designed to resemble a web site. Verizon.
The landing domain is clearly not part of Verizon’s official web space, with an example given in the report being sd9-08[.]Click on.
The actors are betting on neglect of the target, otherwise the spoofed site looks convincing enough. Additionally, Inky discovered that this phishing campaign relied on recently registered domains that had not been reported.
The logo on the cloned site is the real one, as the phishers stole most of the HTML and CSS from the real Verizon site.
By scrolling through the fake page, the visitor will find the alleged voicemail message, but they are only allowed to access it if they provide their Office365 account credentials on the login form.
The first attempt will result in an “incorrect password” message being obtained, while the second attempt will generate a false error that terminates the login procedure.
This is done for phishers to make sure the victim hasn’t typed their password wrong on the first attempt, so it’s basically a “quality assurance” step.
When you receive emails of this type, careful consideration is an important factor in order not to fall victim to these scams. Never click on the built-in buttons, always validate the URL of the site you are about to enter credentials on, and finally, consider the realism of the situation.
In this case, a message from Verizon urges the recipients to enter their Office365 credentials, which does not make sense in this situation. If the content of an email doesn’t make sense for some reason, it’s usually phishing and the email must be spam.